Sr Security and Risk Advisor

Description :

Responsible for analyzing and making recommendations pertaining to information security, incident response, policies, standards, and awareness.

The position is expected to keep abreast of emerging technology, security threats, and industry standards, and apply these concepts and techniques within the corporate environment.

Required to perform confidential, sensitive systems reviews and investigations, as well as moderate to complex system analysis and, as required, be available during disaster recovery and disruptions.

DUTIES INCLUDE, but not limited to :

Advisory and Analysis Services

• Participates in information security architecture and system design development, ensuring that all activities adhere to the corporate information security principles, standards, and processes
• Assists with the development, maintenance, controls and enforcement of the corporate directives and practices, pertaining to information security.
• Assists with the development of internal and external communication to educate target audiences regarding information security, and delivers the information to target audiences.
• Works with various teams to assist with planning and development of controls that manage access to corporate information in a manner which complies with policies and practices.
• Develops and maintains expertise in one or more areas of security threat and incident.
• Supports security compliance and remediation initiatives for technology, processes and services to ensure ongoing effectiveness of the information security program, protect the business from unknown exposures and ensure compliance with regulatory and contractual requirements.
• Coordinates and / or participates in business security threat and risk assessments, and risk control assessments.
• Measures and communicates the risks and potential mitigation strategies to reduce the risk to an acceptable level.
• Contributes to business cases for security solutions with a keen focus on risk assessment practices.
• Participates in ad hoc consulting services to the business to identify information security requirements based on scope and risk.

Research, Incident Management and Investigation

• Manages major security incidents, and ensures preventative measures are taken to protect the business.
• Coordinates eradication and mitigation activities with business and IT partners for security incident recovery related to any IT or business application / infrastructure security incident.
• Works with other departments providing consultation regarding their security concerns.
• Follows up with technical teams to ensure controls and mitigation strategies are in place and effective.
• Follows up with technical teams to ensure controls and mitigation strategies are in place and effective.
• Maintains and administers the information security service requests in alignment with company polices.
• Develops and / or provides input into reports and presentations with regard to security, as requested.

Research and Project Support

• Participates in the research and development of security and risk standards and procedures, organizes their adoption, and monitors them for effectiveness.
• As required, participates on corporate technical projects regarding security-specific components of these projects.
• Researches and provides consulting expertise to all other staff on security matters in alignment with corporate security policies and standards, and the Information Security Officer recommendations.
• Education :
• University degree or a two-year college diploma in Computer Science or similar discipline
• Completion of one or more of the following Information Security Management professional designations is preferred :
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified Penetration Tester (GPEN)
• Certified Forensic Analyst (GCFA)Offensive Security Certified Professional (OSCP)
• Other information security credentials
• Demonstrated record of related continuing education and certifications in the Information Technology field
• Experience :
• Seven years in the IT industry with four years related experience with supporting Information Security issues and controls
• Technical Knowledge and Skills :
• Excellent interpersonal and written communication skills
• Ability to deal with highly confidential matters
• Strong critical thinking and decision making skills
• Knowledge of security related policies, procedures, and practices
• Ability to manage multiple priorities under strict deadlines
• Demonstrated strong analytical and investigative skills with regard to moderately complex to complex issues.
• Demonstrated ability to develop and maintain collaborative partnerships
• Ability to relate to others with all levels of technical competency
• Strong Understanding of security and control frameworks such as COBIT, ISO 27002, NIST
30+ days ago