Information Security Officer

We’re looking for an Information Security Officer to join the MCAN family.

Job Summary:

The Information Security Officer (ISO) will be accountable for design, development, implementation (management or oversight) information security practices at MCAN.  You will also serve as an advisor to the executive team on information security vision, strategy, governance, and direction. In this role, you will be accountable for all projects and ongoing management (or oversight) of business processes designed to reduce and mitigate information security risks across the entire organization.

In addition, you will develop best practices to avoid security breaches, lead the coordination efforts to manage any security incidents when they occur. As the ISO, you will maintain a deep understanding of all relevant aspects of Cyber governance and management and you will lead and manage all aspects of the Cyber Awareness Program at MCAN.

This role will report to the Vice President, Information Technology and have a second reporting line to the audit committee of the Board.
 

What you will be responsible for:

 · Develop, manage, and deliver on effective implementation of the Cyber Security Program for MCAN
 ·       Identify security risks, develop strategies, and create the information security roadmap for the organization
 ·       Provide guidance and expertise regarding the security architecture for application development or infrastructure initiatives
 ·       Manage/facilitate security due diligence activities throughout the Application Software Development Life Cycle (SDLC) to ensure that security risks are identified, and controls are implemented to mitigate risk
 ·       Work collaboratively with all business functions to establish IT Security and Cyber Risk management function
 ·       Maintain the Enterprise Cyber Security Framework, Information Security Policy (ISP), and Standards
 ·       Ensure MCAN meets and exceeds all regulatory obligations and best practices (OSFI, FSCO, OSC and other related requirements)
 ·       Acts as a subject matter expert on relevant regulations and policies including the OSFI Cyber governance program and the relevant framework adopted by MCAN
 ·       Act as the primary contact during any information security incidents investigation and coordinate actions and reporting
 ·       Effectively manage MCAN’s Cyber Security Awareness Program to reduce employee cyber risk and promote risk culture
 ·       Responsible for internal/external audit and any other cyber/information security assessments and activities
 ·       Manage 3rd party security vendors, to ensure they are meeting their service level agreements and provide reports
 ·       Lead and manage the vulnerability management process and execute tasks as required
 ·       Develop strong relationships with cross-functional team members including IT & Business Teams and vendors

The work experience, skills, education that you bring:

Education:
 ·       Technology-related Engineering or Computer Science undergrad degree, at a minimum Professional security management certification such as Certified Information Systems Security Professional (CISSP) is a must

Skills/Abilities:
 ·       Excellent written and verbal communication skills
 ·       Experience with creation and documentation of security policies and procedures
 ·       Proven interpersonal and collaborative skills, with the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
 ·       Knowledge and understanding of relevant legal and regulatory requirements such as OSFI, OSC etc.
 ·       Subject matter level expert knowledge of common information security management frameworks, such as NIST/ISO/COBIT
  

Qualifications:

• 5-10 years of experience working in a Security role
• 5-10 years network/firewall administrative experience
• 3-5 years’ experience administrating a windows focused infrastructure
• Successfully managing projects and tasks
• Mastery of converting business and technical risks into actionable tactical tasks
• Experience working with and managing policies, procedures, standards, and guidelines related to SSAE 16/18
• Experience utilizing SIEM, Firewalls, IPS, DLP, Check Point, Antivirus/Anti-malware in an enterprise environment.
• Hands-on experience with security management in the public cloud (MS Azure)
• Deep experience with public/private cloud security infrastructure
• Strong knowledge of data privacy and data protection concepts
• Working knowledge of collaboration and messaging platforms (i.e., Office 365, MS Teams)