JOB OVERVIEW

This senior-level role is critical to enhancing our enterprise security posture through leadership in risk management, compliance, and secure project delivery. This role will work cross-functionally to embed security into business processes and technology initiatives, ensuring alignment with regulatory and organizational standards.

REQUIRED SKILLS

• College diploma or university degree in the field of computer science
• 5-7 years of progressive experience in IT and Information Security roles
• Actively pursuing or currently possess one or more of the following certifications:
• GIAC Information Security Professional (GISP)
• Microsoft Certified: Security Operations Analyst Associate

Security Leadership

• Aid in the development and implementation of enterprise-wide information security strategies.
• Provide expert guidance on secure architecture, design, and principles during IT and business project lifecycles.
• Act as a security advisor for technology initiatives, ensuring alignment with best practices and compliance requirements.
• Participate in the execution of an enterprise Business Continuity Plan and Disaster Recovery Plan.

Risk ManagementCompliance

• Conduct information security risk assessments and threat modeling.
• Contribute and manage risk registers and mitigation plans.
• Ensure compliance with regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS, FSRA/OFSI, PIPEDIA/CPPA).
• Support internal and external audits and lead remediation efforts.

GovernancePolicy Development

• Contribute to information security policies, standards, procedures, and guidelines.
• Collaborate on IT Governance, Risk, and Compliance (GRC) initiatives.
• Monitor, respond, and report on security KPIs and KRIs.
• Monitor for security policy violation(s) and recommend corrective action(s).

Security OperationsIncident Response

• Oversee the configuration and monitoring of security technologies (SIEM, EDR, CASB, IDPS, firewalls).
• Lead investigations of complex security incidents and coordinate response and recovery.
• Conduct root cause analysis and develop post-incident improvement plans.
• Escalate and report on key incidents and progress of remedial efforts to their manager
• Provide on-call support for end users for all security solutions (ex. Blocked email).

VulnerabilityThreat Management

• Perform advanced vulnerability assessments and penetration testing.
• Collaborate with teams to prioritize and remediate findings.
• Stay current with emerging threats and security technologies and propose process or technology improvements for continuous improvement.
• Participate in the design and execution of penetration tests and security audits.

AwarenessTraining

• Design and deliver targeted security awareness programs.
• Lead quarterly audits including access reviews and privileged account management.

PhysicalData Security

• Oversee physical security systems (access control, surveillance).
• Support data classification, protection, and data governance initiatives.
• Perform other duties as assigned.