Information security manager job description

Canada's Challenger Bank™

Being a traditional bank just isn't our thing. We are big believers in innovating the banking experience because we believe Canadians deserve better options, and we challenge ourselves and our teams to creatively transform what's possible in banking. Our team is made up of inquisitive and agile minds that find smarter ways of doing things. If you're not afraid of taking on big challenges and redefining the future, you belong at EQB. You'll get to work with people who will encourage you to reach new heights. We like to keep things fun, ask questions and learn together. We're proud to be a certified Great Place to Work since 2020 for Professional Development, Financial Services and Best Workplace. Our EQ Bank platform has been named #1 Bank in Canada on the Forbes World's Best Banks 2021 and 2022! We foster an inclusive environment that makes it easy for people to be themselves and bring their personalities to work. We would love to tell you more about what it's like to work here.

Purpose of Job

The Information Security Risk Manager will work closely with the technology teams and line of business teams to mitigate the risk of security attacks while enabling the business to grow the bank and serve our customers efficiently and securely.
Main ActivitiesManage end-to-end vulnerability management process and reporting.Normalize vulnerabilities severity.Establish a scoring system for assets.Visualize vulnerabilities statistics per portfolio and/or product.Design and implement meaningful dashboards and reports.Manage security risks for assigned portfolio to ensure that action/mitigation plans are defined and actioned in-time.Escalate outstanding risks as required.Manage and maintain scanning tools.Update and mature security processes.
Knowledge/Skill RequirementsA college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.At least five (5) years of information security and information risk experience. Experience of setting up and running scanning tools for IT infrastructure and/or applications security testing is required.Experience with application development Experience with cloud concepts Experience in reporting tools such as Power BI and/or Tableau is required Understanding of CI/CD pipeline and approaches to automate security testing is an asset The following certifications are preferred: CCSP, CCSK, CISM, CISSP, or CRISC.Understanding and experience with PCI DSS, MITRE ATT&CK, BSIMM, NIST, ISO 27K series is an asset.Experience working in a banking or financial services environment is an asset.
What EQ Bank offers:Named “Best Workplaces in Financial Services & Insurance 2021”An inclusive and collaborative working environment that encourages curiosity, creativity and innovation.An experience to work and learn from diverse industry leaders.A continuous improvement journey using the latest technologies.An opportunity for innovation, continuous learning and career progression.A competitive total benefit package that includes a base salary, a performance bonus, company matching programs, vacation, personal & sick days, maternity/paternity leave, medical, vision and dental benefits and much more.
This role will be Hybrid or Remote based on your preference

#LI-Hybrid

What we offer [For full-time permanent roles]

💰 Competitive discretionary bonus
✨ Market leading RRSP match program
🩺 Medical, dental, vision, life, and disability benefits
📝 Employee Share Purchase Plan
👶🏽 Maternity/Parental top-up while you care for your little one
🏝 Generous vacation policy, personal days and even a moving day
🖥 Virtual events to connect with your fellow colleagues
🎓 Annual professional development allowance and a comprehensive Career Development program
💛 A fulfilling opportunity to join one of the top FinTechs and help create a new kind of banking experience

Equitable Bank is deeply committed to inclusion. Our organization is stronger and our employees thrive when we honour and celebrate everyone's diverse experiences and perspectives. In tandem with that commitment, we support and encourage our staff to grow not just in their career path, but personally as well.

We commit to providing a barrier-free recruitment process and work environment for all applicants. Please let us know of any accommodations needed so that you can bring your best self to the application process and beyond. All candidates considered for hire must successfully pass a criminal background check and credit check to qualify for hire. While we appreciate your interest in applying, an Equitable recruiter will only contact leading candidates whose skills and qualifications closely match the requirements of the position.

We can't wait to get to know you!

**THIS IS A CORPORATE POSITION**

The Manager, Information Security & Compliance will be responsible for facilitating effective planning, management, and governance of the Information Security Framework to ensure all processes related to Papa Johns IT Security program and compliance initiative are successfully prioritized, launched, executed and delivered with regular status reporting. He/she will provide support across all departments and will identify security initiatives and standards for 3rd party vendors.

