- Winnipeg
Manager – Information Security
WHO ARE WE?
ICG’s solutions are rooted in understanding our business lines and technologies and collaborating with our business teams to deliver high-quality, reliable enterprise-grade solutions for top Global brands such as X, Microsoft, and Bausch & Lomb. We deliver in a fast-paced, ever-changing and innovative environment underpinned by sound cost management while maintaining a high level of security practices for PCI and ISO compliancy.
Our teams are responsible for the secure delivery and execution of all client programs & projects. ICG aims to act as a trusted partner and strives to deepen client relationships based on trust, security, integrity, commitment, accountability and delivery. This team lives on the cutting edge with solutions which drive strategic and long-term value to our customers.
WHO ARE WE LOOKING FOR?
Reporting to the COO/CIO, in this leadership role at ICG, you’ll oversee and manage the Information Security team to ensure internal and customer-driven security initiatives are delivered on specification, and in compliance with our internal policies and procedures, and industry standards. This role interacts collaboratively with many if not all levels of the organization to gain a holistic view of challenges and opportunities to address not only immediate issues but also focus on ensuring secure solutions that our clients will love.
You will be leading and mentoring the InfoSec team including several Information Security Analysts. You will work closely with several cross-functional teams such as Sales, Marketing, Legal, IT, Delivery, Engineering, Data Services, and Finance to create solid credit card and information security for our entire organization.
IS THIS ROLE RIGHT FOR YOU?
In this in-office role, you are willing to lead in a collaborative fashion, direct and drive a secure but customer-focused culture throughout the entire Infosec team, and establish Information Security policies and ensure policies are followed.
Key Tasks:
- Collaboration with various team leads such as IT, Engineering, Legal and Talent Management, to achieve corporate and compliance goals.
- Establishing security roadmaps and risk management strategies across our organization.
- Working with key client security onboarding questionnaires and processes in order to certify ICG as a key partner.
- Establishing and evaluating the security profile of our service partners.
- Growing and maintaining our GRC program
- Working with tools such as JIRA and GRC portals will be a daily occurrence
- Managing all aspects of security incident management by guiding a team of mobilization, process, and monitoring SMEs – setting up program governance framework, processes, escalation management, root cause analysis and security incident response dashboard/report
- Ensure security resources are assigned to initiatives/requirements as needed.
- Understanding and working in a DevOps environment
- Be the Lead on security incidents and key contact
- Lead, mentor, and guide a team of four (or more) infosec team members, while guiding its growth through interviews and hiring processes.
- Implement security technology solutions and portals to manage our evolving security needs, including managing penetration and vulnerability scans, and associated programs and checks;
Overall, here’s what our successful candidate should possess:
- Strong English communication (verbal/written/presentation) skills with both business and technical stakeholders.
- Experience in establishing and managing a security framework by establishing policies, and executing the policies in a PCI And ISO environment, while working in a complex, fast-paced and dynamic environment
- Hands-on experience with ITIL
- Experience in a Governance Risk Compliance (GRC) environment with hands-on expertise
- Experience in security aspects of vendor (partner) management
- Experience in a hands-on approach on various aspects of ISO 27001 and their security components
- Familiarity with security practices
- Experience and expertise using relevant and recent security technologies/tools
- Experience securing production software systems (live processing systems)
- Experience securing IT Office systems
- Excellent attention to detail and documentation
Experience Requirements;
- 2+ years of progressively responsible information security leadership roles in which you have managed security projects and programs that have IT, business, and operational components;
- 2+ years of people leadership in roles in which you build engagement, alignment, and a trusting and positive learning environment.
- 5+ years of hands-on experience with security tools, programs, frameworks and implementation, and monitoring of such programs.
- Completion of a post-secondary education in a business or technology-related field.
- Possess ITIL certification
- Possess ISO-related certifications which are current
- Possess security-related credentials such as ISACA which are current
- Within 6 months attain ISO 27001 Lead Auditor Certification or updated to be within the last 24 months.
- ICG may require further certifications to be achieved
Can you demonstrate experience proving;
- Ability to work under tight timelines and competing priorities.
- Critical thinking & thought leadership on project and/or program management.
- Successful track record in utilizing your influencing & interpersonal skills to drive change and ability to drive project completion
Great assets to have would be;
- Working knowledge of ISO 27701 or GDPR
- Have a good understanding of DevOps
- Have a good understanding of using tools such as JIRA.
- A “just get it done” attitude in solving issues beyond simply providing suggestions or assuming someone else will do it.