Security Officer

As a member of the Professional Services Security Team, the Security Officer, is responsible for the development, maintenance and implementation of security processes and practices to minimize risk and enhance the secure operations of our managed services sold to our clients. The Security Officer will be responsible for providing support to Senior Security Officers and governance to Bell business clients, and will play an active GRC (Governance, Risk and Compliance) role for internal programs; with significant cross-functional collaboration across network, security and business domains.
  
Responsibilities:

•    Act as a spokesperson and subject matter expert in information security governance, risk management and compliance for the BBM Managed Services teams and clients.
•    Maintain the organizations compliance with the security requirements of the Government of Canada PSPC Contract Security Program.
•    Develop and implement safeguards and metrics in collaboration with operational and business teams to support client security requirements.  
•    Review and maintain IT system security controls to ensure compliance with industry standards, Government of Canada ITSG, contract requirements and clauses. 
•    Review and analyze complex IT systems identifying risk and security exposures.
•    Coordinate audits and IT inspections, managing remediation activities, documentation and reporting.
•    Produce and maintain business risk registry, risk reports and impact analysis, developing action plans to minimize risk to the business.
•    Evaluate and monitor risk assessment and gap remediation processes and provide recommendations for process improvement.
•    Measure effectiveness of security processes and controls through development of metrics, dashboards, and reporting mechanisms.
•    Work closely with security and business leaders / stakeholders to drive security compliance and build a culture of security awareness.
•    Implementation of Bell’s privacy program and maintaining compliance obligations imposed by privacy regulations. 
 

Qualifications:

•    Experience in information security and an understanding of the concepts and principles of information handling and protection
•    Experience in designing and developing procedures, and processes for Information Security best practices
•    Experience  in facilitating and performing security audits
•    Experience performing risk assessment and management, developing mitigation strategies
•    Demonstrated knowledge of information technology security, trends, leading practices, regulatory and industry standard compliance issues (ISO 27001, SOC 2, PCI-DSS and others) 
•    Experience with SIEM development and use cases.
•    Experience VA scanning and reporting to key stakeholder. 
•    Excellent communication skills. 
•    Bilingualism (French/English) would be considered an asset.
•    Experience in agile methodologies (Scrum, Kanban)
•    Experience working in the telecommunications industry, with knowledge of network security and operations

 
Education:

•    Degree/Diploma in Computer Science/Information Technology or the equivalent.
 
Certifications:

•    One or more of the following certifications: CISSP, CISA and/or CISM would be considered an asset

Security Clearance

A Government of Canada PSPC security clearance at level SECRET (Level II) is required.