Manager, IT Security Architect
Finance & Technology – Information Technology & GIS
Competition: 21/020
Status: Exempt Management
Salary Range: $101,929 to $119,917 annually
Review of applications begins: 4:00pm on February 16, 2021, but the position will remain open until filled.
Position Purpose
The Manager, IT Security Architect leads the operation, support and maintenance of the CRD’s IT security management strategy. The position is responsible for analyzing and evaluating controls, leading and performing security assessments, and is responsible for risk and compliance management and reporting, including; risk assessments, System Security Plans, Security Assessment Reports and Vulnerability Assessments.
Key Accountabilities / Position Outcomes
- Provides specialized expertise, consulting and training to all areas relevant to corporate security both within the IT department and working with corporate stakeholders.
- Oversees, develops, and administers policies and procedures for effective vulnerability management which includes: Identifying, coordinating mitigation steps and the monitoring and reporting results of all known mitigation efforts.
- Leads, implements and administers the CRD’s electronic risk management profile, including developing standards, protocols and data loss prevention recommendations.
- Provides leadership, oversight and strategic direction to departmental and corporate initiatives and programs within area of security responsibility.
- Liaises with external organizations to coordinate and verify sound security measures.
- Conducts security risk assessments both at the enterprise and system level, producing and communicating a Security Scorecard on a regular basis.
- Assists in security incident response planning and practice. Cooperation with other Protective Services functions to create a common and documented security posture.
- Develops, leads and participates in security awareness and corporate training initiatives.
- Stays current on modern security strategy including all laws and regulations which have impacts on the corporation.
- Responsible for the leadership and management of employees and contractors within area of responsibility, including employment and labour relations matters involving: employee hiring, promotion, demotion and other personnel matters; discipline and discharge; representing management in the grievance procedure; input on behalf of management into labour relations matters, and representing management on committees; maintaining Employer confidentiality; and developing, supporting and implementing various corporate and legislated policies, procedures and practices.
Qualifications
- Degree in computer science, information systems or computer engineering plus a minimum of eight (8) years experience in Information Technology including a minimum of five (5) years’ of Information Security experience. Must be Certified Information Systems Security Professional (CISSP) certified.
Role-specific Knowledge, Skills & Abilities
- Expert knowledge of TCP/IP and associated protocols
- Experience working in a complex IT environment Including prior experience in at least one of the following:
- Application development
- Network engineering or operations
- System administration
- Expert skills in Active Directory architecture and administration
- Strong technical skills in policy management
- Advanced Microsoft Windows Networking operating and diagnostic skills with sound network management principles.
- Thorough knowledge of Canadian Provincial and Federal laws pertaining to information security
- Familiarity with common security frameworks and standards, including NIST Cybersecurity Framework, ISO/IEC 27001:27013, CIS CSC, PCI DSS
- Experience with Data-Loss Prevention and IPS/IDS systems
- Experience using security scanners and remediating vulnerabilities (e.g. Nessus, etc)
- Active Directory authentication methods, script writing and registry expertise
- Superior troubleshooting and analytical skills
- Excellent communication (verbal and written), interpersonal and customer service skills are required