ACCOUNTABILITY:
This position reports to the Manager of IT Infrastructure to perform the following primary functions:

• Work with both IT and Business units to ensure that the companies IT Infrastructure complies with industry standards, such as the ISO 27002 framework
• Maintain, revise and implement IT Security Policies, Procedures, Standard and Guidelines
• Develop and deliver IT Security Awareness communication/training to staff on an on-going basis
• Conduct periodic and ad-hoc, internal and external, security vulnerability assessments. Provide risk assessment and mitigation to identified security gaps
• Provide advice and support to both IT and Business on IT Security-related initiatives, projects, activities, tasks and incidents
• Provide administration and management of Palo Alto Firewall, VPN appliances, and Cisco Wireless Controller
• Software patch level management
• Antivirus solution management

RESPONSIBILITIES:

• Work with both IT and Business units to ensure that the companies infrastructure is adequately secured, in accordance with the ISO 27002 standard
• Ensure that the company conforms to government/industry requirements and best practices for IT security and obtain certification/qualification as needed and advised by IT Infrastructure Manager
• Develop, maintain and deliver formal IT Security Awareness communication/training to staff on an on-going basis
• Conduct information IT Security training and information sessions to staff, including lunch-and-learn sessions.
• Document, maintain, revise and implement Policies, Procedures, Standards and Guidelines relating to IT Security, in conjunction with both IT staff and Business staff
• Analyze and document the consistency and compliance to IT Security Policies, Procedures, Standards and Guidelines within the company.
• Conduct both periodic and ad-hoc internal security vulnerability assessments of the companies IT Infrastructure (network, servers, databases, applications, VoIP).
• Assess trends and patterns in assessment results. Prepare recommendations for proactive measure
• Analyze, summarize and present security assessments/audits/reports to Management. Prepare recommendations, proposals and status of IT Security efforts.
• Work with and provide support to technical staff on mitigation of identified vulnerabilities
• Manage Symantec Anti Virus Solution across the company
• Software patch management across company (servers, mobile devices, network devices)
• Evaluate and recommend products, services and technologies as they pertain to the current and future security requirements of the company.
• Management of Palo Alto Firewall, VPN appliances, and Cisco Wireless Controller
• Provide technical advice, support, training and assistance to technical staff on networks, servers, application and telephony.
• Work with management, technical staff (networks, servers, databases, applications, VoIP) and user groups to analyze and recommend practices that will enhance information security.
• In conjunction with IT Project Management Team, participate in IT Infrastructure projects to ensure that information security is considered in the earliest stages of projects
• Coordinate with management, technical staff, user groups and external vendors/agencies to ensure that Infrastructure project tasks are completed on time, on budget, with quality and to customer satisfaction
• Report and escalate project issues to IT Infrastructure Manager
• Participate in IT DRP testing offsite
• Work with external vendors, service providers and agencies on IT security-related services, hardware and/or software projects
• Develop, implement and administer IT Security measure in the companies Business Continuity Program/Disaster Recovery Plan

REQUIREMENTS:

• Thorough understanding of IT Security principles and practices, with at least 2 years experience in the IT Security field. CISSP and CISA certification are mandatory.
• Sound knowledge of network design (CISCO, LAN, WAN)
• Strong analysis, design and project management skills.

EDUCATION:

• Undergraduate degree in Computer Science or related field. A post-secondary diploma combined with equivalent experience is acceptable.

Courses and/or certifications in IT Security, network administration, server administration is desirable