security manager (part-time) in toronto

posted
job type
permanent
apply now

job details

posted
location
toronto, ontario
job category
Technologies
job type
permanent
reference number
2103983PROEN
apply now

job description

Our client, a leader in the education industry, is looking for an experienced Security consultant to their team as their temporary part-time employee for 8 days a month for 1 year.

POSITION SUMMARY: Security Manager
The job description below depicts the role of the Security Manager. The Security Management Consultant will be supporting the Security Manager by providing guidance and support for them to carry out their duties since this resource will be growing into this role



The job description below depicts the role of the Change Manager in Information Technology Services. The Change Management Consultant will be supporting the Change Manager by providing guidance and support for them to carry out their duties since this resource will be growing into this role

The manager of Information Technology Security is responsible for the development, recommendation, architectural design and implementation/coordination and promotion of Humber’s Information Technology Security Policy, practices and standards. The manager of Information Technology Security will provide leadership and expert advice to ITS Management, ITS Staff and the College Senior management and Business Unit Managers on information technology security.

Strategy and Planning - 40%
 Lead the information technology security planning processes to establish an inclusive and comprehensive information technology security program irrespective of delivery model

 Identify systems, processes and information technology resources requiring information technology security protection

 Create and maintain information technology security architecture

 Lead the development and implementation of an effective information technology security policy and reasonable practices and standards to secure sensitive data, ensure information security and compliance with relevant legislation and legal interpretation.

 Create, maintain and deliver the Humber information technology security awareness training program

New Projects and Services - 30%
 Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the
information and technology systems.

 Evaluate security aspects of new technologies and define security requirements for procurement processes working in collaboration with Subject Matter Experts

 Ensure that information security controls and procedures are extended to third parties when information is created, managed ,processes and stored by remote service providers, e.g. cloud computing

 Stay abreast of information security issues and regulatory changes affecting higher education at the provincial and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.

 Assess new security technology and services and their role in protecting Humber information and technology assets

 Lead the process to select, acquire and implement information security solutions and or enhancements to existing security solutions to improve overall security in collaboration with subject matter experts

Operational Management - 30%
o Monitor the confidentiality, integrity and availability of the data residing on or transmitted to/from/through Humber workstations, servers and other systems and in databases and other data repositories

o Ensure and monitor security compliance with industry and government rules and regulations

o Supervise the design and execution of vulnerability assessments , penetration tests and security audits, managing such activities with external service providers as needed

o Lead the preparation and interaction with auditors reviewing the information security program

o Coordinate and track all information technology security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.

o Develop and administer the security policy, practices and standards to manage identity credentials, authorizations and authentication

o Interview staff, perform security vulnerability scans, review application and operating system access controls and analyze physical access to the system

o Keep abreast of security incidents and act as primary control point during significant information technology security incidents. Convene a critical incident response team as needed to address and investigate information technology security incidences that arise.

o Measure and reporting on the effectiveness and efficiencies of information technology security activities

o Engage in ongoing communications with peers in ITS as well as the various business groups to ensure Humber wide understanding of information technology security goals and to solicit feedback

Specific proficiency required in:
o Post-secondary Degree in Computer Science/ Project Management or equivalent training & experience

o PMP Certification is considered an asset

o Certified Information Security Manager - Information Systems Audit and Control association (ISACA)

o Certified Information Systems Security Professional (CISSP) (ISC)2

o Experience in a unionized , public sector environment

o Extensive experience in enterprise security architecture design and document creation

o Experience in designing and delivering employee security awareness training

o Experience in interviewing staff, performing security vulnerability scans, reviewing applications and operating system access controls and analyzing physical access to the systems,

o Experience in developing Disaster Recovery Plans

o Knowledge of national and international regulatory compliance and frameworks such as ISO and PCI DSS

o Experience in business continuity planning

o Experience with PCI audits is an asset,

o Experience in risk management

o Experience in vendor/contract negotiation, and security information

o Experience in performance monitoring and management.

o Skills in internal and external liaison/relationship building,

o Experience in negotiation, diplomacy and communication are also required

o Familiarity with security challenges of remotely hosted environments

o Familiarity with cloud services and associated security concerns



Randstad Professionals Canada
Randstad Canada is committed to building a diverse workforce reflective of the diversity of Canada. As a result, we promote employment equity and encourage candidates, especially those who identify as a woman, an Aboriginal person, a person with a disability or a member of a visible minority group, and any others who may contribute to the diversification of our workforce, to apply.

Randstad Canada is also committed to developing an inclusive, barrier-free selection processes and work environments.If contacted in relation to a job opportunity, you should advise your Randstad Representative or your local Randstad branch in a timely fashion of the accommodation measures which must be taken to enable you to be assessed in a fair and equitable manner.Information received relating to accommodation measures will be addressed confidentially.

For all feedback on equity and accommodation needs, please contact your local Randstad Canada Branch.