Laa-23-61 - Information Security Officer - Edmonton, Canada - Legal Aid Alberta

Legal Aid Alberta
Legal Aid Alberta
Verified Company
Edmonton, Canada

1 day ago

Sophia Lee

Posted by:

Sophia Lee

beBee Recruiter
Description
Legal Aid Alberta is seeking to fill a full-time role as an Information Security Officer. This is a remote work/hybrid position that will occasionally need to report to work in our downtown Edmonton office.

This position will appeal to an individual that likes to take initiative, is client focused and is exceptionally strong on delivering high-quality results.

Who We Are

As a publicly funded, non-profit organization, Legal Aid Alberta provides affordable legal services in family law, domestic violence, child welfare, immigration, and youth and adult criminal defense.

We are Alberta-wide, with 300 staff and 1,200 private practice lawyers helping people overcome their legal challenges in more than 75 communities across the province.

Who You Are
Working at Legal Aid Alberta means you care about people and empathize with their situation. You have excellent communication skills, especially in tough situations. You are exceptionally organized and fast-paced work environments give you a rush.

You are always up for a challenge, and you love learning new things, solving problems, and can adapt to change quickly.

You care deeply about the success of our team and our organization.


Job Description:


Reporting to the Vice President of Information Technology, the Information Security Officer is a coordinator role responsible for effectively safeguarding the organization's data, information systems, and technology infrastructure from security threats and breaches.

They play a critical role, in partnership with contracted security vendors, to develop, implement and continually improve security policies, procedures, and controls to protect sensitive information and ensure regulatory compliance.


Information Security Strategy:


  • Continually improve the organizationwide information security strategy, policies, and procedures.
  • Ensure alignment of security measures with business objectives and risk management strategies.

Risk Assessment and Management:


  • In partnership with contracted vendors, continually improve regular risk assessment processes, in order to identify vulnerabilities, threats, and potential security risks.
  • Develop and implement risk management strategies and controls to mitigate identified risks.

Security Awareness and Training:


  • Continually improve utilization of vendor developed security awareness and training programs for employees, contractors, and stakeholders to promote a culture of security.

Incident Response and Recovery:


  • Develop and maintain an incident response plan, including procedures for detecting, reporting, and responding to IT security incidents, in partnership with contracted vendors and cyber insurance agency.
  • In partnership with contracted security operations centre vendor, lead incident response efforts when security breaches occur, coordinating with relevant teams to minimize damage and recover from incidents.

Security Technology:


  • Continually improve utilization of vendor partners and security technologies, tools, and solutions to protect data and infrastructure.
  • Stay current with emerging threats and security technologies to make informed recommendations.

Compliance and Auditing:


  • Ensure alignment with industry standards (e.g. ISO
  • Coordinate and assist with security audits and assessments, requiring routine access to sensitive and confidential information (e.g. client, employee, management).

Security Auditing and Testing:


  • Partner with vendor partners to conduct regular security assessments, vulnerability assessments, and penetration tests to identify weaknesses in the security posture.
  • Recommend processes and partners that will contribute to the continual improvement of corrective measures.

Security Architecture:


  • Recommend ways to integrate security into the software development lifecycle.

Security Incident Documentation and Reporting:


  • Maintain detailed records of vendor reported and internally identified security incidents, investigations, and remediation efforts.
  • Prepare and present security reports to senior management and relevant stakeholders.
  • Creation of security reports and implementation of steps to limit/prevent future recurrence.

Security Policies, Procedures and Enforcement:


  • Continually improve information security policies, standards, and guidelines for the organization.
  • Support the Executive team to ensure the dissemination and enforcement of security policies throughout the organization.

Vendor and Third-Party Risk Management:


  • Manage cyber security partner contracts providing services to the organization, continually improving aggregate security posture.
  • Assess and manage the security risks associated with third party vendors and suppliers, using vendor partners where required.

Disaster Recovery and Business Continuity:


  • In partnership with the Emergency Response Planning team, IT leaders and security vendor partners, contribute to the development of d
More jobs from Legal Aid Alberta
See all jobs of Legal Aid Alberta