ICG’s solutions are rooted in understanding our business lines and technologies and collaborating with our business teams to deliver high quality, reliable, enterprise grade solutions for top Global brands such as Twitter, Microsoft, and Bausch + Lomb. We deliver in a fast-paced, ever changing, and innovative environment underpinned by sound cost management while maintaining a high level of security practices for PCI and ISO27001/27701/22301 compliances.
Our teams are responsible for the secure delivery and execution of all client programs & projects. ICG aims to act as a trusted partner and strives to deepen client relationships based on trust, security, integrity, commitment, accountability and delivery. This team lives on the cutting edge with solutions which drive strategic and long-term value to our customers.
More specifically, our Information Security (InfoSec) team is responsible for development, maintenance and evolution of our information security roadmap, as well as Infosec certifications such as PCI DSS and relevant ISO programs, validating the security of our service partners, and supporting our top client security onboarding and re-occurring reviews as a start. All while managing the full spectrum of internal information security and all our real time production facilities.
ICG is looking for a full time Manager, Information Security to join our management team in Winnipeg.
Who we are looking for?
Reporting to the COO/CIO, this new leadership role at ICG, you’ll oversee and manage the Information Security team to ensure internal and customer driven security initiatives are delivered on specification, and in compliance with our internal policies and procedures, and industry standards. This role interacts collaboratively with many if not all levels of the organization to gain a holistic view of challenges and opportunities to address not only immediate issues, but also focus on ensuring secure solutions that our clients will love.
You will be leading and mentoring the InfoSec team including several Information Security Analyst. You will work closely with several cross functional teams such as Sales, Marketing, Legal, IT, Delivery, Engineering, Data Services, and Finance to create solid credit card and information security for our entire organization.
Is this role right for you?
You are willing to lead in a collaborative fashion, direct and drive a secure but customer focused culture throughout the entire Infosec team, and establish Information Security policies and ensuring policies are followed.
- Collaboration with various team leads such as IT, Engineering, Legal and Talent Management, to achieve corporate and compliance goals.
- Establishing security roadmaps and risk management strategies across our organization.
- Working with key client security onboarding questionnaires and processes in order to certify ICG as a key partner.
- Establishing and evaluating the security profile of our service partners.
- Growing and maintaining our GRC program
- Working with tools such as JIRA and GRC portals will be a daily occurrence
- Managing all aspects of security incident management by guiding team of mobilization, process, monitoring SMEs – setting up program governance framework, processes, escalation management, root cause analysis and security incident response dashboard/report
- Ensure security resources are assigned to initiatives/requirements as needed.
- Understanding and working in a DEVOPS environment
- Be the Lead on security incidents and key contact
- Lead, mentor, and guide a team of four (or more) infosec team members, while guiding its growth through interviews and hiring processes.
- Implement security technology solutions and portals to manage our evolving security needs, including managing penetration and vulnerability scans, and associated programs and checks;
Overall, here’s what our successful candidate should possess:
- Strong English communication (verbal/written/presentation) skills with both business and technical stakeholders.
- Experience in establishing and managing a security framework by establishing policies, executing the policies in a PCI And ISO environment, while working in a complex, fast paced and dynamic environment
- Hands on experience with ITIL
- Experience in a Governance Risk Compliance (GRC) environment with hands on expertise
- Experience in security aspects of vendor (partner) management
- Experience in a hands-on approach on various aspects of ISO 27001 and their security components
- Experience in a hands-on approach on PCI DSS certifications, and their security components
- Familiarity with security practices
- Experience and expertise using relevant and recent security technologies/tools
- Experience securing production software systems (live processing systems)
- Experience securing IT Office systems
- 2+ years of progressively responsible information security leadership roles in which you have managed security projects and programs that have IT, business, and operational components;
- 2+ years of people leadership in roles in which you build engagement, alignment, and a trusting and positive learning environment.
- 3+ years of hand-on experience with security tools, programs, frameworks and implementation, and monitoring of such programs.
- Completion of a post-secondary education in a business or technology related field.
- Possess ITIL certification
- Possess ISO related certifications which are current
- Possess security related credentials such as ISACA which are current
Can you demonstrate experience proving;
- Ability to work under tight timelines and competing priorities.
- Critical thinking & thought leadership on project and/or program management.
- Successful track record in utilizing your influencing & interpersonal skills to drive change and ability to drive project completions
Great assets to have would be;
- Working knowledge of ISO 27701 or GDPR
- Have a good understanding of DEVOPS
- Have a good understanding using tools such as JIRA.
- A “just get it done” attitude in solving issues beyond simply providing suggestions or assuming someone else will do it.
At this time, we are only accepting applicants with valid Canadian work credentials.
Successful candidates for this position will be required to undergo a security screening, including a criminal records check.
Please send your cover letter and resume to firstname.lastname@example.org