ICG’s solutions are rooted in understanding our business lines and technologies and collaborating with our business teams to deliver high quality, reliable, enterprise-grade solutions for top Global brands such as Twitter, Microsoft, and Bausch + Lomb. We deliver in a fast-paced, ever-changing, and innovative environment underpinned by sound cost management while maintaining a high level of security practices for PCI and ISO27001/27701/22301 compliances.
Our teams are responsible for the secure delivery and execution of all client programs & projects. ICG aims to act as a trusted partner and strives to deepen client relationships based on trust, security, integrity, commitment, accountability and delivery. This team lives on the cutting edge with solutions which drive strategic and long-term value to our customers.
More specifically, our Information Security (InfoSec) team is responsible for development, maintenance and evolution of our information security roadmap, as well as Infosec certifications such as PCI DSS and relevant ISO programs, validating the security of our service partners, and supporting our top client security onboarding and re-occurring reviews as a start. All while managing the full spectrum of internal information security and all our real-time production facilities.
Who are we looking for?
We are hiring an Information Security Analyst to work in our growing Governance and Compliance team.
Reporting to the Manager-Information Security you will evaluate and maintain procedures to safeguard internal and production information systems. Working with the Infosec Team, your responsibilities will include total involvement on ISO 27001, ISO 27701 and PCI DSS yearly compliancy, overall company IT and security policies, internal IT audits, Security programs and vulnerability assessments. You will report, investigate and resolve security incidents with our internal teams and also educate and communicate security requirements and procedures to all users and new employees. In addition, you should have competence in researching security trends, new methods and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of a system breach. Other responsibilities include ensuring compliance with our internal standards, client requirements, regulations and privacy laws and complete and manage InfoSec questionnaires across our company and clients. You will establish and maintain our Vendor and Supplier management ecosystem.
To do well in this role you should have a related degree or diploma in computer science or IT Security and experience in the information security field, process auditing, or other compliance related areas
- Work with the team to complete annual certifications in ISO 27001, ISO 27701 and PCI
DSS (payment card industry) by assistance and leading in evidence collections, reviews,
and quality control
- Investigate and maintain documentation of security breaches and other cyber security
- Setup and manage penetration testing with our chosen partners
- Develop company-wide best practices for IT security.
- Respond and complete Information Security questionnaires/onboarding for our top clients
- Develop and maintain IT and Security governance documentation, process and policies
- Establish and manage vendor and supplier management processes and audits
- Manage various third party SAAS products for our company
- Research security enhancements and make recommendations to management
- Train users and promotes security awareness to ensure system security and to improve
server and network efficiency.
- Assist and perform internal IT and PCI, ISO27701 and ISO27001 audits and process
- Stay up-to-date on IT and PCI trends, news and security standards
- Other duties may be assigned
The successful candidate will possess the following:
- Strong English communication (verbal/written/presentation) skills with both business and technical stakeholders.
- Strong knowledge of MS Office suite of products
- Understanding of firewalls, proxies, antivirus, and IDPS concepts.
- Understanding of security controls to protect information systems consistent within the industry.
- Excellent attention to detail and documentation
- Diploma or Bachelor’s degree in Computer Science, IT security, a related field, or a diploma/certificate/degree in Information Systems, Information Technology, or a related area.
- Minimum of 3 years of experience working IT Security environment
Can you demonstrate experience proving;
- Ability to work under tight timelines and competing priorities.
- Critical thinking & thought leadership on project and/or program management.
Great assets to have would be;
- Prior experience in incident identification/analysis and escalation procedures an asset
- Understanding of PCI, ISO 27001 and 27701 or related security frameworks considered an asset.
- At least one security or IT certification would be an asset or working towards certification.
Please send your cover letter and resume to firstname.lastname@example.org