Position Title: Senior Consultant Cyber Security
Position Type: Permanent
Location: Toronto, Montreal, Ottawa
Our client is looking for a Senior Consultant Cyber Security to assess, and influence the security posture of our client’s critical IT & Field systems, platforms and data. We are looking for a highly motivated, creative, and disciplined individual to monitor and respond to threats to the organization’s systems and data as well assist with security processes and governance.
Analysis and Response
- Work with and provide guidance to security teams, both within and external to the client, as they perform infrastructure, application and code scans as well as PEN tests in order to uncover vulnerabilities within Corporate Systems topology
- Analyse vulnerabilities found through scans and PEN tests and propose remediation strategies.
- Monitor the Corporate Systems department’s systems for security issues.
- Document all security incidents and assess their actual or potential damage to the client.
- If any security incidents should occur, work with the Corporate Systems Security team to document the “lessons learned” and implement improvements to existing processes/procedures/best practices or the creation of new processes/procedures/best practices if they do not already exist.
Cyber Security Solutions Delivery
- Implement network, server, website, application, and Data/Information security improvements for cloud, hosted, and on/off premise solutions, by assessing current situation; evaluating trends; anticipating requirements and making recommendations.
- Develops and implements solutions to mitigate risks and enhance system security and Support team as a technical expert for the project, system or solution they are working on.
- Plays a critical, collaborative role in setting the strategy and goals for delivery teams, with a focus on project impact, product quality, and engineering efficiency.
- Ensure site and data security and provide consultation on security issues staying abreast of potential internet security threats.
IT Systems Solutions Delivery
- Responsible for gathering and documenting the security vulnerability and business requirements and then ensuring that the deliverables produced by the development effort conform to the business requirements.
- Leading and driving the integration testing and user acceptance testing process, including preparation of acceptance criteria, review of the test plans and scenarios, review of test results as well as taking responsibility for end to end testing.
- Review the results of internal PEN tests and define mitigation/remediation strategies.
- Evaluate and sign-off on projects’ pre-release security scans, architecture and code reviews.
- Assess the latest internal and external security bulletins and propose a plan to remediate any threats that are applicable to Corporate Systems.
Leadership and Training
- Stay current on IT security trends, news and standards.
- Assist in the creation and presentation of training materials, both online and in person, to improve IT Systems staff and contractors’ understanding of security policies and procedures.
- 10+ years of experience in the Security Advisory role.
- 15+ years in an IT Business Analysis, or IT Infrastructure role in large scale IT Systems projects, with leadership experience defining requirements and solutions.
- Bachelor's degree in Computer Science, Computer Engineering, Information Technology Systems Security or related field. Master's degree in Information Security is an asset.
- Must possess a thorough understanding of all aspects of data, computer and network security, including such areas as firewall administration, encryption technologies and network protocols.
- Certified Information Systems Security Professional (CISSP). ITIL v3 and other IT, security or management certifications are also an asset.
- Experience working with sales teams and providing cyber security solutions to customers to improve their security posture through recommended security tools
- Experience working with targets and variable comensation linked to the targets
- Experience with Application/Data Security and Vulnerability Management programs that leverage SAST (Static application security testing), DAST (Dynamic application security testing), PEN Testing, network vulnerability scanners, etc.
- Understanding of security frameworks (e.g. NIST Cybersecurity framework, ISO, PCI, SoX) and risk management methodologies.
- Experienced in:
- Analysis of threats;
- Threat response proposals;
- Instituting cyber security and risk metrics for reporting;
- Recommending security processes to reduce business risk;
- Since the position entails working with sensitive and confidential information, a high level of integrity is required.
- Prior experience with sales is an asset
If you are interested in this opportunity, kindly send your resumes in MS Word format to Toronto.firstname.lastname@example.org today!