Summary of Duties
Reports to Manager and is responsible, through management and supervision, to ensure adherence to the strategic and tactical direction for IT Security throughout the corporate network, including Boards, Commissions and Agencies supported on the corporate network. Supervisory duties to include ITS teams.
- Performs and recommends Risk Assessments for all major update/upgrade of systems and applications.
- Monitors processes for Identity and Access Management including the creation, modification, access privileges and deletion of user accounts. Conduct reviews to assess that the access privileges are on the basis of need to know or “Least Privilege Rights” standard.
- Directs and ensures the development and implementation of security controls and practices including Internet, Intranet, Extranet, network, application, remote access, and wireless technologies.
- Responsible for ensuring the use and application of End Point security tools, Internet filtering and Data Loss Prevention tools, Event and log management tools and Privileged Account Management tools.
- Involved in the management implementation, maintenance and support of Public Key Infrastructure (PKI) and Strong Authentication solutions and strategy.
- Maintains quality service by establishing and enforcing organization standards.
- Manages, reviews, assigns, delegates and directs the work functions of employees.
- Responsible for coordinating and enforcing systems, policies and procedures.
- Undertakes corrective action with respect to employees in conjunction with the Manager and Human Resources.
- Provides information, orientation, training, instruction and supervision as required to assist employees in performing their work functions.
- In conjunction with the Manager and Human Resources, maintains working relationship with the union by following the terms of the collective agreement.
- Monitors compliance of systems and networks with regulatory organizations such as the Payment Card Industry to ensure the Corporation is compliant.
- Audits permissions and access rights to ensure compliance with policy.
- Responsible for the development of all policies, strategies, procedures and standards related to Information Security to ensure compliance with industry standard practices and a Corporate wide approach to security.
- Responsible for Information Security standards being adhered to and recommends corrective actions as required.
- Manages and ensures vulnerability and risk assessments of corporate assets and analyze activity logs of the various systems as part of preventive measures.
- Conducts risk analysis and evaluation for the overall information security strategy.
- Participates in the review and adherence in the overall ITS governance.
- Manages and/or participates in projects in various roles and responsibilities.
- Conducts performance management reviews of project resources.
- Conducts and/or assists in the performance management and evaluation of employees.
- Conducts investigations (including MFIPPA, employment, corporate policies etc.) as well as documents findings and provides written/verbal reports as required.
- Performs penetration testing of hosted services and recommends the acquisition of such services based on security testing.
- Responsible for training and awareness programs and materials to educate staff on information security.
- Contributes to team effort by accomplishing related results as needed.
- Performs other duties as assigned.
University Degree in Computer Science or three year Post Secondary Business Information Systems Diploma, or equivalent.
Specialized Training & Licenses
- A minimum of 5 years’ experience in Information Security. Detailed knowledge of Information Security, including Intrusion Protection Systems, Anti-Virus, Anti-Spam, Identity Management, Threat Management, Public Key Infrastructure, Access Control and Authentication is required.
- CISA or CISSP is required.
- Supervision, Coaching.
- ITIL Foundation – an asset.
Compensation and Other Information
$76,888 to $104,260
As an inclusive employer, we are committed to providing a fully accessible recruitment process. Please contact us at any time during the recruitment process and let us know what accessible supports you may need.