Manager, Information Security

Job Description

The Opportunity
The Manager, Information Security will play a key role in helping to reduce the risk of a major cyber incident at Banff Centre, as well as leading the detection and containment of any cyber incidents that might occur. This position will recommend policies, develop staff awareness through cyber security programs, manage and monitor technical threat detection, analysis, and control systems, and act quickly to contain breaches when they occur.

Roles and Responsibilities
Reporting to Director, IT/S, some key accountabilities include:

Leadership and Coordination

– Use existing security tools, constantly monitor the cyber threat landscape and identify how those threats apply to Banff Centre.
– Monitor applications, devices, and network infrastructure for significant threats and work with service owners to patch and mitigate risks.
– Lead the ITS team in responding to security incidents, including investigation, containment, and remediation. Work independently and with other teams to manage and support remediation projects to resolve identified risks. This includes reviewing, investigating and escalating security incidents such as phishing, malware, infections, etc.
– Implement and manage security controls to reduce identified risks based on their impact and likelihood of occurrence, as identified by the security provider.
– Collaborate with cross-functional teams to provide security guidance and advice for all information technology projects, acquisitions and services. Ensure security measures are integrated into system architectures and applications
– Track controls effectiveness and overall cybersecurity performance against a common framework and recommending adjustments as necessary.
– Assess all information technology risks and compliance and advise the Director, IT/S of mitigations and solutions required.
– Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
– Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security, with to assist in moving to a proactive security stance.
– Collaborate with internal and external teams to troubleshoot and resolve complex technical problems.
– Create and maintain technical documents and the supporting knowledge base.
– Conduct risk and vulnerability assessments and analysis using industry frameworks (ISO 27001, NIST CSFT) for new projects, applications, and 3rd party vendors.
– Provide direction and leadership to all teams in responding to security incidents, including investigation, containment, and remediation.
– Recruit, hire, and mentor staff, assigning work, and measuring performance in relation to the strategic standards of excellence and goals. Work closely with the Human Resources Team to ensure policies, procedures, contractual, legislative and work culture expectations are met.
Maintain effective working relationships with team members, internal partners, customers, the union and other stakeholders.