Division Manager, IT Security

The Opportunity & Role Overview:

Reporting to the Senior Director IT Service & Operations, the Division Manager, IT Security performs two core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions through management of the organization’s security analysts. The second is establishing an enterprise security stance through policy, architecture, and training processes. Secondary tasks will include the selection of appropriate security solutions, oversight security audits and assessments, and remediation of any findings.

The Division Manager, IT Security is expected to collaborate with peers within the Business Information Technology department and leaders of McElhanney’s branches to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing, awareness, and co-operation.

The successful candidate is located in Vancouver, BC or Calgary, AB. 

Application Deadline: January 31, 2025, by 8:59pm PT

Key Responsibilities:

• Develop and Implement Security Policies: Create, enforce, and update comprehensive security policies and procedures to protect the organization's information assets.
• Risk Assessment and Management: Conduct regular risk assessments to identify vulnerabilities and recommend mitigation strategies. Lead efforts to reduce risk exposure and manage incident response plans.
• Compliance and Audit: Ensure compliance with relevant regulations and standards such as GDPR, CIS, ISO 27001, and ISO 27701. Prepare for and manage internal and external security audits.
• Incident Response: Develop and oversee the execution of incident response plans. Coordinate the investigation and resolution of security breaches and implement measures to prevent future incidents.
• Security Awareness Training: Design and deliver training programs to educate employees on security best practices and ongoing threats.
• Leadership and Mentoring: Lead and mentor the cybersecurity team, fostering a culture of continuous learning and improvement. Provide guidance and support to junior staff members.
• Strategic Planning: Contribute to the strategic planning and budgeting process for cybersecurity initiatives. Align security strategies with business goals and objectives.
• Third-Party Risk Management: Evaluate and manage security risks associated with third-party vendors and partners. Ensure that they adhere to the organization’s security standards.
• Creation and management of Vulnerability Management program.
• Technology Evaluation: Stay updated with the latest cybersecurity technologies and trends. Evaluate and recommend new tools and technologies to enhance the organization's security posture.

Strategy & Planning

• • Create and maintain the enterprise’s security architecture design.
  • Create, and maintain the enterprise’s security awareness training program.
  • Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines, and procedures).
  • Responsible for security risk & threat assessments (STRA) associated with applications
  • Responsible for leading the development and management of roles-based access controls (RBAC) to effectively manage our identity and access to core enterprise solutions and infrastructure.
  • Develops and reports on appropriate security KPIs to support continuous improvements.

Acquisition & Deployment

• • Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
  • Research, evaluate, select, acquire, and implement additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes.
  • Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.

Operational Management

• • Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise endpoints, infrastructure, cloud, databases and other data repositories.
  • Ensure compliance of enterprise security policies, frameworks and access services.
  • Lead the development of incident management processes, policies and standard operating procedures (SOP) in relation to cybersecurity issues.  
  • Regular updates to the Risk Committee, Executive Committees and Board on security and risk-related activities, issues and practices.
  • Supervise all investigations into problematic activity and provide on-going communication with senior management.
  • Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
  • Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.
  • Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
  • Undertakes special projects or assignments as needed.
  • Provides after-hours support as needed.
  • Strong operational leadership skills to coach and mentor direct reports to develop highly effective teams.
  • Manage risks assessment related o 3^rd party and professional services especially cloud service providers to ensure compliance to service levels, quality of services and adherence leading security practices and risk management.

What You’ll Bring:

Formal Education & Certification

• College diploma or university degree in the field of computer science and/or 8 years equivalent work experience in cybersecurity, risk management or Information security. 
• Two or more of the following certifications:
  • (ISC)² CISSP
  • CISM (Certified Information Security Manager)
  • CISA (Certified Information System Auditor)
  • Microsoft Certified Systems Engineer: Security
  • GIAC Security Essentials Certification
  • GIAC Security Leadership Certification
  • (ISC)² SCCP
  • (ISC)² ISSAP
• Azure Security Certifications
                                    

Knowledge & Experience

• • Azure Extensive experience with Cloud Infrastructure and Cloud Security.
  • Extensive experience in enterprise security architecture design.
  • Experience in designing and delivering employee security awareness training.
  • Extensive experience in enterprise security document creation.
  • Experience in managing or supervising security professionals and vendors.
  • Extensive experience with managing security for Microsoft on-premises and cloud environments of medium or large enterprises.
  • Extensive technical knowledge of enterprise security management and monitoring solutions.
  • Working knowledge of security awareness and training solutions.
  • Extensive experience with vulnerability management systems, processes, and procedures.
  • Strong understanding of Microsoft systems administration, IP, TCP/IP, and other network administration protocols.

Personal Attributes

• • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Good written, oral, and interpersonal communication skills.
  • Ability to conduct research into IT security issues and products as required.
  • Excellent ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed.
  • Excellent attention to detail.
  • Team-oriented and skilled in working within a collaborative environment.

What Can We Offer You?  

• Extended health and dental coverage, healthcare spending account, and RRSP matching.
• Maternity and parental leave top-up.
• Employee & Family Assistance Program, which offers support in person, online or over the phone.
• A workplace culture that is characterized by respect and inclusion for all.
• Competitive salary, participation in our generous performance bonus plan, and opportunity to join an employee-owned firm with potential share ownership.
• Hybrid environment working from our downtown Vancouver office three days a week and up to two days remote.
  
  

Salary Range: $105,000-$150,000 per annum. McElhanney offers fair compensation that is commensurate with the individual’s education, experience, skills, and professional qualifications. The posted base salary range is representative of the required level of qualifications and experience for the position as noted in the job posting. The salary offered will be based on the experience and qualifications of the successful candidate. 

Application Deadline: January 31, 2025, by 8:59pm PT