Title:  Supervisor, Information Security-PB481

Summary of Duties:

Reporting to the Manager and is responsible, through management and supervision, to ensure adherence to the strategic and tactical direction for IT Security throughout the corporate network, including Boards, Commissions and Agencies. Supervisory duties to include ITS teams.

Work Performed:

• Monitors processes for Identity and Access Management including the creation, modification, access privileges and deletion of user accounts. Conduct reviews to assess that the access privileges are on the basis of need to know or “Least Privilege Rights” standard.
• Directs and ensures the development and implementation of enterprise security controls and practices including Internet, Intranet, Extranet, network, application, remote access, and wireless technologies.
• Responsible for ensuring the use and application of End Point security tools, Internet filtering and Data Loss Prevention tools, Event and log management tools and Privileged Account Management tools.
• Responsible for enterprise cybersecurity incident response documentation and other policy/governance documentation
• Involved in the management implementation, maintenance and support of Public Key Infrastructure (PKI) and Strong Authentication solutions and strategy to secure enterprise applications and data.
• Maintains quality service by establishing and enforcing organization standards.
• Manages, reviews, assigns, delegates and directs the work functions of employees.
• Responsible for coordinating and enforcing systems, policies and procedures.
• Undertakes corrective action with respect to employees in conjunction with the Manager and People Services.
• Provides information, orientation, training, instruction and supervision as required to assist employees in performing their work functions.
• In conjunction with the Manager and People Services, maintains working relationship with the union by following the terms of the collective agreement.
• Monitors compliance of systems and networks with regulatory organizations such as the Payment Card Industry to ensure the Corporation is compliant.
• Audits permissions and access rights to ensure compliance with policy.
• Responsible for the development and maintenance of all enterprise policies, strategies, procedures and standards related to Information Security to ensure compliance with industry standard practices and an enterprise-wide approach to security.
• Responsible for identifying deviations from Information Security standards and recommending corrective actions as required. 
• Performs and recommends Risk Assessments for all major update/upgrade of systems and applications whether on premise or cloud based.
• Manages and ensures vulnerability and risk assessments of enterprise assets and analyze activity logs of the various systems as part of preventive measures.
• Contributes to risk analysis and evaluation in support of maintaining the overall information security strategy.
• Participates in the review and adherence in the overall ITS governance.
• Directs and manages projects from conception to completion, overseeing all aspects of project execution to ensure deliverables are met within timeline and budget constraints.
• Conducts performance management reviews of project resources.

.

• Conducts and/or assists in the performance management and evaluation of employees.
• Conducts investigations (including MFIPPA, employment, corporate policies etc.) as well as documents findings and provides written/verbal reports as required.
• Performs penetration testing of hosted services and recommends the acquisition of such services based on security testing needs.
• Responsible for enterprise cybersecurity training and awareness programs and materials to educate staff on information security.
• Contributes to team effort by accomplishing related results as needed.
• Demonstrate commitment to anti-racism, anti-oppression, and human rights through interactions with community partners, employees and individuals and implementation of policies, programs and protocols that reflect this commitment. 
• Demonstrate commitment and adherence to Health and Safety legislation and programs; and actively promote a culture of safety. 
• Performs other duties as assigned.

Skills and Abilities:

• A minimum of 5 years’ experience in Information Security.   Detailed knowledge of Information Security, including Next-Gen Firewalls, Microsoft 365 Security and Compliance, XDR, SIEM/SOAR, Anti-Spam, Identity Management, Public Key Infrastructure, Access Control and Authentication is required. 
• CISA or CISSP is an asset.
• Experience and demonstrated effectiveness supervising and coaching staff. 
• Certification in ITIL Foundation - an asset.
• Formal project management training with Project Management Professional (PMP) or equivalent certificate is an asset. 

Qualifications:

University Degree in Computer Science or three year Post Secondary Business Information Systems Diploma, or equivalent.

Compensation & Other Information:

$88,112 - $115,065

This posting is for 1 temporary, full-time, up to 2 years position.

Current hours of Work: Monday - Friday from 8:30 a.m. to 4:30 p.m. 

Work Arrangement: Hybrid

These hours of work and work arrangements are subject to change in accordance with business requirements.

Police Record Check

The successful candidate will be required to complete a Criminal Record Check.