Manager,  Security Advisory Services

Our client brings enterprise-class solutions to companies of all sizes across North America, helping customers to protect their most critical assets with resilient cyber security risk management technology and services. They dig deeper to understand their customer’s needs and tailor solutions to detect, respond, and prevent security incidents ahead of the threat. 

The Role

The Manager, Advisory Services is a hybrid role, responsible for leading internal Information Security best practice and governance, providing similar guidance to Customers on a per project basis, and growing the Advisory Services team. You will haveprior hands-on technical experience and is capable of identifying operational and technical control deficiencies and recommending solutions. This role requires excellent written and verbal communication skills and should be comfortable interfacing directly with clients, auditors, and writing reports. While the ideal candidate will have prior experience leading a team, this role is also suitable to an emerging leader who is passionate about information security and building service offerings that share that enthusiasm with customers.

Responsibilities 

Internal ISO (10%)

• Maintain and augment the internal formal Information Security program
• Develop and augment internal documentation for security and compliance design effectiveness
• Assist with achieving and maintaining compliance with relevant frameworksinternally, including audits where applicable
• Act in the capacity of Information Security Officer for the company, including leading internal incident response
• Work with the Sr. Director - Security Services to create a strategic roadmap for internal Information Security

 
Advisory Services Lead (20%)

• Build out the strategy for external services (including program offerings and deliverables) working with leadership to ensure alignment with the corporate objecitves.
• Develop and augment standard documentation for security and compliance design effectiveness
• Develop and lead relationships with key vendors and partners supporting the practice
• Stay abreast of industry trends, regulations, and advancements in information security and privacy; and use these to improve the service offerings of the Advisory Services team
• Support the sales team in scoping/quoting custom Advisory Services, as required
• Act as a player/coach for Advisory Services team members and foster a culture of collaboration, learning and growth
• Provide guidance to support team members in project execution, problem-solving, and professional development
• Conduct performance evaluations, set objectives, and identify training needs to enhance the team capabilities.

Project Delivery (70%)

• Conduct organizational gap/risk assessments for external customers, leveraging known models for risk quantification such as FAIR and OCTAVE
• Assess  customers for cybersecurity readiness and recommend prioritized action plans to achieve compliance with various frameworks
• Interact with and educate clients as a subject matter expert, emphasizing technical, operational, and administrative control improvements while capturing customer service concerns
• Assess, develop and augment client documentation for security and compliance design effectiveness
• Align advisory services and deliverables with customer needs, priorities, and program maturity enhancements
• Ensure that advisory recommendations mitigate risk without sacrificing business integrity/efficiency

Qualifications

• 5+ years of relevant experience and post-secondary degree in Computer Science, Information Security, IT, or a related field
• Understanding of industry standard frameworks (NIST SP 800-53 and other complementary / related special publications (such as SP 800-171, etc.), the PCI-DSS, AICPA's TSC for SOC 2, HITRUST, HIPAA, CIS CSC, ISO 27000 series standards, OSFI guidance and privacy specific frameworks such as the GDPR and CCPA)
• Understanding of common IT and Business processes and procedures
• Participation in compliance audits as either an assessor or organizational representative is an asset
• CISSP, CISM, CISA, Security+, GSLC, GSTRT, or other relevant certifications (or in progress) are an asset
• Understanding of security consulting services is an asset
• Understanding of governance and risk frameworks (such as COBIT and Risk IT) is an asset
• Occasional travel may be required