- Lead and ensure the delivery of an effective corporate-wide information and cyber security program for the organization.
- On behalf of the organization and the entire IT team, develop and manage the frameworks, processes, tools and consultancy necessary to properly manage IT risk and make risk-based decisions related to IT activities.
- Develop strategies, goals and priorities relating to information protection and cyber security operations across the organization, ensuring alignment with divisional and corporate direction.
- Works independently with third-party resources to research, design, implement and provide ongoing management of tools and technologies in support of enhancing overall security program.
- Develop, implement, maintain/manage and oversee ongoing enforcement of policies, procedures, standards, guidelines, controls and trainings for ongoing system security administration, risk mitigation, user awareness and system access based on industry-standard best practices.
- Leads the delivery of the Information Security Program, including Security Vulnerability Management, Incident Response, Threat Management and Monitoring, Risk Reporting, Privacy, Data Security and Security program initiatives.
- Direct, maintain and improve security processes, security playbooks, documentation, practices and measures as a lead of the security team.
- Perform ad-hoc and scheduled internal security compliance checks, reviews, and audits of IT systems to ensure alignment with established operating procedures, standards and guidelines.
- Maintain up-to-date baselines for the secure configuration and operations of all organizational-owned hardware and software assets.
- Maintain operational configurations of all in-place security solutions as per established baselines.
- Monitor all in-place IT security solutions for efficient and appropriate operations, apply configurations, hotfixes and updates as required.
- Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with applicable organizational risk frameworks, legislation and/or industry best practices.
- Lead the implementation of proof of concept toolsets to improve cyber security response and overall posture of the organization.
- Lead the management, deployment, integration and configuration of all new security solutions and enhancements to existing IT security solutions in accordance with standard best practice procedures.
- Provide recommendations, guidance and security/risk evaluation of all net new technology acquisitions within the organization.
- Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, best practices, improved processes, and the development of new attacks and threat vectors.
- Post-secondary degree or diploma in Information Technology, Cyber Security, Computer Science or Engineering or related degree is required; Master’s Degree is preferred.
- Minimum of five (5) years of broad and progressive information security experience in an enterprise environment.
- Certified Information Systems Security Professional (CISSP) is required.
- Experience with cyber security risk, compliance, and policy development is required.
- Certifications in one or more of the following additional areas Certified Information Systems Auditor (CISA), and/or SANS GIAC Security Essentials (GSEC), and/or Qualified Security Assessor (PCI-QSA or AQSA (Associate)) is an asset.
- Demonstrated knowledge of IT process, control and risk frameworks; specifically, ITIL, COBIT, CIS CSC, NIST, SOC Type 2 and PCI DSS.
- Demonstrated experience with conducting and leading enterprise-wide security assessments, investigations and audits; designing and implementing security controls as necessary to protect information assets and lower organizational risk.
- Advanced knowledge of DNS, DHCP, network topologies and types (WAN, SD-WAN, LAN, WLAN, VLAN, VPNs) as well as the application of secure network design.
- Strong understanding of network firewall auditing and policy design, load balancers, SIEM, SOAR, EDR/XDR, IDPS infrastructures and technologies as well as patch/vulnerability toolsets and processes.
- Advanced knowledge of security auditing and best practice implementation for Active Directory, Azure AD, Office 365, SQL, Exchange, WSUS, IIS, etc.
$103,989 - $129,986 (based on a 35-hour work week)
Please apply by providing your resume and cover letter on the Town of Milton’s Careers Page careers.milton.ca/job/search. This role will be posted until it is filled.