IT MindFinders is conducting a search for a Leader, Information Security, on behalf of their client, Technical Safety BC.
Reporting to the Vice President, Client Experience & CFO, and strategically placed outside of the IT department, the Leader, Information Security is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which our client operates. The position is responsible for identifying, evaluating and reporting on legal and regulatory (working through the legal team), IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. The position will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. He or she should understand Information Technology and must oversee a variety of cybersecurity and risk management activities related to the achievement of business outcomes where the business process is dependent on technology. The position should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the board of directors and other senior stakeholders. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements.
- Develop, implement and monitor a strategic, information security program to protect Technical Safety BC's mission-critical IT systems against potential threats and vulnerabilities. This includes appropriate levels of confidentiality, integrity, availability, safety, privacy (in conjunction with legal) and recovery of information assets owned, controlled or/and processed by the organization.
- Provide regular and ad-hoc reporting on the current status of the information security program and risk treatment plans to risk management team, senior business leadership and the board of directors in a co-ordinated manner to the regular reporting requirements under the Enterprise risk management framework, thus supporting business outcomes.
- Develop and enhance an up-to-date information security management framework including policies, standards and guidelines to ensure operating efficiency and regulatory compliance
- Immediately inform legal services department of any legal, regulatory or privacy issues that he/she becomes aware of, and seeks legal counsel whenever there has been a security breach such that there is a possibility of release of personal information.
- Manage the process of performing environmental scans to gathering, analyzing and assessing the current and future threat landscape to identify information technology emergent risks and threats in the operating environment.
- Create, manage and measure the effectiveness of an information security awareness training program for all employees, contractors and approved system users.
- Work with the procurement team to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
- Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
- Create an information and security framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
- Work effectively with business units, partners, and vendors to facilitate information security business impact & risk assessment process, and associated mitigation strategies
- Collaborate and liaise with the data privacy officer (or equivalent) to ensure that data privacy requirements are included where applicable.
- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
- Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
- Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.
- Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
- Reviews and advises the Executive Team and the Board of Directors on the strategic implications of developments in or changes to information security that have an impact on the business model, business processes and resources.
- Oversees the development of the annual budget for information Security, establishes and manages the goals, and builds reporting and analysis of key performance indicators.
- Minimum of 5 to 7 years of experience, with three years in an information security leadership role and a university degree or higher.
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
- Proven track record and experience in developing information security plans, policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists.
- Excellent stakeholder management skills.
- Must be a critical thinker, with strong problem-solving skills.
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Highly developed ability to influence other departments and employees to act in accordance with the Client Experience Vision.
Technical Safety BC has a bold vision for the future: Safe technical systems. Everywhere. They're expanding their ability to share safety knowledge and meet emerging client and business needs with data and technology solutions.
Technical Safety BC employs a talented workforce of approximately 320 persons with a wide range of education, technical training, skills and experience. They've developed a progressive culture with a deep commitment to accountability, employee learning and engagement.
Working at Technical Safety BC means you'll have the opportunity to grow your career, and benefit from:
- Frequent skills development and training
- Recognition and awards
- Competitive salary and benefits
- Subsidies for training and professional memberships
- Generous leave allowances for new parents
Resumes can be submitted directly via email to IT MindFinders Search Consultants: firstname.lastname@example.org
***Please note, due to the volume of resumes anticipated, only shortlisted candidates will be contacted.
This entry was posted on May 14, 2018