Company Information Security Auditor

EOS Canada Inc - Scarborough, ON (il y a 30+ jours)

Postuler dès maintenant

Job purpose

The Security Officer works with other staff to establish procedures and security protocols and monitor these against agreed upon actions and polices. The Security Officer is responsible for the company’s Security Policies, Security Audits, Security Training and Security Compliance.

The Security Officer position is ultimately responsible for Security Training and Security Audit function within the company. The Security Officer is a member of a team that ensures organizational compliance with security regulations and/or laws that apply to the business.

Duties and responsibilities

  • Establish and maintain the company’s information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in its digital ecosystem and are compliant with legal, regulatory and contractual obligations.
  • This role requires a proven leader with sound knowledge of business management and cybersecurity technologies. The successful candidate will be an integrator of people, process and technology and bring a minimum of 3 years of experience in a combination of risk management, information security and IT arenas.
  • This is an exciting opportunity for a visionary leader within Information Security to help shape the future of a strong and dynamic Company in the Financial industry.
  • Responsibilities Lead the information security function across the company to ensure consistent and high-quality information security management in support of our business goals.
  • Determine the information security approach and operating model in consultation with stakeholders and align with the risk management approach and compliance monitoring of nondigital risk areas.
  • Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organizations business objectives, and ensure senior stakeholder buy-in and mandate.
  • Create the necessary internal networks among employees and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
  • Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
  • Liaise with internal and external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
  • Create a risk-based process for the assessment and mitigation of any information security risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
  • Ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws.
  • Collaborate and liaise with the Director, IT to ensure that data privacy requirements are included where applicable.
  • Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
  • Provide regular reporting on the current status of the information security program to senior leaders.

Qualifications

  • Minimum 3 years of experience in a combination of risk management, information security and IT
  • Professional security management certification is desirable, such as Certified Information internal Security Auditor (CISA)
  • CompTIA (Security+), CompTIA (CySA+) (Cyber Security Analyst), CISSP (certified information systems security professional)
  • Excellent written and verbal communication skills
  • Interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
  • Knowledge and understanding of relevant legal and regulatory requirements such as PCI, etc.
  • Subject matter level expert knowledge of common information security management, including Cybersecurity Framework.

Conditions of Employment:

  • Security Screening

EOS Canada offers:

  • Competitive salary
  • Full time employment
  • Paid training
  • Competitive Group Benefit program
  • RRSP Plan
  • Opportunities for professional growth, development and advancement
  • Mentorship Program
  • Internal Job postings
  • Paid vacation
  • Organized Social Committee/company outings
  • A respectful and Inclusive work environment
  • 50% reimbursement for approved educational programs
  • Recognition Program/Awards
  • Anniversary milestones are celebrated
  • On-going training initiatives and career planning

EOS Canada offers opportunities for professional growth, development and advancement.

Job Type: Full-time

Experience:

  • Information Security : 3 years (Preferred)