The Manager, Information Security & Compliance will develop IS security standards, best practices, architecture and systems to ensure information system security across Papa Johns enterprise, cloud and champion teams and other business units to promote a secure organization through positive knowledge sharing, training, influences, and conduct. He/she will also implement procedures and methods for auditing and addressing non-secure, non-compliant systems to information security standards and evaluate the organization to ensure compliance with standards and relevance with industry security norms.

**Duties and Responsibilities**

Oversee Papa Johns information compliance program, and ensure all controls are being adhered to and compliance status maintained.

Develop, update and maintain information security program documentation including operational documentation for all monitoring processes.

Perform initial security incident assessment & investigation, triage support, and escalating security incidents as needed.

Identify and recommend changes to the security controls, assessing potential risks to data and systems, and provide recommendations on mitigation of these risks to acceptable levels.

Assist in internal and third-party risk assessments.

Perform advanced problem determination and timely resolution as well as make the decisions necessary to recover business systems in the event of an outage.

Development and deploy new security controls, tools, and processes.

Create and maintain reporting processes through creation and collection of appropriate metrics. Install and operate security measures/ software to protect systems and information infrastructure.

**Education, Experience** **& Certifications:**

Bachelor's degree in Computer Science, Information Systems, or related field

5+ years' experience in Information Security, Technology Risk Management, IT Audit, and/or IT Compliance functions

5+ years of experience in implementing security solutions

It is the policy of Papa John's to provide equal employment opportunities for all applicants and team members without regard to race, color, religion, sex, age, marital status or civil partnership, national or ethnic origin, pregnancy or maternity, veteran status, uniformed service (as defined by 10 U.S.C. §101 (a)(5)), protected disability status, genetic information, sexual orientation, gender identity, gender reassignment, or gender expression, or any other characteristic protected by statute or law.

It is the policy of Papa John's to provide equal employment opportunities for all applicants and team members without regard to race, color, religion, sex, age, marital status or civil partnership, national or ethnic origin, pregnancy or maternity, veteran status, uniformed service (as defined by 10 U.S.C. §101 (a)(5)), protected disability status, genetic information, sexual orientation, gender identity, gender reassignment, or gender expression, or any other characteristic protected by statute or law.

Ferguson is North America's leading value-added distributor across residential, non-residential, new construction and repair, maintenance, and improvement (RMI) end markets. Spanning 34,000 suppliers and more than one million customers, we deliver local expertise, value-added solutions, and the industry's most extensive portfolio of products. From infrastructure, plumbing, and appliances, to HVAC, fire protection, fabrication, and more, we make our customers' complex projects simple, successful, and sustainable.

Ferguson is currently seeking the right individual to fill an immediate need for a Senior Information Security Manager. We understand that our greatest assets are our people, so we're dedicated to offering an inclusive environment with extensive opportunities for growth and advancement. We want to help you build a long-lasting and happy career with us. Join our team today!

This leader will work across teams to help drive required remediation to Ferguson assets to lower aggregate risks at Ferguson. This includes supervising and maintaining all platforms delivering Security services and their continual availability; performing configuration and administration of these services; partnering with the CISO and GRC functions to ensure that intents are achieved, and compliance and regulatory requirements are met; and coordination of resources, schedules, and activities.

The Senior Manager will provide thought leadership, coach and mentor the team, and to build positive relationships with IT, Security, business, and third-party stakeholders, ensuring that Ferguson can execute its business plans.
Responsibilities
Leadership (50%)
Build and maintain a diverse and impactful team, through recruiting, hiring, training, coaching, developing, and rewarding team members. Participate in the CISO-level Security Leadership Team, to represent Application Security and Vulnerability Management performance and interests, and to collaborate with peers and other Security leaders to achieve our goals. Participate in the API and Cloud Security Leadership Team, to ensure reliable service delivery and efficient use of all resources. Develop and handle Goals and Development Items for each team member, supervising progress and supporting successful completion. Coach and lead associates and on/off-site contractors/consultants with respect to Ferguson strategic direction for approved Security, Technology, and Business technology initiatives. Continuously assess and align core and extended team member skills with strategic Security and Technology direction. Advise and collaborate with Security Leadership team, regarding resource forecasting, skill gaps, and other opportunities, to consistently anticipate demand, while meeting SLAs. Maintain enterprise-level relationships with Technology Leadership in all business units and subsidiaries, including partnering with local security leads to ensure consistent and quality execution of global Security responsibilities.

