Information Security Officer and Team Lead

Date: Jul 26, 2022

Location: Waterloo, CA

Company: Wilfrid Laurier University

Department: Information and Comm. Technologies 

Job Type: Continuing

Full-time/Part-time: Full Time (>=1249 hrs/year) 

Campus: Waterloo 

Reports to: Manager, IDM and Security

Employee Group: WLUSA 

Application Deadline: August 9, 2022

Requisition ID: 4647 

 

Wilfrid Laurier University is a leading multi-campus university that excels at educating with purpose. Through its exceptional employees, students, researchers, leaders, and educators, Laurier has built a reputation as a world-class institution known for its rich student experience, academic excellence, and global impact. With a commitment to Indigenization and commitment to equity, diversity, inclusion, Laurier’s thriving community has a place for everyone.

Laurier has more than 19,000 students and 2,100 faculty and staff across campuses in Waterloo and Brantford, as well locations in Kitchener and Milton. The university is committed to providing an inclusive workplace, a flexible work policy and employing a workforce that is reflective of local and national demographics. Our locations are situated on the traditional territories of the Neutral, Anishnawbe, and Haudenosaunee peoples. We recognize the unique heritages of Indigenous peoples and support their intentions to preserve and express their distinctive Indigenous cultures, histories, and knowledge through academic programming and co-curricular activities. Laurier’s Centre for Indigegogy is one example of how Laurier honours Indigenous knowledge.

 

 

Position Summary

As a senior level position, the Information Security Officer and Team Lead reports to Manager, IDM and Security and has cross-functional responsibilities within the ICT Team. The incumbent is a subject matter expert in information security with extensive and updated knowledge and experience in information security industry standards and best practices.

This position leads a team of professionals who manage and support information security at the University. The incumbent provides technical expertise, as well as organizing, planning, developing, and leading the team in their day to day activities. This team is responsible for cybersecurity of all Laurier datacenters, cloud services, user end-points, and networks. The incumbent and their team are responsible for the implementation of Laurier’s Information Security Strategy by supporting cybersecurity operations, threat and vulnerability management, incident response, alerting and monitoring.

 

The ISO and their team work closely with the Director, ICT Infrastructure and Information Security and Manager, IDM and Security to develop and deliver cybersecurity awareness training to ICT as well as to the broader Laurier community. The ISO will represent Laurier in meetings, project teams, and conferences inside and outside of the University.

 

This role has a university-wide mandate and is based at the Waterloo Campus.  The incumbent provides subject matter expertise to all campuses, requiring regular interpersonal interactions and collaborations with departments at the University and external partners.

 

The role requires to respond quickly and effectively to ensure Laurier integrity, public image and reputation are not impacted by cybersecurity incidents. There are often frequent interruptions and requires the ability to multitask. As the services provided by this position are 24/7 operations, the Information Security Officer may be required to work outside normal business hours (on a call-back basis) and may be required to be on call.  When possible, the manager will adjust the work schedule so that no more than 35 hours are worked in a week.

 

Accountabilities

Technical Expertise

  • Complies and assists with the development and enforcement of policies and procedures relating to information security in compliance with regulatory requirements and industry best practice;

 

  • Works closely with senior leadership to develop roadmaps, strategies and tactical plans to improve the security posture at Laurier.
  • Performs threat risk and/or privacy risk assessments on projects and other ICT initiatives and propose solutions to mitigate risk.
  • Oversee the vulnerability management program by reviewing vulnerability scans, interpreting results, coordinating remediation efforts, reporting status and metrics to demonstrate improvement.
  • Drive the remediation of issues identified through internal and external security testing
  • Monitors industry security updates, technologies, and best practices to improve security across the infrastructure and application development domains.
  • Monitors forums, security sites and commercial or publicly available security data bases to identify known threats and/or security vulnerabilities, and develops and applies mitigation procedures to protect the University;

 

  • Develops and delivers end-user training and security best practices;

 

  • Working knowledge in Identity Access Management, Privileged Account Management and Public Key Infrastructure

 

  • Supports and drives the secure implementation, delivery and operation of new and existing business applications, platforms and services projects of ICT and across business functions

 

  • Coordinate day-to-day security operations, ensuring the identification and remediation of information security risks, threats and vulnerabilities.

 

  • Responsible for the configuration, controlling and monitoring of information security devices (SIEM, Traps (Anti-virus), Firewall, IDS/IPS, VPN.);

 

  • Responsible for monitoring and audit PCI requirements and controls;
  • Responsible for managing technologies Proof of Concepts (POC), as well as technology purchases via RFI, RFQ or RFP;
  • Works closely with other ICT units to ensure systems under their responsibilities are up-to-date, antivirus and malware software are current and functioning correctly, and other intrusion/prevention systems and firewalls are operational;
  • Administer and lead the Cyber Security Incident Response at Laurier.
  • Participate in digital forensic investigations and deliver conclusions to Laurier senior management and the legal and privacy officers

 

  • Works closely with Laurier’s legal and privacy officers reporting information on breaches to federal and provincial institutions;
  • Provides expertise, guidance and advice in all matters related to Information Security;

 

ICT Service Management

  • Ensure that third level support requests are properly addressed by the ICT Security team as appropriate
  • The ICT infrastructure is a 24x7 operation requiring the incumbent to maintain an appropriate service model to ensure the team can respond to critical incidents as required
  • Ensures that technical support issues that are escalated to the ICT Security group are managed to resolution
  • Develops and implements appropriate procedures, process, controls, key performance indicators and standards to ensure that ICT security evolves and improves over time

