Description of the Mandate
Reporting to the Sr. Manager, IT Security, the Senior Security Specialist will be implicated in ongoing initiatives of the Security Program, working to improve the organization’s security posture.
• Assist in the definition and modification of policies, guidelines, standards, and security procedures (company's governance framework)
• Assist in the implementation of the VIA governance framework and implementation of standards
• Evaluate current security controls and conduct gap analysis based on client's defined security model (i.e., level of protection)
• Assist in the preparation and coordination of activities during internal and / or external audits
• Assist in determining action plans for corrective actions following audit reports
As part of the mandate, the Senior Security Specialist will also work on a number of business initiatives and responsibilities include but are not limited to:
• Acts as an advisor; provides advice and recommendations and acts as an Information Security subject matter expert on business projects and initiatives
• Conduct vendor, threat and risk assessments, produce resulting reports
• Document exceptions, decisions and provide recommendations for controls and mitigations to associated risks
• Actively collaborates with IT and project teams
• At least one of the following Information Security Certifications (CISSP, CISA, CISM, or CRSIC)
• Preferred industry recognized Cloud Security certification such as; CCSP or CCSK.
The specific deliverables of the Senior Security Specialist include, but are not limited to:
• Security Requirements
• Vendor Assessment
• Security and Risk Assessment
• Document Exceptions and Decisions
• Security Standards, Guidelines and Procedures
• Team-oriented and skilled in working within a collaborative environment.
• Keen attention to detail and proven analytical and problem-solving abilities
• Acts with integrity.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Highly self-motivated and directed.
• Ability to see the big picture but also go into detail when needed.
• Ability to educate, communicate and influence across a wide range of levels of the organization and simplify complex technical topics in business- and user-friendly language.
• Results orients and persistent in pursuit of positive transformations.
• Creativity and innovation skills.
• Structured, organized, flexible and quick to adapt to change.
• Strong leader and motivator.
• Strong communicator - comfortable interacting with management levels from across the organization both in information exchange as well as influence and negotiation.
Specific skills and experience required
(other than those described in the master agreement for the above-noted resource type)
• Strong knowledge of IT Security Frameworks such as ISO27001/2 and, NIST 800-53 and CSF
• Experience in security risk management practices, including security risk assessment, audit and IT security assessment
• Knowledge of FAIR Methodology an asset
• Familiar with security concepts related to cloud, including cloud platform and infrastructure, access controls, cloud data, operations and, legal and compliance issues.
• Technical hands-on experience with Cloud Vendors and technologies such as Amazon Web Services and Microsoft Azure.
• Ability to quickly learn new technologies and respond to changing requirements and environment.
• Fluency in both English and French (oral and written)
• Strong communication and follow-up with different parties (internal, external and business partners)
Description of the Mandate