Canada | United States

Position Summary:

This position will work with clients to assess, develop, and implement policies, standards and guidelines. Also, the position will entail developing security programs in alignment with information security frameworks. The position will ensure clients meet compliance requirements and guide them in developing an improved security posture.

Responsibilities:

  • Conducts security assessments that can be multi-faceted for a wide variety of assigned clients
  • Provides clients with recommendations on building and enforcing information security standards and compliance to these standards
  • Creates security test reports and other documentation as needed
  • Works with clients in defining information security requirements for projects and ensures project compliance to these requirements
  • Authors/reviews security architecture for clients and provides recommendations based on best practices or based on regulatory compliance requirements
  • Works with clients to develop information security program health checks and the appropriate remediation plans
  • Provides technical support as a subject matter expert in the sale of information security assignments on an as needed basis
  • Provides thought leadership and direction for the Information Security practice on client security programs
  • Teams up with colleagues in other lines of services in support of client needs for Information Security services
  • Researches best practices, developments, techniques and trends in information security and determines relevance to client organizations
  • Provides clients with exceptional service in a professional, courteous and timely manner.
  • Other related duties as assigned

Required Education/Credentials/Qualifications:

  • Degree in Computer Science, Information Systems

  • Engineering or related major from an accredited University or equivalent
  • College Diploma and related experience
  • CISSP, CISA, CISM, or SANS Certifications
  • A good understanding of Linux, Windows and network security skills
  • Excellent written and oral communication skills in English
  • Ability to meet deadlines and deliver a high-quality product (reports)
  • Strong attention to detail
  • Ability to work both independently and perform as a leader in a team environment
  • 5 years minimum information security experience ideally in a fast paced, changing environment

The following skills are preferred but not required:

  • ISO27001 Lead Auditor, PCI QSA
  • Deep understanding of key information security program development, tool implementation and information security concepts and frameworks
  • In-depth experience designing and implementing information security solutions
  • Understanding of information security frameworks such as ISO/IEC 27001:2013, COBIT, NIST CSF
  • Familiarity with threat modelling and security design review methodologies
  • Support team technical development (e.g. through service development or research) and contribute to company technical processes overall
  • Experience with physical security testing, phishing and social engineering techniques