The role of the Information Security Officer aims to cover issues relating to the security of information and information systems across the Company. The job holder will have to centralize and manage IS security risks, in conjunction with business leaders, define and implement the strategy for improving IS security, ensure the operational monitoring of IS security and the processing of alerts, incidents and crises.
More specifically, the job holder will be responsible for the development, implementation, maintenance and monitoring of the necessary organizational and technological protection measures. He/she must develop a comprehensive understanding of the Company's security level and of the risks arising from the development and integration of information systems into the Company's operations.
- Acts as technical subject matter expert (SME) for cybersecurity topics
- Defines, designs and supervises the implementation of the information security framework procedures, throughout the Company
- Participates in the design and development of new projects and information systems by setting, and implementing where necessary, the security controls
- Controls the level of compliance within the Company's information security framework and assists in the investigation of incidents related to improper use of information systems
- Aids in the refinement of the business continuity strategy and ensures the existence of business continuity plans and disaster recovery plans
- Performs periodic risk assessments and controls in relation to Information Security, identifies and proposes the acceptable level of risk
- Define and implement an annual awareness plan for employees in cybersecurity
What you’ll need to have:
- A Bachelor’s degree in Computer Science, Information Systems or an advanced degree in a related field is required.
- At least 5 years’ experience in a corresponding position / role
- A relevant certification (CISSP, CISM, CISA) will be considered an asset
- Excellent technical skills (application and operating system hardening, vulnerability assessment, intrusion detection systems, firewalls, etc.)
- Proven project management capacity
- Strong interpersonal and oral communication skills.
- Experience with business continuity planning, auditing, and risk assessment
- Good knowledge of applicable practices and laws relating to data privacy and protection
- Proficient English level, knowledge of French will be considered an asset