Specialist, IT Security

Position:

Specialist, IT Security

Reports to:

Vice President, Enterprise Technology and Transformation

Position Term:

Full Time Permanent

Primary Location:

Mississauga, Ontario, Canada

Workplace Type:

Hybrid

Job Purpose

Reporting to the Vice President, Enterprise Technology and Transformation, the Specialist, IT Security will oversee the planning, execution, and management of multi-faceted projects related to IT compliance, control assurance, risk management, security, and infrastructure/ information asset protection.

The Specialist, IT Security will be responsible for developing and managing enterprise IT security across multiple IT functional areas (e.g., data, systems, network and/or Web), developing and managing enterprise security services, and developing security solutions for critical and/or highly complex assignments to ensure the company’s infrastructure and information assets are protected.

Responsibilities

Strategies, Policies and Risk Management

• Plan, execute, and manage IT projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness
• Develop and drive security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization
• Develop, execute and manage data, system, network and internet security strategies and solutions across the enterprise
• Define and develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines
• Guide the enforcement of IT security policies and procedures
• Manage and enforce Identity and Access Management (IAM) and Privilege Access Management (PAM) policies, including multi-factor authentication (MFA)
• Update, maintain and document security controls and provide direct support to the business and internal IT groups
• Evaluate and recommend security products, services and/or procedures
• Communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues

Analysis & Response

• Work with and provide guidance to technical teams, as they perform infrastructure, application and code scans as well as Penetration Tests (PEN) tests in order to uncover vulnerabilities within the WVC IT systems topology
• Analyze vulnerabilities found through Vulnerability (VA) scans and PEN tests and propose remediation strategies
• Influence delivery teams to align to the WVC security directives and provide guidance and strategies to integrate into the delivery lifecycle
• Manage data security profiles on all platforms by reviewing security violation reports and investigating security issues and exceptions
• Administer and optimize security tools, including SIEM, endpoint protection (EDR/XDR), firewall/VPN technologies, and intrusion detection/prevention systems (IDS/IPS)
• Document all IT security incidents and assess their actual or potential damage to WVC
• Liaise between WVI Security group and WVC with respect to IT security policy, process, procedures, training and communication
• If any security incidents should occur, work with the Infrastructure Operations/DevOps team to document the “lessons learned” and manage the implementation of improvements to existing processes/procedures/best practices or the creation of new processes/procedures/best practices if they do not already exist
• Ensure the Chief, Information Officer & VP, Enterprise Technology & Transformation are provided with weekly/monthly/quarterly and annual security reports

Cyber Security Solutions Delivery

• Develop and implement solutions to alleviate risks and enhance system security and support teams as a technical expert for the project, system or solution they are working on
• Implement network, server, website, application, and Data/Information security improvements for cloud, hosted, and on/off premise solutions, by assessing current situation; evaluating trends; anticipating requirements and making recommendations
• Ensure site and data security and provide consultation on security issues staying abreast of potential Internet security threats
• Upgrade systems by implementing and maintaining security controls at all layers (server, network, application, and data/information)
• Assist in security investigations where required
• Assist in the development of secure architecture, designs, and provides training on security solutions
• Support agile and project teams as a subject matter expert
• Assess and develop mitigation measures to ensure that appropriate mitigation is applied.
• Play a critical, collaborative role in setting the strategy and goals for delivery teams, with a focus on project impact, product quality, and design efficiency

Systems Solutions Delivery

• Provide input to initiative/project security vulnerability and business requirements and ensure that the deliverables produced by the development effort conform to the business requirements.
• Consult on design/development deliverables, including interface specifications, integration requirements, as well as implementation and release/launch strategies and plans.
• Contribute to the project planning and administration - assists in developing the project charter documentation, including helping with the high-level plan, the feasibility analysis, and in developing the business case.

Prevention

• Review the results of internal PEN tests and define mitigation/remediation strategies
• Review the results of VA scans and define mitigation/remediation strategies
• Evaluate and sign-off on initiative/projects' pre-release security scans, architecture and code reviews.
• Assess the latest internal and external security bulletins and propose a plan to remediate any threats that are applicable to the WVC IT ecosystem.

Leadership and Training

• Stay current on IT security trends, news and standards.
• Ensure that applicable security awareness and compliance training programs are implemented and provide communication and training as needed
• Provide security briefings to advise on critical issues that may affect client.
• Conduct knowledge transfer training sessions to operations/DevOps team upon technology implementation
• Assist in the creation and presentation of training materials, both online and in person, to improve Enterprise Technology & Transformation staff’s understanding of security policies and procedures
• Lead training sessions with IT Systems staff and contractors to convey how WVC security policies affects their programs/projects/initiatives

Qualifications

• BSc. in Computer Science, Information Systems or other related field, or equivalent work experience.
• Minimum of 5 years of progressive experience in IT with at least 3 years focused specifically on security engineering / operations, and/or incident response.
• Demonstrated experience with:

- Cloud security principles and controls (Azure/GCP).

- Network security fundamentals (TCP/IP, firewalls, VPNs, IDS/IPS).

- Managing enterprise-level security technologies (SIEM, EDR, MDM).

- Vulnerability scanning tools (e.g., Darktrace, Nessus, Qualys)

• Strong technical, analytical, communication and consulting skills with knowledge of IT Security and related technologies.
• Knowledge of specific regulatory frameworks relevant to non-profits (e.g., handling PII, PCI-DSS compliance)
• Security certifications such as;

- Certified Information Systems Security Professional (CISSP),

- Certified in Risk and Information Systems Control (CRISC),

- Certified Information Security Manager (CISM),

- Certified Ethical Hacker (CEH)

• Global Information Assurance Certification (GIAC) and/or other certifications) may be required.
• In-depth knowledge of security issues, techniques and implications across all existing computer platforms

Why Consider Us?

Our competitive compensation & benefits include:

• Health Spending Account
• Up to 6% matched pension contributions
• Parental leave top-up
• Generous paid vacation, sick days, wellness and personal days
• Office closed extra days before long weekends (6x/year)
• World Vision Canada has consistently been awarded Canada and GTA top employer awards.
• We are Canada’s largest development, relief, and advocacy non-profit organization.

#LI-Hybrid

Job Family

IT

Job Function

Individual Contributor

Pay Type

Salary

Employment Indicator

Fully Remote