Manager, Cybersecurity - Mississauga, Canada - Element Fleet Management

Description

Get started on an exciting career at Element

Element employees make a difference in the lives of others every day. We are re-defining the fleet management industry to be people first, then business – delivering on our promise of a superior client experience. This takes hard work and innovation, and we need more like-minded people on our team.

What We Need

We are looking for a Manager, Cybersecurity to join Element Fleet Management. As the largest pure-play fleet manager in the world, we provide unmatched products and services and solutions to our clients.

At Element, employees play a critical role in delivering value to customers and ensuring an exceptional client experience. We are committed to the success of our clients, employees, and investors by fostering a culture where every employee can make a difference

The Cybersecurity Manager manages the operational responsibilities associated with the planning, coordination, mitigation and continual improvement of assigned enterprise wide cybersecurity detect and response controls. In addition, this role will recommend and facilitate implementation of best practices in cybersecurity for Element. This individual must possess strong leadership, communication, planning skills, and have a broad cybersecurity and IT background in systems, servers, networks and hardware experience gained in managing and delivering critical IT services. Success for the role will be to support the delivery of a threat defense program that is positioned to address, contain, and drive successful resolution to any cybersecurity situation.

Are You:

• A leader in conducting risk assessments, threat modeling, and vulnerability analyses?
• Knowledgeable of compliance standards, regulatory requirements, and industry best practices in cybersecurity?
• An expert at designing and implementing robust security architectures and protocols, with experience collaborating with cross-functional teams to embed security into the development lifecycle?

A Day in the Life

Security Domain Structure

• Perform oversight of the development, implementation and evaluation of information system security program; special emphasis placed upon integration of existing Cloud platforms and hybrid systems within assigned area
• Perform risk assessments and make recommendations to leadership for improvements to manage cybersecurity risk
• Advise business on security testing methodologies and processes
• Develop and maintain a formal Information Systems Security Program for assigned areas
• Ensure that all Indicator of Attack (IOA)s, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties
• Conduct periodic assessments of the security posture of the authorization boundaries

Build deliverables - Develop, review, endorse, and recommend actions

• Develop and execute security assessment plans that include verification that the features and assurances required for each protection level are functioning
• Maintain a and/or applicable repository for all system authorization documentation and modifications
• Partner with Director to create and implement an Element Cybersecurity Governance Council
• Support development of policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents
• Ensure compliance with the company's storage & retention policies – that they are in place for clearing, sanitizing, and destroying various types of hardware and media
• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
• Lead and manage development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training
• Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed
• Assess changes in the system, its environment, and operational needs that could affect the authorization

Engage Clients

• Works with IT Cybersecurity leadership to assure the cybersecurity program is balanced, controlled, and that it is aligned with business needs
• Partner with other business teams in to continuously improve and advance the organizations operational security capabilities; including ISO 27001, NIST Cybersecurity framework & NIST 800.53
• Evaluate and communicate cyber security & privacy risks/vulnerability landscape and solutions to business leadership
• Collaborate with cross-functional teams to deliver projects and enhancements
• Conduct the duties of the Information System Security Director when not present/ available
• Lead and manage third party risk management program

Ongoing system management

• Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented
• Ensure that system recovery and reconstitution processes developed and monitored to ensure that systems can be recovered based on defined availability levels
• Ensure periodic testing is conducted to evaluate the security posture of Element by employing various intrusion/attack detection and monitoring tools
• Maintain metrics, reporting and tracking program to ensure processes working as designed and risks are being tracked
• Ensure all Standard Operating Procedures (SOPs) & Policy documentation is current and accessible to properly authorized individuals
• Ensure that system security requirements are addressed during all phases of the system life cycle
• Lead & participate in ICSA (Internal Control Self Assessments), and current state assessments

Requirements

• Bachelor's Degree in IT or related field required
• 7+ years related experience – ideally in roles with a focus on cybersecurity, systems security, or network security
• Industry certifications required (one of three): CISSP, CISM, CISA (or in process of completing within 6 months)
• Certifications: CRISC, ISO preferred)
• Familiarity with PCIDSS compliance program
• Design and architecture experience
• Experience with EDR/MDR, WAF/WAS and Microsoft Security products and technologies involved in large scale enterprise deployments/data centers
• Experience in deploying and/or supporting enterprise security software products such as firewalls, IPS, Anti-Virus solutions, application firewalls, high availability solutions, network management systems, virtual systems
• Experience with tools such as Vulnerability Detection & Management tools like Nessus, Qualys
• Deep technical understanding of modern cybersecurity threats
• Validated track record in hands-on approach to maturing defense capabilities in highly targeted environments at scale
• Proficiency in managing and optimizing security technologies and tools
• Excellent leadership and communication skills to inspire and guide a team toward security excellence
• Expertise in technologies involved in large scale enterprise deployments/data centers
• Experience implementing and using complicated software products that involve multiple components
• Prior experience in penetration testing
• Background in creating or maintaining security policies, providing training to internal employees on possible external threats to the IT environment and managing third party vendors
• Strong analytical, problem-solving skills and communication (written & oral) skills
• Ability to clearly document complicated steps and procedures
• Familiarity with Microsoft security
• A solid understanding of Windows and Linux systems, general operating system security practices, TCP/IP networking, 802.1x and network security concepts
• Demonstrated experience with preparing presentations for leadership

What's in it for You

• A culture of innovation, empowerment, decision-making, and accountability

• Comprehensive health and welfare benefits that serve the needs of you and your family and foster a culture of wellness

• Additional benefits and amenities, including paid time-off programs (vacation, sick leave, and holidays)

• Hybrid work environment for most positions

Applicants will be required to undergo a background check only if and after a conditional offer of employment has been extended.

Element Fleet Management and its wholly owned subsidiaries are an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants for employment without regard to race, color, religion, gender identity, age, sex, sexual orientation, disability, national origin, Aboriginal/Native American status, protected veterans' status or any other legally-protected factors. Disability-related accommodations during the application and interview process are available upon request. Should you require an accommodation with our hiring process please send an email to or call