Information Security Lead

at  Douglas College

WORK ARRANGEMENTS

This regular full-time (35 hours per week) position is available starting September 9, 2024. Regular hours of work are Monday to Friday, 8:30 am – 4:30 pm. Rare evening and/or weekend work may be required.

Douglas College is committed to supporting a healthy work/life balance for employees. A modified/flexible schedule and/or hybrid work from home arrangement up to 3 days/week may be considered, subject to the terms of the College’s Work From Home Policy. On top of this, we offer:

• Competitive extended benefits
• Family-friendly benefits (including top-ups for maternity/parental leaves)
• Generous time-off benefits (vacation and sick leave days)
• Continuous professional development opportunities (e.g. PD funding, tuition waivers, free courses, free access to LinkedIn Learning courses, College-provided workshops, etc.)
• Free access to the campus fitness centres, along with free daily fitness classes
• Defined benefit pension plan with employer contribution
• Free access to Employee Assistance Program (EAP) and TelaDoc
• A variety of health and wellness benefits (to learn more, please visit: https://www.douglascollege.ca/about-douglas/campus-information/careers-douglas-college/total-compensation),
• Discounted rates on wireless phone plans, car rentals, and pet insurance.

WHAT DOUGLAS OFFERS

DO what you love. Be good at it. That’s how Douglas College defines a great career. It’s a philosophy that resonates through our classrooms, our offices and our boardrooms. It inspires our students and drives us to make Douglas College one of BC’s Top Employers. We love what we do. And we’re looking for passionate, motivated people to join us in making one of Canada’s best colleges even better.

Required Education and Experience:

• A bachelor’s degree in Information Technology from a recognized post-secondar

Security experience.

• An equivalent combination of education and experience may be considered

Required Knowledge, Skills and Abilities:

• Demonstrated broad knowledge of Information Security and ability to stay current in Information Security.
• Demonstrated ability to lead projects and people.
• Strong team player and adaptable to changing information.
• Resourceful and able to analyze problems, identify key information and issues and develop effective solutions.
• Ability to collaborate and share expertise within a team environment.
• Ability to coach, train and motivate employees.
• Ability to build and maintain good working relationships.
• Ability to work effectively both independently and as part of a team, including exercising initiative in offering assistance to colleagues, working collaboratively to share tasks and responsibilities.
• Experience with interpreting, applying and advising on policies and procedures.
• Ability to multi-task, apply organizational skills to meet deadlines.
• Excellent interpersonal and cross-cultural communication skills including written and verbal fluency in the English language.
• Ability to communicate with employees at different levels of hierarchy and different levels of technical abilities.
• Some understanding of virtual technology, backup methodology, Cloud, Microsoft Office 365, storage technologies, networking, Active Directory, database administration, application system administration, desktop administration, programming, scripting, logs aggregation and analysis, high availability and failover technology, etc.
• Experience with writing technical documentation, including documentation related to Security Incidents Response, Post Incident Reports, etc.
• Proven skills in

THE ROLE

To function as an information security technical lead. The duties will include designing, implementing and maintaining information security technology and systems, developing and deploying new information security solutions and providing technical information security leadership to other ITS initiated and College initiated projects. The position will provide technical leadership to system administrators to ensure that systems are designed, implemented and maintained using accepted information security principles.