Security Management (50%)
Direct Management of the following practice areas: Vulnerability Management, DevSecOps, Pen testing, Ecom Security, Endpoint Security, Brand Protection, Data Security, Cloud/Platform Security Provide stewardship of people, process, and technology aspects of all platforms and Cloud-delivered Security services. Ensure that all Service Offerings are available and operating reliably and that they are aligned with the intent of Security Leadership and any published policies and/or standards, including development and/or maintenance of supporting processes used by the Cloud Security and Security Platforms teams. Ensure that personnel are cross-trained, to help others to develop and make sure there are no coverage gaps in service delivery. Establish and maintain good working relationships with all IT, Security, third-party, service consumer, and business stakeholders. Ensure that appropriate maintenance, monitoring, automation, and response procedures are in place, to meet Security and availability objectives. Gather, analyze, and report on service consumption and value delivered to customers, to ensure SLAs are met. Understand customer objectives and develop support strategies that map to Service Offerings. Ensure that the team operates within established budgets and timelines. Actively monitor new and emerging technologies, trends, issues, and solutions and assess their applicability to Ferguson's Security capabilities. Give requirements to technology selection process. Partner with Security Architecture, to contribute to blueprints and roadmaps that ensure that our technology meets all business requirements and anticipates future needs, in a cost-effective manner. Partner with Security Delivery to ensure that all new Security technology deployments include appropriate support and run-book documentation and that Security Ops & Engineering team members are fully trained to take responsibility for monitoring, ongoing support, routine engineering, and operation of new security technologies. Partner with Security GRC team to monitor and enforce compliance with the organization's security policies and standards among employees, contractors, and third parties responsible for Platform and Cloud Security services. Drive and report on Service restoration activities as required.

Business accountabilities
Associate and Operational Management
Support enterprise business and sales objectives through the effective and efficient performance of job responsibilities

Qualifications and requirements
Prior Experience
Experience managing a team of 5+ full-time associates is required. Experience managing App-Sec or VulnMgmt Security services strongly preferred. Experience as an individual contributor in and/or leading an IT Security team strongly preferred. Demonstrated ability in the Security space is strongly preferred, to perform at expectations.

Technical and Professional Skills
Strong organizational and time management skills Ability to lead and empower individuals and teams, especially in a remote/distributed workforce environment. Strong ability to manage multiple sources of demand and related partners Knowledge of IT Operations standard processes, including strategies and technologies for monitoring, alerting, automation, and return-to-service strongly preferred. Familiarity with available cloud-based Security services and controls, with Microsoft Azure and O365 strongly preferred. Ability to translate spoken and written policy requirements to technical controls. Ability to effectively communicate verbally and in writing, in person and remote. Ability to efficiently operate computers and mobile devices. Fluent with Microsoft Office software (Outlook, Word, Excel, PowerPoint, etc.), preferably in O365. Certifications: not required, but Azure Fundamentals/AZ-900, Security Certified Practitioner, or Certified Information Systems Security Professional/CISSP a plus (current or expired) Working understanding of agile, SDLC, and QA methodologies preferred. Ability to work on cross-functional teams and with all levels of the organization, from Executives to developers. Solid ability to apply logic, reasoning, problem solving skills and to prioritize work, establish timelines, and deliver by deadlines.

Physical Requirements
Requires working indoors in environmentally controlled conditions. Requires giving and/or receiving verbal communication and written communication. Requires using a computer keyboard and mouse to create letters, memoranda, and reports Requires sitting for extended periods

Ferguson is dedicated to providing meaningful benefits programs and products to our associates and their families-geared toward benefits, wellness, financial protection, and retirement savings. Ferguson offers a competitive benefits package that includes medical, dental, vision, retirement savings with company match, paid leave (vacation, sick, personal, holiday, and parental), employee assistance programs, associate discounts, community involvement opportunities, and much more!

#LI-Remote
-
The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.

Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Equal Employment Opportunity and Reasonable Accommodation Information