Reporting to the Director, Corporate IT, the Manager, IT Security, Risk and Compliance is responsible for all aspects of the) IT Security Program including ensuring that security controls for applications, infrastructure, networking and the cloud meet the organization’s needs, and that the appropriate IT security policies and procedures are in place and operating effectively.
Position: IT Security Manager - Contract
Position: IT Security Manager - Contract
Location: Vancouver
About Compugen
Compugen is one of Canada's largest privately-owned Information Technology (IT) Solution Providers. We help customers design, acquire, integrate and operate technology. Our mission is to help organizations realize new possibilities. Every day, our dedicated staff across North America focus on providing extraordinary customer service and support experiences to private and public sector organizations. We combine breadth of skill, depth of expertise, and commitment to operational excellence at scale to deliver exceptional, customer-focused experiences.
If you are driven to make a difference, relentlessly curious and collaborative at the core, we’d love to talk to you. Join us and help us make a difference.
Compugen is seeking a IT Security Manager for an initial 3 month hybrid contract. Candidates must reside within Metro Vancouver.
Responsibilities
- Develop, maintain, and advance the long-term IT Security framework to continuously improve security posture and risk mitigation
-
Develop, amend, and drive acceptance of IT Security policies, processes, procedures, and standards and propagate a general security awareness throughout the company
-
Develop and maintain the security awareness training programs for;
- onboarding new employees and contractors
-
existing employees and contractors
-
quarterly KnowBe4 phishing campaigns
- Initiate and foster internal relationships with stakeholder teams such as Risk Management, Privacy,
- Collaborate with various business units and the Manager, IT Infrastructure and Manager, Technology Support Services, to ensure security of systems and applications
-
Maintain and test appropriate IT security and controls to ensure the confidentiality, integrity, and availability of information assets
-
Ensure that IT solutions and processes comply with security (and corporate) policies, recommend changes when needed and perform auditing as required Manager, IT Security, Risk and Compliance March 2024
-
Perform IT Security due diligence, including Security Assessments and Privacy Impact Assessments, on all new corporate software, SaaS, and infrastructure acquisitions
-
Conduct regular network and application scanning activities including periodic penetration tests
-
Plan, coordinate, monitor and manage the work of all assigned team members including performance, career development and attendance management
Qualifications:
Education and Experience
- Bachelor’s degree in Computer Science, Engineering or Information Systems Management or equivalent experience
-
8 – 10 years of progressive experience in an information security role plus a strong background or working knowledge (8 – 10 years) of IT Infrastructure operations
-
A certification in one or more of the following is desirable:
- Certified Information Systems Security Professional (CISSP)
-
Certified Cloud Security Professional (CCSP)
-
Certified Information Systems Auditor (CISA)
-
Certified Information Security Manager (CISM)
-
Cybersecurity Practitioner Certification (CSX-P)
-
ISO 27001 Lead-Audit Knowledge
Skills
- Advanced working experience in the following areas: incident response, system, application and network security, vulnerability management, threat modelling, penetration testing, web and network protocols, encryption technologies, security monitoring and cloud security
-
Strong knowledge of internet, LAN and WAN technologies, cloud computing, virtualization technologies, SaaS, Infrastructure as a Service, network devices, firewalls, and Intrusion Prevention
-
Experienced with using enterprise class incident management tools, trouble ticket systems, asset tracking and asset management systems, centralized deployment tools for software and patches, file integrity monitoring, log monitoring, system availability monitoring and alerting tools
-
Practical and operational experience with cyber security services and tools (Rapid7, CloudFlare, Imperva, AWS Security Services, Azure Security Services, etc.)
-
Working knowledge and hardening skills on Cloud technologies including AWS and Azure Manager, IT Security, Risk and Compliance March 2024
-
High level of technical understanding and competence with the ability to quickly analyze situation and dive in to lead and coordinate troubleshooting and problem solving activities insuring proper follow up for post-incident analysis, root cause analysis as well as planning and implementing permanent fixes
-
Knowledge and experience working with various information security frameworks (ISO/IEC 27001, NIST 800-53, COBIT5, etc.) and regulatory frameworks (FIPPA, PIPEDA, SOX, PCI-DSS 3.2, HIPAA, GDPR, etc.)
-
Ability to think strategically and to anticipate and plan changes and upgrades for future organizational and business needs
#LI-PP1
#ITR
Consistent with our commitments to equity and diversity, we actively recruit women, visible minorities, aboriginal people and persons with disabilities. We also provide employment accommodation upon request to current employees and to applicants during the recruitment process. We comply with human rights codes in all jurisdictions where we operate and aim to provide a work environment where excellence is allowed to flourish and diversity is prized. Compugen is committed to providing accommodation throughout the interview and employment process. If you require an accommodation, the hiring manager and the human resources contact will work with you to meet your needs.