Information Security Advisor Full-time Job

As an Information Security Advisor, you will be responsible for supporting the strategic and tactical initiatives of the Information Security Incident Response Team. You will identify, contain, mitigate and record the lifecycle of an incident, and identify the vulnerabilities exposed and/or exploited as well as the security risks to computer systems, networks and data.  You will also work closely within the corporation to resolve any cyber incidents and help promote an information security and risk-aware culture following the Enterprise Security Risk Management (ESRM) approach. Primary duties include:

• Provide leadership during information incident handling and analysis.
• Develop and maintain incident response standards, playbooks, processes and procedures as well as other documentation to assist in security investigations, exercises, and tests.
• Provide training and awareness of information security incident response plans and processes across the corporation.
• Perform forensic activities, eDiscovery and data collection activities in support of investigations.
• Provide recommendations and training to data owners to manage access to information under their ownership ensuring they are applying appropriate security controls to that information.
• Lead in the collection and analysis of relevant data associated with Freedom of Information and Protection of Privacy (FOIP), legal discovery requests and sanctioned Corporate Security Investigations.
• Maintain awareness of current cyber security tools, threats, and techniques to advise Business Units appropriately.
• Assist in Incident Response metrics, performance, and reports.

• A completed 2 year Technology Diploma and at least 8 years of Information Security experience, OR
• A degree in Information Technology, Computer Science or related discipline and at least 4 years of Information Security or related experience.
• Equivalent combinations of experience and education may be considered.
• A recognized Security certification (for example: Certified Information Systems Security Professional) is preferred.
• Knowledge of security operations and incident response, including the ability to identify, investigate and respond to security incidents.
• An understanding of electronic data investigation, forensic tools, methodologies and best practices.
• Security incident response experience including forensic and root cause analysis, as well as experience performing security/threat reviews of network environments will be considered an asset.
• Knowledge of common cybersecurity frameworks such as NIST Cybersecurity Framework and the ability to use these to guide security efforts will be an asset.
• Familiarity with Roles Based Access (for example: Varonis) will be an asset.
• Knowledge of relevant laws, regulations and industry standards and the ability to ensure compliance will be an asset.
• Previous project management experience will also be considered an asset.
• You have well-developed communication skills, good organization and planning skills, are highly motivated with the ability to self-start, prioritize, multitask and work in a team setting.