Department: Global Network (950)
30 Adelaide Str, East
Toronto, Ontario, M5C 3G9
Number of Positions: 1
Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems meet IFDS cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
Scope and Responsibilities:
Ensure that acquired or developed system(s) and architecture(s) are consistent with IFDS cybersecurity architecture guidelines.
Identify and prioritize critical business functions in collaboration with organizational stakeholders.
Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.
Write detailed functional specifications that document the architecture development process.
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
Analyze candidate architectures, allocate security services, and select security mechanisms.
Maintain situational awareness to determine if changes to the operating environment require review of the plan.
Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives.
Assisting IFDS in maintaining compliance with ISO 27001
Respond to and investigate of any IT security breaches, virus or other attacks, working in liaison with other departments where appropriate.
Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Verify and update security documentation reflecting the application/system security design features.
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
Assess the effectiveness of security controls.
Assess all the configuration management (change configuration/release management) processes.
Minimum of 4 - 6 years dedicated IT Security related experience
In-depth experience of performing vulnerability scans and assessments
Extensive experience with WANs, LANs, VPN's, Wireless technologies, Operating systems, Intrusion Prevention Systems, SEIM solutions, etc
Solid understanding of system security risks and hardening techniques.
Knowledge of network protocols, data flows, and vulnerabilities within a TCP/IP environment
Ability to perform network protocol analysis and raw data capture
Knowledge and experience in security incident response and forensic.
Knowledge and experience in the field of information and network security best practices.
Post graduate degree combined with related work experience within Information Security.
Relevant security certification such as CISSP or CISM.
Very strong verbal and written skills, as well as high level of confidence interacting with senior business professionals
Strong interpersonal and organizational skills including presentation and public speaking abilities
Ability to engage internal stakeholders across a number of different functional departments
Customer service orientation, with a proven ability to collaborate and resolve challenging situations
Flexibility and prioritization skills (handle varied and ad hoc requests from multiple parties)
Strong quantitative, analytical and problem solving skills
Ability to develop innovative, new propositions
Logical, structured and thorough
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of cybersecurity and privacy principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of capabilities and requirements analysis.
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of industry-standard and organizationally accepted analysis principles and methods.
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Knowledge of information security systems engineering principles (NIST SP 800-160).
Industry leading security monitoring and threat detection tools.
Security Operations Centre tools and procedures.
Proven project management skills with strong attention to detail and flexibility to handle multiple projects and changing priorities
Enthusiastic and proactive approach with meticulous attention to detail
Ability to work both independently and to excel in a team environment
Team player with ability to evidence leadership, credibility, and build consensus
IFDS Canada encourages applications from all qualified individuals. Applicants with disabilities may notify us of any accommodations needed to support your participation in the recruitment process. We wish to thank all applicants for their interest and effort in applying. Please be aware that only candidates selected for interviews will be contacted for this position.