Saskatchewan Blue Cross

Posting ID             S2118

Position                 Permanent Full Time

Saskatchewan Blue Cross®, one of Saskatchewan’s Top Employers, is currently recruiting for a full time permanent Senior Security Specialist in the Information Systems & Technologies (IS&T) Department located in our Saskatoon office.

JOB FUNCTION

Reporting to the Director, IS&T, the Senior Security Specialist provides operational oversight of the enterprise’s security solutions as well as establishes and maintains an enterprise security stance through policy, architecture and training processes.  Secondary accountabilities will include the selection and ongoing monitoring of security solutions and surveillance of any vulnerability audits and assessments.  The successful incumbent will interface with peers in both the IT Service Delivery and Product Delivery departments as well as with the leaders of other business units to both share the corporate security vision as well as solicit involvement towards the achievement of higher levels of enterprise security through information sharing and cooperation.

DUTIES & RESPONSIBILITIES

  • Maintain and enhance the enterprise’s security architecture design in alignment with considerations from security frameworks such as NIST and ISO 27001
  • Manage and provide recommendations for the Incident Response Plan and play a key role in the testing and execution of the plan
  • Maintain and enhance the enterprise’s security awareness training program
  • Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines and procedures)
  • Participate in the maintenance and enhancement of the enterprise’s Business Continuity Plan and Disaster Recovery Plan, where appropriate
  • Work closely with the Cyber Security Detection and Response team to triage alerts and assist with decisions on appropriate action as required
  • Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors
  • Select, acquire and implement additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise’s existing procurement processes in partnership with the IT Service Delivery Team
  • Perform and collaborate as required in the deployment, integration and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically
  • Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories
  • Ensure the enforcement of enterprise security documents
  • Perform and collaborate with appropriate IT roles on all investigations into problematic activity and provide on-going communication with senior management
  • Participate in the design and execution of vulnerability assessments, penetration tests and security audits and generate required artefacts
  • Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents
  • Engage in ongoing communications with peers in the IT Service Delivery and Product Delivery departments as well as the various business groups to ensure enterprise-wide understanding of security goals, to solicit feedback and to foster co-operation
  • Perform security assessments on any new technology solutions, including both on-premise or cloud-based applications
  • Perform security assessments and recommendations for Agile software development projects
  • Provide coaching, mentorship, and guidance to other team members on security awareness and best practices
  • Perform other related projects and duties as assigned

QUALIFICATIONS & SKILLS

  • Bachelor’s degree in Computer Science or a related field with minimum of 5 years’ of directly related work experience. An equivalent combination of training and experience will be considered
  • Completion of one or more professional certifications or equivalents such as CISA, CSA, NSE, GIAC Security Essentials, GIAC Security Leadership, ISACA Certified Information Security Manager, Microsoft Certified Systems Engineer: Security, (ISC) 2 SCCP, (ISC) 2 CISSP, or (ISC) 2 ISSAP would be considered an asset
  • Extensive experience in enterprise security architecture design and developing or enhancing related documentation
  • Experience in designing and delivering employee security awareness training
  • Experience developing Incident Response Plans, Business Continuity Plans and Disaster Recovery Plans
  • Understanding of frameworks such as NIST and ISO
  • Experience in securing mobile and web applications
  • Experience securing and hardening operating systems, application servers, and infrastructure devices
  • Working technical knowledge of VMWare, Nessus, Fortinet and Cisco solutions
  • Strong understanding of IP, TCP/IP, and other network administration protocols
  • Proven analytical and problem-solving abilities
  • Good written, oral, and interpersonal communication skills
  • Ability to present ideas in business-friendly and user-friendly language
  • Highly self-motivated and directed
  • Team-oriented and skilled in working within a collaborative environment
  • The successful candidate will be required to undergo a background check
  • Must be legally entitled to work in Canada on an unrestricted basis

HOW TO APPLY

If you are motivated to learn, enjoy working as part of a team and are looking for an opportunity to be part of a progressive, growing company, please apply directly on our Company Job Board

To apply for this job please visit recruiting.ultipro.ca.

Senior Security Specialist