SENIOR SECURITY MANAGEMENT CONSULTANTS
Location: Ottawa (1) and Toronto (3)
KEY RESPONSIBILITIES
In supporting a wide range of private and public sector projects our consultants will take on an equally wide range of responsibilities. Our Senior Security Management Consultants may act as senior advisor for large organizations and lead complex projects in IT governance, security management and strategy, regulatory compliance issues, security process improvement, security architecture and risk management projects.
Key responsibilities can include:
- Leadership and prime responsibility on large projects in the private and public sectors
- Conducting Security Risk Assessments and Privacy Impact Assessments
- Creating and implementing Security and IT Governance frameworks
- Conducting Threat and Risk Assessments and Certification and Accreditation activities
- Developing Security Program project plans, Security Metrics and Key Performance Indicators
- Developing Payment Card Industry (PCI) Assessments or Implementing PCI Remediation activities
- Developing remediation and compliance plans in response to internal or external audits
- Performing architecture reviews and making expert recommendations
- Conducting security awareness campaigns or specific
- Conduction security training sessions
- Performing Project Management functions
REQUIRED EXPERIENCE & QUALIFICATIONS
The specific requirements vary for each project but, in general, the candidate will posses:
Recognized security industry credentials and certifications (e.g. CISSP, CISA, etc.)
A valid Canadian government security clearance of Enhanced or Secret
10+ years of experience, including many of the following:
- Information Security, IT Governance consulting/advisory
- IT Audit, Reporting on Compliance
- Security Management, Policy & Procedure development, Governance Frameworks, Security Programs
- Threat and Risk Assessments and Methodologies
- Privacy Assessments and Reporting
- Project Management, Budget Management
- Vulnerability Assessment scans and Penetration Testing
REQUIRED SKILLS & ABILITIES
The candidates will have the ability to:
- Excellent written and oral English skills
- Demonstrate thought-leadership in IT Governance (strategy, policies & procedures, security standards, risk, compliance, current issues and trends)
- Communicate with senior executives advocate organizational changes
- Lead complex client engagements, acting as project prime and go-to person
- Articulate the benefits and rationale of strategic Information Security and Privacy decisions to senior management and non-IT audience (Return on Investment, Financial aspects, Regulatory impacts, Organizational changes)
- Assess, recommend, document and implement security management practices
- Demonstrate a good understanding of cyber security, global industry trends, cyber crime and response
- Leverage existing and new engagements with hands-on experience with IT governance, and in-depth knowledge of information security and privacy standards (ISO17799, ISO27002, ISO27001, COBIT, NIST, ITIL, NERC) & legislative/regulatory instruments (SOX, SAS-70, 5970, Privacy Act, PIPEDA, PHIPA, PCI 1.2, 2.0, MITS and others)
ADDITIONAL EXPERIENCE
- Data classification and handling models
- Network security, architecture
- Operational security intrusion and penetration
- Testing Incident handling procedures
- Physical security
- IT audit experience
- Finance, auditing
- Digital Forensics (IT /Financial)
- Security Awareness training, Educational campaigns
Iceberg Values:
Iceberg recognizes and embraces the importance of values in our ever-changing workplace. To be successful, all applicants must demonstrate behaviours that are reflective of our values:
- We think that customer service is paramount
- We embrace tradition and welcome change
- We have a passion for delivering value
- We constantly innovate to improve
At Iceberg, we are committed to equitable access to employment opportunities based on ability.
If you think you have what it takes to join our team, send your resume to
careers@icebergnetworks.com
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.