To coordinate, plan and/or organize the development and delivery of Information Security services and contingency planning and disaster recovery to business units in order to maintain the integrity of vital computer applications and information systems across IESO and to support executives and managers in fulfilling their due diligence responsibilities regarding Information Technology Security.
What you'll do:
- Oversee/monitor access logs and privileges.
- Deliver or conduct the delivery of Information Security and contingency planning and disaster recovery programs for business units/departments across IESO.
- Contribute to the development of Information Security standards and procedures for business units consistent with corporate security objectives and generally accepted and leading edge Information Security practices and professional security standards and in coordination with IT Process Development Leaders and the Information Security Manager.
- Deliver the Information Security programs, including Information Security framework for applications, tools, anti-virus, encryption and fire walls, implementation support, identification of system vulnerabilities, system assessments, Information Security advice and consultation, business resumption planning and disaster recovery planning.
- Review and assess all requests for Exception and/or Exemption to policy.
- Provide input to supervision on all areas of Information Security.
- Contribute to the development/delivery of awareness training and general Information Security education.
- Investigate all identified security breaches, or concentrated attempts at breaching IESO security.
- Report the results of Technical Information Security assessments with conclusions, recommendations for improvement, planned management actions, follow-up status to Supervisor/Management Team.
- As required, will lead projects, assign work, resolve problems and assess performance.
- Review new and updated systems/applications to ensure that security is configured properly.
- Work with business units to determine data classification and ownership/custodianship.
- Ensure there are adequate security tools available for performing system reviews.
- Report the results of technical IT Security assessments with conclusions, recommendations for improvement, planned management actions, follow-up status to Manager - Information Security, and business leaders.
- Keep abreast of developments in the areas of legal, regulatory, corporate requirements, technological developments and best practices in the Information Technology and Corporate Security field.
- Will have access/handle confidentiality issues, requiring high level of trust and integrity.
- Perform other duties/tasks/projects as required or assigned.
What you need to succeed:
- Requires a sound knowledge of computer science, information technology and telecommunications systems.
- Excellent written and oral communication skills, in order to deal with end-users, review/input on procedures, standards and/or methods; and design/deliver training.
- This knowledge is considered to be normally acquired either through the successful completion of a university degree in the area of Computer Science or related discipline or equivalent.
- Requires experience coordinating/analyzing enterprise security systems on a diverse set of computing platforms, operating systems and applications, especially Windows NT and UNIX.
- Experience with networking products, large package and systems implementation. Previous experience as part of a large multi-disciplined project, and with systems vendors, which requires having sound project management skills.
- A period of over 8 years, up to and including 10 years is considered necessary to gain this experience.