The Lead Information Security Engineer will help advance the information security program within the company. Reporting to the CISO, the successful candidate will assist in driving efforts to ensure the confidentiality, integrity, and availability of the company, customer, employee, and partner information assets

This individual is also responsible for performing and responding to, security assessments on existing systems, developing security standards, and the technical administration of security tools. The Lead Information Security Engineer is considered a subject matter expert in security and system design and will be a change agent, acting as a catalyst for positive behaviours to help drive successful information protection practices within the company, especially across the company’s SaaS offerings. The selected individual is a self-driven, attention detailed, go-getter, capable of working across organisational boundaries to achieve results.

RESPONSIBILITIES

- Manages the design, development, and implementation of security technology solutions within the organisation.

- Ensures that security configurations of key systems are properly implemented, monitored and reported.

- Provide guidance to developers around security architecture and secure SDLC processes.

- Leads security investigations in response to security incidents.

- Manages the internal/external vulnerability management program and works with various departments to remediate issues.

- Assist users in finding secure methods and practices to meet business needs.

- Helps drive an effective security awareness program into the company.

- Maintain an active familiarity with existing and emerging threats and vulnerabilities, and recommend changes to policies, tools, and procedures accordingly.

- Collaborate with team leads, clients, engineers, and developers to appropriately translate functional needs into technical security requirements for premise and SaaS solutions.

- Assists in developing responses to pre/post sales 3rd party vendor assessments.

- Oversees and leads the development of a baseline system and application hardening guides based on industry best practice and provides leadership and expertise to IT teams on current security solutions and configurations.

- Provide on-call support and operations support for security issues and escalations

QUALIFICATIONS AND EDUCATION REQUIREMENTS

- Bachelor's Degree in Computer Science, Information Systems

- 3-5 years of hands-on information security related work experience

- CISSP, CISA, CEH, or similar certification

- Experience and knowledge of good security practices (e.g. ISO 27001, NIST, COBIT)

- Familiar with best practices around securing SaaS-based solutions and platforms

- Familiarity with compliance mandates such as GDPR and other regulations/standards

- Strong problem solving, analytical and documentation skills

- Ability to collaborate effectively with IT, business staff, and customers at many levels and from different departments

- Ability to apply appropriate mitigation and controls based upon level of risk

- Strong technical acumen, hands-on technical implementation experience with a variety of security tools and operating systems such as vulnerability management systems, endpoint protection, IDS/IPS, DLP, Linux, Windows, Active Directory, SIEM tools