RESPONSIBILITIES

1. Information Security Lead will provide leadership and direction to appropriate team members and external resources:
   a. Leads installation, configuration and maintenance of cybersecurity defense technologies.
   b. Provides technical information security leadership for developing standards for securing systems and devices.
   c. Conducts information security assessments and reviews.
   d. Monitors and enforces compliance with Douglas College information security policies, standards, and procedures.
   e. Educates others on best practices in information security.
   f. Provides input into staff job description, assists with preparation of interview questions, and interviews candidates for positions within ITS.
   g. Collaborates with the management to ensure the adequate coverage for areas and issues.
   h. Works closely with the Responsible Administrator to execute the day to day processes and operations of the area to ensure effectiveness and efficiency.
   i. Acts as resource to Information Security Analyst for issues relating to but not limited to the interpretation of college and government policies and processes, as well as best practices in situations not covered by existing policies and makes decision on escalated outcomes in collaboration with the Responsible Administrator.
   j. Identifies new opportunities and efficiencies in processes and workflows and integration of services.
   k. Schedules and assigns work to unit staff based on changing requirements.
   l. Coordinates the day-to-day operational support to Information Security Analyst.
   m. Identifies new opportunities and efficiencies in processes and workflows and integration of services.
2. Ensures oversight and monitoring for cybersecurity defense technologies:
   a. Investigates and remediates information security incidents.
   b. Ensures adequate Host Intrusion Detection is in place.
   c. Ensures adequate Network Intrusion Detection is in place.
   d. Ensures adequate log collection and analysis.
   e. Ensures securely functioning identity and access management systems are in place.
   f. Creates test plans and conducts system testing.
   g. Researches and analyzes existing practices and procedures and proposes adjustments and revisions.
   h. Monitors to ensure that adequate system hardening, upgrades, security patches, and malware protection is in place.
   i. Maintains the documentation of cybersecurity defense technologies.
3. Remains current in the information security field:
   a. Conducts research on information security trends and developments.
   b. Remains knowledgeable on the developments in cybersecurity defense technologies.
   c. Maintains knowledge of Information Security vulnerabilities.
4. Performs other duties as assigned.
   a. Participates in and analyzes security risk assessments for 3rd party vendors, cloud solutions and software systems.
   b. Contributes to the planning and design of an enterprise business continuity plan and disaster recovery plan.
   c. Provides information, technical assistance and support to users.
   d. Attends internal and external meetings.
   e. Creates and maintains user documentation for technical and non-technical users.

TO BE SUCCESSFUL IN THIS ROLE YOU WILL NEED

Required Education and Experience:

• A bachelor’s degree in Information Technology from a recognized post-secondary

institution

• Two or more years of Information Security training (in addition to the bachelor’s degree)

including education or equivalent experience that includes a subset of:
o Certificate, diploma, or a degree in Information Security
o CISA – Certified Information Systems Auditor
o CISSA – Certified Information Systems Security Professional
o CCSP – Certified Cloud Security Professional
o SSCP – Systems Security Certified Practitioner
o CSSLP – Certified Secure Software Lifecycle Professional
o CAP – Security Assessment and Authorization Certification
o SANS GSEC Security Essentials
o SANS GCED Advanced Security Essentials

o Other Information Security certification

• A minimum of 5 years Information Technology experience including at least 3 years of Information

Security experience.

• An equivalent combination of education and experience may be considered.

Required Knowledge, Skills and Abilities:

• Demonstrated broad knowledge of Information Security and ability to stay current in Information Security.
• Demonstrated ability to lead projects and people.
• Strong team player and adaptable to changing information.
• Resourceful and able to analyze problems, identify key information and issues and develop effective solutions.
• Ability to collaborate and share expertise within a team environment.
• Ability to coach, train and motivate employees.
• Ability to build and maintain good working relationships.
• Ability to work effectively both independently and as part of a team, including exercising initiative in offering assistance to colleagues, working collaboratively to share tasks and responsibilities.
• Experience with interpreting, applying and advising on policies and procedures.
• Ability to multi-task, apply organizational skills to meet deadlines.
• Excellent interpersonal and cross-cultural communication skills including written and verbal fluency in the English language.
• Ability to communicate with employees at different levels of hierarchy and different levels of technical abilities.
• Some understanding of virtual technology, backup methodology, Cloud, Microsoft Office 365, storage technologies, networking, Active Directory, database administration, application system administration, desktop administration, programming, scripting, logs aggregation and analysis, high availability and failover technology, etc.
• Experience with writing technical documentation, including documentation related to Security Incidents Response, Post Incident Reports, etc.

• Proven skills in:

  o Problem-solving and analytical skills.
  o Organization, time management, and multi-tasking.
  o Interpersonal relationships.
  o Working effectively with others in a team environment.
  o Communicating effectively in person, on the phone, and in writing with all stakeholders.
  o Working independently with minimal supervision.

  o Establishing priorities and achieving deadlines.

• This position requires sound judgment and adherence to confidentiality in the application of policies and procedures.