No more applications are being accepted for this job
- This position will be accountable for the creation, maintenance and distribution of enterprise level policies, procedures and standards within the information security and privacy domains.
- Ensure the information security & privacy programs accomplish its objectives by bringing a systematic approach to improve the overall effectiveness of these programs.
- Coordinate and/or lead corporate level incident response preparedness through testing, reporting and actions and will participate in incident response.
- Propose, create and maintain training courses, training presentations, programs, and develop new training materials that drive continuous awareness for information security & privacy.
- Develop a roadmap for MCAP's awareness training as it relates to information security & privacy that enables greater awareness, compliance and education materials
- Create and maintain an effective and measurable awareness training program.
- Create, execute, monitor and report on simulated security exercises to increase the awareness of the importance of security and privacy protocols (. phishing campaigns, tailgating, vishing, mystery customer)
- Drive awareness and compliance to information security & privacy best practices.
- Develop and implement effective and reasonable policies, procedures and standards to secure MCAP assets.
- Propose, create and maintain privacy and security corporate level programs (. DLP administration, access reviews, PIA's)
- Coordinate and/or lead security assessments, audits, tabletops and penetration tests
- Provide support to all stakeholders on information security & privacy standards.
- Facilitate incident response preparedness through testing, develop plans to close gaps and updating response plans.
- Contribute to the identification and maintenance of an information security risk registry.
- Prepare and support security due diligence questionnaires and assessments.
- Research, maintain an awareness and make recommendations of industry information security challenges, changes or opportunities that would improve MCAP's information security & privacy posture
- Perform annual reviews of enterprise information security & privacy policies, procedures and standards.
- Collaborate with management and with the technical information security team to identify gaps in policy, procedures, or standards and recommendations for improvements
- Perform analysis of third-party vendor due diligence responses to identify gaps, escalate risks as required and make recommendations to improve the process
- Create measurements of compliance to corporate level policy and procedures (. Access reviews, DLP, PIA)
- Develop and maintain an information security & privacy program scorecard/dashboard that demonstrates our current (real time) posture and opportunities for improvement
- Develop a process to report on the remediation of issues that arise from external assessments or audits
- Internally assess, evaluate, and bring forward recommendations to management regarding the information security & privacy program controls
- Minimum 6-9 years in information security & privacy governance
- Broad experience in the development of policies, procedures & standards
- Strong knowledge of information security governance frameworks (. CIS, NIST, ISO)
- Solid understanding and knowledge with security tools and technology (. firewalls, IDS, IPS, encryption, EDR, DLP, NAC, CASB, DKIM, DMARC, email protection)
- Advanced interpersonal skills and the abilities to interface with all business units in the organization
- Ability to work effectively and efficiently
- Ability to multi-task in a fast-paced environment
- Ability to develop and deliver awareness, education and coach.
- Strong knowledge of security tools and technology
- Strong knowledge of systems, network and cloud architectures
- Strong knowledge with risk analysis, penetration testing, and vulnerability management
- Demonstrated ability to create and maintain enterprise level security policy, procedures, etc...
- Excellent writing and verbal communication skills, interpersonal and presentation skills and proven ability to influence and communicate effectively with all levels of staff.
- Carries out duties with integrity and takes responsibility for actions
- Handles critical and sensitive information with the strictest confidentiality and privacy
- Excellent problem-solving and conflict resolution skills
- Ability to lead change initiatives and to foster a positive employee relations environment
- Very strong presentation and negotiation skills
- Formal IT & security accreditations such as (. ITIL, COBIT)
- Security certifications in (. CISM, CISA, CISSP)
- A degree or diploma in a relevant area of study with preference for information security or computer science/engineering
Sr. Information Security Governance Analyst - Waterloo, Canada - MCAP
Description
The Role
Reporting to the Director, Information Security & Privacy Governance, this role will be responsible for the coordination and execution of governance, risk and control activities within MCAP's Information Security & Privacy programs.
Training and Education
Governance & Operations
Program Measurement/Monitoring
What You Bring To The Team