 

Project Leadership and Management

  • Develops project management plans and lead project teams for ICT Security team
  • Acts as a Subject Matter Expert to provide advanced Security technical information, project management information and guidance to others in support of project planning and management

 

Leadership

  • Responsible for providing day to day supervision and leadership for the information security team. Although this is a team of technical professionals the ability to provide leadership, mentoring and motivation to team members will be paramount
  • Will supervise various project team members from other units working on ICT Security projects

 

Positions reporting to this position include:

          2 Security Analysts

          Special project teams for specific security upgrades and installations

 

 

Qualifications

  • University Degree in Computer Science, Engineering, or a related field
  • Certified Information Systems Security Professional (CISSP)
  • Microsoft Certified: Cybersecurity Architect Expert
  • GIAC Certification
  • Strong leadership, strategic planning, communication, project management, problem-solving, and decision-making skills, and a commitment to customer service
  • A minimum of 5 years’ experience working in information security technical positions
  • Knowledge of security and controls frameworks such as COBIT, ISO 27001, NIST, CIS
  • Understanding of risk based approaches, regulatory and compliance issues
  • Demonstrated experience with incident response protocols, and forensic techniques and tools
  • Proven experience using vulnerability assessment tools, conducting vulnerability assessment scans and penetration tests
  • Experience in ethical hacker techniques and tools (commercial and open source packages)
  • Extensive experience working with network security devices: firewalls, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), etc
  • Experience analysing data and managing SIEMs, log analysis tools, and network vulnerability monitoring tools
  • Experience in technology Proof of Concepts (POC) and technology procurement processes (RFI, RFQ, and RFP)
  • Understanding and working experience with PCI compliance
  • Experience creating technical/security reports and presenting the results to other colleagues and management
  • Experience working with O365 audit and logging tools
  • Advance knowledge on security best practice on MACs, Windows (desktop and server versions) and Linux Operating Systems (Redhat, Oracle Linux, CentOS, Kali Linux)
  • In-depth understanding of security architecture, standards and best practices for different cloud models and environments
  • Working experience with scripting languages: Python, Bash, Perl, PowerShell, etc. 
  • Working experience with protocols: VLANs, VPN, Trunking, packet analyzer, Network Address Translation (NAT), ACLs, and SNMP
  • Equipment specific training on industry leading security vendors such as Cisco, Palo Alto, and F5 networks
  • Excellent problem solving ability in a high-pressure, fast-paced environment
  • Strong interpersonal and communication skills and the ability to work with users of varying technical expertise (faculty, students, administrative and professional staff, management)
  • Ability to write progress reports and deliver presentations to technical and non-technical audiences
  • Strong organizational skills, accuracy and attention to details
  • Ability to document network policies and procedures
  • Ability to work independently and as a member of a team
  • Ability to work in, and adapt to, a rapidly changing and highly technical environment
  • Deals with difficult situations with tact and diplomacy seeking to resolve problems

 

 

 

 

Compensation

Position Grade:  SH-11

Rate of pay:    $42.93 - $50.52 per hour

Hours of Work: The normal hours of work are 8:30 am to 4:30 pm, Monday to Friday. 

 

 

This position has been deemed eligible for educational equivalencies

Please refer to the attached link for details.

 

 

 

 

Job Evaluation Factor Scores

 

WLUSA/WLU Job Evaluation Factors

             Score               

Education and Experience

7

Interpersonal Skills

4

Applied Reasoning and Analytical Skills

6

Physical Skills

3

Co-ordination and Planning

4

Responsibility for Others

3

Impact of Decisions

4.5

Mental Effort

5

Physical Effort

3

Multiple Demands and Priorities

3

Working Environment

2

 

All Laurier employees and students are required to comply with the University's Covid-19 mandatory vaccination policyEffective May 1st, Wilfrid Laurier University will pause its proof of vaccination requirements. Should these recommendations change, vaccination requirements can be reinstated on short notice. Community members should remain up-to-date with their COVID-19 vaccinations.

Wilfrid Laurier University endeavors to fill positions with qualified candidates who have a combination of education, experience, skills and abilities to successfully perform the duties of the position while demonstrating Laurier's Employee Success Factors.

Equity, diversity and creating a culture of inclusion are part of Laurier’s core values and central to the Laurier Strategy. Laurier is committed to increasing the diversity of faculty and staff and welcomes applications from candidates who identify as Indigenous, racialized, having disabilities, and from persons of any minority sexual and gender identities. Indigenous candidates who would like to learn more about equity and inclusive programing at Laurier are welcomed to contact the Office of Indigenous Initiatives. Candidates from other equity deserving groups who would like to learn more about equity and inclusive programing at Laurier are welcomed to contact Equity & Accessibility. We have strived to make our application process accessible, however if you require any assistance applying for a position or would like this job posting in an alternative format, please contact Human Resources. Contact information can be found at careers.wlu.ca/content/How-to-apply/

Should you be interested in learning more about this opportunity, please visit www.wlu.ca/careers for additional information and the online application system. All applications must be submitted online. Please note, a resume and cover letter will be required in electronic form.


Job Segment: Information Security, Compliance, Cyber Security, Project Manager, Network Security, Technology, Legal, Security