Cyber Security Lead - Canada/ Remote Key Responsibilities: • Engage in and act as extension of Client IT team led by the Client IT Security Director/CISO • Provide security thought leadership, consulting and insight into best practices to the Client IT Security team • Work with Client IT Security on creating/reviewing/updating the Client security roadmap • Work with Client IT Security to review and analyze business requirements and create appropriate security solutions Knowledge and Experience The qualified candidate will have: • Must work well within a team environment and be results driven to achieve organizational goals • Minimum of 15 - 20 years of relevant information technology: o 10 – 12 years demonstrated experience with IT security risk, defences and security technologies. • Special licenses, other education, certification or professional association memberships o CISSP – Certified Information Systems Security Professional • Demonstrated experience in the design, development, and implementation of security information processes, procedures, controls, and solutions. • Demonstrated adaptation to changing business needs and the ability to work in a variety of different business situations. • Education: o Minimum Bachelor’s Degree with a desired emphasis in Computer Science, Information Technology, or Computer Engineering. o Post-graduate degree in Computer Science, Information Technology, or Computer Engineering; or MBA desirable. • Proven project management skills with experience in a formalized process and the ability to successfully manage multiple projects at one time. • Working knowledge of the CLIENT businesses and functional areas with the ability to understand and assess applicable IT security threats. • Familiarity with applicable legal and regulatory requirements, including, but not limited • Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff. • The ability to interact with CLIENT personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives. • A strong understanding of the business impact of security tools, technologies and policies. • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies. • Experience working with legal, audit and compliance staff is highly desired. • Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts. • Evaluate the statements of work from these providers to ensure that adequate security protections are in place. Assess the providers' audit reports (or alternative sources) for security-related deficiencies and required \"user controls,\" and report any findings to the Director of IT Security. • Experience managing security infrastructure such as firewalls, IPSs, WAFs, endpoint protection, SIEM and log management technology, IAM, PAM & GRC • Understanding of IT infrastructure: • Applications • Databases • Operating systems (Windows, Unix and Linux) • Hypervisors • IP networks (WAN, LAN) • Storage networks Backup networks and media • SSO/MFA – MS Entra ID, 1Password • PAM, IGA, UAM, UAR • Strong working knowledge of IT service management • Change management • Configuration management • Asset management • Incident management • Problem management Solutions Architecture and Design Security Officer and Architect: (a) review and respond to Customer's requests to review platform selection decisions, including providing technical support to develop technical configuration and support policies and procedures (b) review the current Security Architecture and suggest changes and improvements based on Supplier’s experience and industry best practices to Customer for review; (c) suggest technology configurations in support of Customer's strategic business direction and supporting Architecture; (d) review Customer business cases and suggest alternatives as needed; (e) participate in proof-of-concept projects, including suggesting typical industry best practices; (f) participate in updating and developing technology roadmaps associated with deployed services; (g) contribute to requirements and statements of work for new technologies and architectures; (h) contribute to and participate in quarterly Supplier meetings to address product and technology roadmaps; (i) contribute to and participate in documenting and developing training materials for presentation to Supplier organizations for newly recommended design changes, software feature changes, etc.; (j) review test results and provide analysis and input to support design and configuration standards for architectural purposes; and (k) update documentation, using document management tools that are compatible with the current Microsoft Office Suite, as architectural designs change and decisions are approved; Information Security Management (ISM) (a) where Customer’s Information Security Policy do not presently exist or are lacking, proposing new standards based on industry best practices to Customer, for review, acknowledgment and approval by Customer; (b) review and provide initial implementation plans within 30 calendar days after the review is complete; (c) implement changes within a timeframe mutually agreed after review and agreement on the implementation plan; (d) assist in the development of action plans following Data Security Incidents within Customer’s Environments and implementing new controls approved by Customer and in the timeline defined by Customer; (e) maintain security documentation related to Customer's enterprise security architecture and making documentation is available on-line to Customer; and (f) participate in Change Management processes to review Changes to the Equipment, Software and Networks that potentially have security or operational ramifications and modify the Change to remove or reduce the security or operational ramifications. Information Security Management System (ISMS) (a) establish processes and access to use the ISMS and security related repositories provided by Client in order to use, update and maintain relevant security policies, standards, guidelines and tools to support Client in achieving its information security objectives; (b) develop and implement standards, objectives, processes and procedures to maintain compliance within the scope of the Services, which support Client's Information Security Policies; (c) update the ISMS in a timely manner based on Changes to the technical Environment; and (d) assist Client to audit the ISMS contents to ensure the correctness of the data contained therein.