Senior Manager Security Compliance

Senior Manager Security Compliance

Senior Manager Security Compliance
Job ID: 670550 Category: Compliance and Security
Status: Posted Date: 17-Jan-2012
Location: Mississauga, Ontario, Canada


Send this job to a friend!






SENIOR MANAGER SECURITY COMPLIANCE

The Senior Manager of Security Compliance will partner with peers in other departments to evangelize and implement security and overall compliance initiatives. The Senior Manager will also support the overall Enterprise Risk management program by ensuring that security and compliance risks are mitigated to an acceptable level and is responsible for protecting data from compromise. Working within the policies and guidelines established by Minacs, the Senior Manager would be responsible for analyzing, developing, implementing and enforcement of security, privacy and data protection requirements, policies and corporate technical guidelines. The Senior Manager will work with cross functional groups to ensure compliance with client requirements as part of Business operational execution across multiple sites and lines of businesses.

In addition, the Senior Manager will provide leadership within the department in coordinating, developing & communicating recovery environment requirements and contingency plans associated with Minacs' Business Units to protect the business in the event that facilities or technology resources are unavailable due to an unforeseen disruption. The Senior Manager is responsible for coordinating the teams responsible for the planning and implementation of the Business Unit contingency plans to provide for manual/off-line procedure development designed to mitigate firm risk associated with the complete or partial failure of facilities, technology systems or applications related to an unforeseen disruption.

SPECIFIC RESPONSIBILITIES

* Manage and lead a high performance team of Information Security Professionals by providing technical leadership
* Initiates, facilitates and promote activities to increase the level of information protection awareness within the company
* Sponsor security related projects and implements process and methods to raise the maturity of Security governance and execution within the company while improving the ecurity of information assets
* Provide ongoing evaluation of security measures, reporting findings to security management, identifying any vulnerabilities and make recommendations to reduce exposure.
* Ensure systems and client programs are designed in accordance with data protection policies and guidelines
* Investigate and manage security related incidents and Conduct Threat Risk Assessments
* Manage and participates in the design, planning and implementation of security for all IT and business projects
* Act as Minacs' representative for all security and/or Business Continuity audits, reviews, certifications or inquiries with internal and external clients.
* Act as the Liaison between the Compliance team, Operations team and clients to ensure compliance with client needs.
* Monitor information system activities for security events and record such events
* Oversee security auditing and compliance audit in support of overall corporate compliance needs
* Lead system owners through the management, process and mitigation of vulnerabilities including implementing system-hardening guidelines
* Assume coordinating responsibility for Business Continuity planning efforts, with a major focus on assuring adequacy of the contingency plans for critical business functions and applications, including developing and maintaining new and existing plans.
* Maintain documentation on information protection practices, policies and procedures.
* Facilitate implementation of data protection technologies
* Ensure functionality and maintenance of physical security controls, redundant power and environment detection systems.
* Review new business opportunities to ensure proper privacy/security/business continuity requirements are appropriate, and adequately captured.
* Review and approve change control requests.
* Ensure compliance with all state and federal telemarketing compliance laws.
* Other duties as assigned by the Chief Security & Privacy ENTIAL QUALIFICATIONS

* Familiarity with telemarketing laws, privacy regulations, and standards such as PIPEDA, HIPAA, GLBA, FTC DNC
* Broad understanding of security technology.
* Ability to perform vulnerability identification, assessment and mitigation in heterogeneous environments.
* Ability to perform periodic internal audits to ensure compliance with Security policy and guidelines
* Experience in dealing with a wide range of technical and non-technical personnel and issues.
* Have familiarity with vulnerability assessment and security auditing tools. security administration tools, security scanning tools, web application technologies, technical security implementations (Router ACLs & Firewall Rules definition), multi-platform access controls, cryptography, digital certificate creation/administration, physical security controls and administration.
* Ability to instruct employees in security awareness and practices.
* Ability to relate business requirements and risks to technology implementation for security related issues.
* Working knowledge of MS Windows, and UNIX operating system controls and platforms
* Knowledgeable of network operations, controls and components.
* In depth knowledge of business continuity & disaster recovery concepts, controls and processes.
* Ability to manage several active security/compliance projects simultaneously
* Advanced knowledge of information protection & compliance technologies such as Tripwire, Mcafee
* Enterprise Policy Orchestrator, Host/Network Intrusion Technologies, Firewalls and Access Control Lists

Education/Knowledge:
* Bachelor's or Master’s degree in Computer Science, Information Systems, Information Management, Information Security or a related field, or equivalent combination of education and relevant work experience is acceptable
* CISSP, CISA or equivalent certification preferred

Experience / Skill:
* Ten or more years of recent and relevant experience in the Information Systems, information protection and management area, 3 to 5 year managerial experience

Minacs is an Equal Opportunity, Affirmative Action Employer
We thank all applicants however, only those under consideration will be notified.