Title: Lead Information Security Specialist
Location: Montreal, Quebec
Type: 6 Month contract to Hire
Rate: negotiable/hr corp plus expenses
My direct client, an international automotive parts manufacturing/Distribution company is ready to hire a Lead Information Security Professional in their Montreal location. The right person for this exciting opportunity will be responsible for managing all aspects of the corporate Cyber Security Program and will serve as the primary point of contact within the organization for all security related items and issues. Also will be responsible for researching, testing, training and implementing the Enterprise Security Policies to safeguard critical information from any possible breaches.
- Implement designated security controls on critical items (applications, assets, and data) in accordance with Corporate Security Policies and Standards.
- Monitor, maintain, and report compliance with Company Enterprise Security Policies.
- Ensure that all security risks and findings (e.g., vulnerability scanning, penetration testing, risk assessments, etc.) are remediated in accordance with the established Security Policies and Standards.
- Ensure that software patches are installed in accordance with the established Security Policies and Standards.
- Establish holistic Incident Management process, including notification protocols to Enterprise Security.
- Create Incident Response run books and conduct training exercises in accordance with Security Polices and Standards.
- Establish holistic Risk Management process and ensure alignment with Security Policies and Standards.
- Ensure Regulatory Compliance (e.g. PCI and GDPR) as appropriate and provide regular updates and status
- Provide timely reporting (Monthly and Quarterly) to (President and CIO) as prescribed by corporate Enterprise Security.
- Ensure security requirements are embedded in processes including but not limited to change management, configuration management, software development life cycle, and asset management.
- Provide ongoing security awareness training to all employees.
- Identification and protection of critical business processes, applications, data, and assets
- Work with the Director of Global Cyber Defense to ensure that projects, applications, and infrastructure are reviewed and in compliance with corporate Security Engineering & Architecture standards.
- Work with the CISO and Enterprise Security Directors to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
- Bachelor's degree required, preferably in Computer Science or Information Technology or equivalent experience
- A minimum of 15 year of IT experience, minimum 8 years of which need to be in an information security role.
- A minimum of 5 years in a supervisory capacity, preferably in security operations.
- Experience with Global Security Organizations is desired
- A CISSP, CISA, CISM or equivalent certification is required
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST-800 series and the IT Infrastructure Library (ITIL).
- Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.