Senior Information Security Officer
Based at Millennium1 Solutions head office in Toronto and reporting to the Information Security Director, the Senior Security Officer is responsible for information security strategy as well as program and project management. This role is instrumental in the ongoing development of our information security strategic framework comprised of strategic principles, objectives, supporting capabilities, and enablers (people, process, and technology). This role is further responsible for the ongoing development and execution of the company’s Cyber Security Roadmap. This will include the development of programs that address technology risks, improve information security capability and support long-term strategic initiatives.
- Ongoing monitoring of information security infrastructure to ensure all components are operating as intended with optimal configuration
- Responsible for managing vulnerabilities organization wide
- Responsible for managing physical and logical controls for PCI organization wide
- Responsible for monitoring, containment, investigation, reporting and continuous improvement of enterprise wide systems for changes and standards that affect information security.
- Ensure information security policies, procedures, and standards are kept current with our environment and industry standards and develop new standards as required.
- Coordinate with 3rd party security partners and vendors to troubleshoot on going issues.
- Follow up and regularly report on the remediation activities and progress.
- First point of escalation for information security alerts, incidents, tickets, and RFCs (including on-call response for critical incidents)
- Review and adjudicate security exception requests with a focus on enabling operational objectives without subjecting the organization to undue risk (escalating as required).
- Produce dashboards and reports related to information security infrastructure and incidents.
- Work collaboratively with internal and external stakeholders on projects requiring information security design guidance and approval.
- Participate compliance and audit activities including PCI, SOC, SOX and client audits
- Perform information security risk assessments and ensure auditing of information security processes.
- Provide security best practice guidance to Security Analysts and staff within IT Operations.
- Other tasks as assigned by the Corporate Security Manager.
- In-depth knowledge of access control systems and methodology
- In-depth knowledge of active directory and RBAC’s
- Knowledge of information security architecture and practices
- Knowledge of PCI DSS standards and the certification process
- Bachelor degree in Computer Science or related security experience
- At least one of the following certifications (preferred): CCNP (security), PCIP, CISSP, CISA, CISM, GIAC
- A minimum of five years progressive experience in information security
- A minimum of three years in a consultative role demonstrating strong technical writing, problem solving, and communication skills
- Extensive IT audit experience
- Experience in managing third party security service providers
- Experience with enterprise security platforms and architectural design
- Experience with an enterprise change control process
- Credit and Criminal Background Check
- Successful candidates within the Corporate Security team are required to sign a non-disclosure agreement (NDA) specific to the sensitive information accessed by this team
Millennium1 Solutions is an equal opportunity employer and welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.