|Senior Managing Consultant - Security Strategy, Risk & Compliance take a holistic approach to assessing a client’s business security requirements. This allows them to develop supporting strategies, roadmaps and architectures to help establish an enterprise-wide security and risk management program. The Consultant is responsible for conducting comprehensive information security and various Governance Risk and Compliance (GRC) reviews, Information Security Assessments (ISA's), Threat & Risk Assessment, Privacy Impact Assessments, assessing client’s security controls, architecture, policy, vulnerabilities against existing and emerging threat vectors & trends. Designing and implementing solutions for clients to help address security issues discovered during the assessments and helping to identify security technology solutions to enhance our clients’ security posture and maturity levels. |
This position leads the delivery of large and complex consulting engagements. This position will not only lead the delivery of consulting teams, but also support pre-sales activities, including request for proposal responses and pre-sales consulting. Mentoring and training of other consultants will be required
Candidates should be highly experienced information security consulting professionals with proven experience in developing strategic direction, roadmaps with investment/Return On Investment (ROI) views, performing security compliance assessments. It is preferred that the consultant are certified PCI QSA and have experience in gaping to multiple standards including (PCI DSS, PA-DSS, ISO, NIST, etc.) Vulnerability Assessment, IT Security Policy Development and PCI remediation support is also a plus.
Candidates must be located in the Western Region of Canada.
• At least 10 years experience in professional services (providing consulting for end clients)
• At least 5 years experience in Information Security Consulting
• Over 5 years experience in Technology Risk, IT and/or Information Security and Risk and IT Security Architecture
• At least 5 year experience in Performing PCI Assessments (DSS and PA-DSS) for end clients. At least Certification as a Qualified Security Assessor (QSA) by the Payment Card Industry Security Standards Council (PCI SSC).
• Demonstrated knowledge in security industry regulations/standards (PCI DSS, Privacy Act and PIPEDA, NIST, SCADA, NERC) and compliance frameworks (ISO 27002, CobiT)
• Knowledge of security process frameworks, compliance and risk requirements and regulations, with particular regard to data privacy and protection.
• Experience working on projects and providing security assurance testing services.
• Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
• Track record of implementing successful risk management & security control programs.
• Be able to "think outside the box" and provide both scenarios and solutions to the business to enhance the IT Risk & Security function.
• Proven experience facilitating workshops, generating reports, preparing presentations and project management.
• Experience in the identification, assessment, mitigation and management of information security risks and issues
• Coding Experience along with Qualifications including CEH, CISSP, CISA, CISM, PCI DSS QSA, PCI DSS QSA, GIAC - GWAPT and GPEN would also be highly regarded.
• Certified in possess/maintain at least 1 of following security certifications: CISSP, CISA or CISM
• Experience in facilitating workshops and developing and conducting presentations and training for both business executives and technical audiences.
• Proven command of spoken and written English (ability to write a publication quality level to recommend to clients)
• Readiness to travel 75% travel annually
• Existing Canadian Security Clearance or the ability to obtain it
• English: Fluent
|IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.|