This position reports to the Manager of IT Infrastructure to perform the following primary functions:
- Work with both IT and Business units to ensure that the companies IT Infrastructure complies with industry standards, such as the ISO 27002 framework
- Maintain, revise and implement IT Security Policies, Procedures, Standard and Guidelines
- Develop and deliver IT Security Awareness communication/training to staff on an on-going basis
- Conduct periodic and ad-hoc, internal and external, security vulnerability assessments. Provide risk assessment and mitigation to identified security gaps
- Provide advice and support to both IT and Business on IT Security-related initiatives, projects, activities, tasks and incidents
- Provide administration and management of Palo Alto Firewall, VPN appliances, and Cisco Wireless Controller
- Software patch level management
- Antivirus solution management
- Work with both IT and Business units to ensure that the companies infrastructure is adequately secured, in accordance with the ISO 27002 standard
- Ensure that the company conforms to government/industry requirements and best practices for IT security and obtain certification/qualification as needed and advised by IT Infrastructure Manager
- Develop, maintain and deliver formal IT Security Awareness communication/training to staff on an on-going basis
- Conduct information IT Security training and information sessions to staff, including lunch-and-learn sessions.
- Document, maintain, revise and implement Policies, Procedures, Standards and Guidelines relating to IT Security, in conjunction with both IT staff and Business staff
- Analyze and document the consistency and compliance to IT Security Policies, Procedures, Standards and Guidelines within the company.
- Conduct both periodic and ad-hoc internal security vulnerability assessments of the companies IT Infrastructure (network, servers, databases, applications, VoIP).
- Assess trends and patterns in assessment results. Prepare recommendations for proactive measure
- Analyze, summarize and present security assessments/audits/reports to Management. Prepare recommendations, proposals and status of IT Security efforts.
- Work with and provide support to technical staff on mitigation of identified vulnerabilities
- Manage Symantec Anti Virus Solution across the company
- Software patch management across company (servers, mobile devices, network devices)
- Evaluate and recommend products, services and technologies as they pertain to the current and future security requirements of the company.
- Management of Palo Alto Firewall, VPN appliances, and Cisco Wireless Controller
- Provide technical advice, support, training and assistance to technical staff on networks, servers, application and telephony.
- Work with management, technical staff (networks, servers, databases, applications, VoIP) and user groups to analyze and recommend practices that will enhance information security.
- In conjunction with IT Project Management Team, participate in IT Infrastructure projects to ensure that information security is considered in the earliest stages of projects
- Coordinate with management, technical staff, user groups and external vendors/agencies to ensure that Infrastructure project tasks are completed on time, on budget, with quality and to customer satisfaction
- Report and escalate project issues to IT Infrastructure Manager
- Participate in IT DRP testing offsite
- Work with external vendors, service providers and agencies on IT security-related services, hardware and/or software projects
- Develop, implement and administer IT Security measure in the companies Business Continuity Program/Disaster Recovery Plan
- Thorough understanding of IT Security principles and practices, with at least 2 years experience in the IT Security field. CISSP and CISA certification are mandatory.
- Sound knowledge of network design (CISCO, LAN, WAN)
- Strong analysis, design and project management skills.
- Undergraduate degree in Computer Science or related field. A post-secondary diploma combined with equivalent experience is acceptable.
Courses and/or certifications in IT Security, network administration, server administration is desirable