Richardson Executive Search
Corporate Information Security Officer Lacombe, AB
Our client AFSC is looking for a Corporate Information Security Officer (CISO) to provide council and support for security requirements as part of all IT projects. This role in IT risk management will ensure awareness and adherence to proactive risk management practices in place across the enterprise. This management position requires someone who thoroughly understands Corporate Information Security and can communicate best practices and initiatives throughout the company. As the Senior Security Advisor to the Executive Management team, you will oversee the evaluation of products and procedures while providing direct support to the business and IT staff for security-related issues. A consultative approach is needed to educate the business and IT teams about security polices and issues. As the CISO you will also be required to act as a liaison with the internal and external auditors.
Agriculture Financial Services Corporation (AFSC) is a unique financial services organization that provides producers, agribusinesses and other small businesses loans, crop insurance, and farm income disaster assistance. AFSC has grown into a diverse corporation with several core business areas including crop insurance, livestock price insurance, farm loans, commercial loans, and farm income disaster assistance. AFSC strives to provide leading, innovative, client-focused financial and risk management solutions to grow agriculture in Alberta.
Duties and Responsibilities
The Corporate Information Security Officer establishes and manages the development of technology and information security standards, best practices, and systems to ensure information system security across the enterprise.
- Strategy and Policy: Establishes appropriate IT security policies, standards, and best practices. Serves as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, and standards and processes. Assists in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)
- Security Operations: Real-time analysis of immediate threats, and triage when something goes wrong
- Cyber Risk and Threat Intelligence: Keeping abreast of developing security threats and helping the board understand potential security problems that might arise from acquisitions or other big business moves
- Data Loss and Fraud Prevention: Making sure internal staff doesn’t misuse or steal data
- Security Architecture: Planning, buying, and rolling out security hardware and software and making sure IT and network infrastructure is designed with best security practices in mind
- Identity and Access Management: Ensuring that only authorized people have access to restricted data and systems
- Security Program Management: Keeping ahead of security needs by implementing programs or projects that mitigate risks — regular system patches, for instance
- Investigations and Forensics: Determining what went wrong in a breach, dealing with those responsible if they’re internal, and planning to avoid repeats of the same crisis
- Governance: Making sure all the above initiatives run smoothly and get the funding they need — and that corporate leadership understands their importance
- Process and Procedure: Makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures.
- Information and Security: Create and facilitate the information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings. Communicates security risks and solutions to business, IT staff and management as needed.
- Security Awareness: Able to communicate security-related concepts and principles to a broad range of technical and non-technical staff.
- BCP and DRP: Develop and/or contributes to effective business continuance and disaster recovery policies, standards and framework; coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a declared
- University degree in Computing Sciences or a Computer Systems Technology diploma from a recognized technical institute or equivalent specialized work experience.
- Min. 10 years’ experience in networks, server administration, and/or enterprise systems design, with 5 specifically focused on security disciplines
- Security designation preferred, or the ability to work toward receiving the CISSP or one of the SANS. Certifications specifically related to areas of expertise are highly desirable as is knowledge of security and control frameworks, such as ISO 17799, CobiT, COSO and ITIL
- Experience in the implementation of a SIEM is desirable and a strong preference for previous experience in the financial services industry
- Security devices and appliances
- Complex problem solving and resolution skill sets
- Expert level knowledge in risk management: threat analysis, assessment, mitigation, remediation
- Excellent communication skills and problem solving skills
- Must be able to provide direction and leadership in all security related matters
- Able to manage complex, technical projects
- Analytical thinker and problem solver
- Self-motivated, goal oriented, and proactive, with a strong focus on results
- Takes responsibility and accountability for all work components
- Ability to multitask in a demanding environment
- Ability to influence other teams inside and outside of Information Technology to ensure security goals are met and any potential conflicts are resolved in an effective manner
- Formal training in security management concepts and principles
- Strong leadership skills
- Enjoys working in a fast-paced, challenging environment• Takes ownership of their work
- Passionate about security concepts/principles and have the ability to “sell” security
- Demonstrated ability to develop relationships outside of the business unit
- Establishes relationships with other internal departments and external agencies and nurtures the relationships
- Responsive to stakeholders, sponsors, Senior Management and customers of the department
- Understand and embrace the concept of being a business enabler for the organization
- Demonstrated ability to understand and articulate security requirements as they pertain to business objectives
- Manager level competitive salary with comprehensive benefits (including health, dental, optical).
- A safe working environment.
- Participation in a defined benefit pension plan.
- A health spending account.
Working with AFSC you will enjoy: opportunities for advancement, staff recognition programs, flexible working arrangements, an earned time off program, training and professional development opportunities.
This opportunity provides a competitive compensation package. Interested applicants should submit a cover letter and resume to: Joleen.firstname.lastname@example.org We thank all applicants for their interest however only qualified candidates will be contacted for an interview.