Provides subject matter expertise to Moneris in respective areas, including data security, application security and infrastructure security. Execute specialized cybersecurity capabilities including data protection and cryptography solutions
You will be accountable for:
Drive improvements to Information Security through the identification of risks and recommendations of mitigating strategies
Execute risk assessments / security assessments on Enterprise Wide Projects to ensure all requirements for security documented in the Information Security Policy and Standards are adhered to and followed.
Act as a subject matter expert (Specialist) in the realm of information security and provide advice and recommendations related to controls to safeguard information.
Work with Project Management Office (Project Managers) to ensure adherence to Security Assessment Process.
Assist all project teams and business units and provide consultation to all security processes and resolve all security issues effectively.
Document information security risks and work with project team to recommend solutions to address identified risks.
Report residual risk, security exposures, vulnerabilities and non-compliance of information assets.
Review requested firewall rules with the purpose of identifying any security risks with the request. i.e. unsecure protocols and over permissive firewall rule requests.
Recommend and verify baseline security configurations for applications, operating systems, and networking equipment.
Your experience includes:
Certified to CISSP or equivalent professional certification (CISA, CRISC)
10+ years of Information Security experience related to Risk Assessments.
A cyber/information-security mind-set, able to assimilate and consider issues from the technical, process and business perspective, supported by a pragmatic attitude for the implementation of security.
Proven ability to build relationships and influence across an organization with a track record of good written and verbal communication skills
Excellent attention to detail
A good understanding of the procedures required to identify, quantify and address information security or cyber vulnerabilities in an organization
Experience of the development and implementation of appropriate risk mitigation plans, policies, processes and technical controls
Proficiency in payment systems and the merchant acquiring business is an asset.