Job Title

Job Overview Are you looking for more than a job? At World Vision Canada we offer challenging careers that change the lives of children all over the world and it will change yours too. Come and be part of a team of 400 Canadians with a vision for the world: Life in all its fullness for every child. For Children. For Change. For Life. Position Details Specialist, IT Security Reports to: Vice President, Enterprise Technology and Transformation Position Term: Full Time Permanent Primary Location: Mississauga, Ontario, Canada Workplace Type: Hybrid Job Purpose Reporting to the Vice President, Enterprise Technology and Transformation, the Specialist, IT Security will oversee the planning, execution, and management of multifaceted projects related to IT compliance, control assurance, risk management, security, and infrastructure/ information asset protection. The Specialist, IT Security will be responsible for developing and managing enterprise IT security across multiple IT functional areas (e.g., data, systems, network and/or Web), developing and managing enterprise security services, and developing security solutions for critical and/or highly complex assignments to ensure the companys infrastructure and information assets are protected. Responsibilities Strategies, Policies and Risk Management Plan, execute, and manage IT projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness Develop and drive security strategies, policies/standards, ensuring the effectiveness of solutions, and providing securityfocused consultative services to the organization Develop, execute and manage data, system, network and internet security strategies and solutions across the enterprise Define and develop security policies and procedures such as user logon and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines Guide the enforcement of IT security policies and procedures Manage and enforce Identity and Access Management (IAM) and Privilege Access Management (PAM) policies, including multifactor authentication (MFA) Update, maintain and document security controls and provide direct support to the business and internal IT groups Evaluate and recommend security products, services and/or procedures Communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues Analysis & Response Work with and provide guidance to technical teams as they perform infrastructure, application and code scans as well as Penetration Tests (PEN) to uncover vulnerabilities within the WVC IT systems topology Analyze vulnerabilities found through Vulnerability (VA) scans and PEN tests and propose remediation strategies Influence delivery teams to align to the WVC security directives and provide guidance and strategies to integrate into the delivery lifecycle Manage data security profiles on all platforms by reviewing security violation reports and investigating security issues and exceptions Administer and optimise security tools, including SIEM, endpoint protection (EDR/XDR), firewall/VPN technologies, and intrusion detection/prevention systems (IDS/IPS) Document all IT security incidents and assess their actual or potential damage to WVC Liaise between WVI Security group and WVC with respect to IT security policy, process, procedures, training and communication If any security incidents should occur, work with the Infrastructure Operations/DevOps team to document the lessons learned and manage the implementation of improvements to existing processes/procedures/best practices or the creation of new processes/procedures/best practices if they do not already exist Ensure the Chief, Information Officer & VP, Enterprise Technology & Transformation are provided with weekly/monthly/quarterly and annual security reports Cyber Security Solutions Delivery Develop and implement solutions to alleviate risks and enhance system security and support teams as a technical expert for the project, system or solution they are working on Implement network, server, website, application, and Data/Information security improvements for cloud, hosted, and on/off premise solutions, by assessing current situation; evaluating trends; anticipating requirements and making recommendations Ensure site and data security and provide consultation on security issues staying abreast of potential Internet security threats Upgrade systems by implementing and maintaining security controls at all layers (server, network, application, and data/information) Assist in security investigations where required Assist in the development of secure architecture, designs, and provides training on security solutions Support agile and project teams as a subject matter expert Assess and develop mitigation measures to ensure that appropriate mitigation is applied Play a critical, collaborative role in setting the strategy and goals for delivery teams, with a focus on project impact, product quality, and design efficiency Systems Solutions Delivery Provide input to initiative/project security vulnerability and business requirements and ensure that the deliverables produced by the development effort conform to the business requirements Consult on design/development deliverables, including interface specifications, integration requirements, as well as implementation and release/launch strategies and plans Contribute to the project planning and administration assists in developing the project charter documentation, including helping with the highlevel plan, the feasibility analysis, and in developing the business case Prevention Review the results of internal PEN tests and define mitigation/remediation strategies Review the results of VA scans and define mitigation/remediation strategies Evaluate and signoff on initiative/projects'' prerelease security scans, architecture and code reviews Assess the latest internal and external security bulletins and propose a plan to remediate any threats that are applicable to the WVC IT ecosystem Leadership and Training Stay current on IT security trends, news and standards Ensure that applicable security awareness and compliance training programs are implemented and provide communication and training as needed Provide security briefings to advise on critical issues that may affect client Conduct knowledge transfer training sessions to operations/DevOps team upon technology implementation Assist in the creation and presentation of training materials, both online and in person, to improve Enterprise Technology & Transformation staffs understanding of security policies and procedures Lead training sessions with IT Systems staff and contractors to convey how WVC security policies affects their programs/projects/initiatives Qualifications BSc in Computer Science, Information Systems or other related field, or equivalent work experience Minimum of 5 years of progressive experience in IT with at least 3 years focused specifically on security engineering / operations, and/or incident response Demonstrated experience with: Cloud security principles and controls (Azure/GCP) Network security fundamentals (TCP/IP, firewalls, VPNs, IDS/IPS) Managing enterpriselevel security technologies (SIEM, EDR, MDM) Vulnerability scanning tools (e.g., Darktrace, Nessus, Qualys) Strong technical, analytical, communication and consulting skills with knowledge of IT Security and related technologies Knowledge of specific regulatory frameworks relevant to nonprofits (e.g., handling PII, PCIDSS compliance) Security certifications such as: Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) Global Information Assurance Certification (GIAC) and/or other certifications may be required Indepth knowledge of security issues, techniques and implications across all existing computer platforms Why Consider Us? Competitive Compensation & Benefits Health Spending Account Up to 6% matched pension contributions Parental leave topup Generous paid vacation, sick days, wellness and personal days Office closed extra days before long weekends (6x/year) World Vision Canada has consistently been awarded Canada and GTA top employer awards We are Canadas largest development, relief, and advocacy nonprofit organization We bring lifesaving support in times of disaster. We help poor communities to take charge of their futures. We provide small loans and training that boost family livelihoods. We work with policy makers to change the way the world is run. Our Christian faith teaches us that every child, regardless of gender, faith or race, is a precious gift to the entire world - and that their wellbeing concerns us all. We shall never rest while children suffer in situations that can be changed. Canada''s Top 100 Employers GTA Top 100 Employers Our Core Values: We are committed to the Poor. We are Christian. We are Stewards. We value People. We are Partners. We are Responsive. Qualified candidates must be able to demonstrate a commitment to the core values and mission of the World Vision partnership. World Vision Canada takes our Safeguarding responsibilities seriously and we provide an environment that is safe for our child and adult beneficiaries. We have strong recruitment procedures to make sure the safest and most suitable people work with the children in our programs. We provide our staff and volunteers with ongoing supervision, support and training in their work with child and adult beneficiaries. World Vision Canada welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process. Thank you for your interest; however only those applicants selected for an interview will be contacted. #J-18808-Ljbffr