Manager, IT Security
- Edmonton, AB, Canada
Edmonton International Airport is a self-funded, not-for-profit corporation whose mandate is to drive economic prosperity for the Edmonton Region. EIA is Canada’s fastest-growing major airport over the past 10 years, the fifth-busiest airport by passenger traffic and the largest major Canadian airport by land area. EIA offers non-stop connections to more than 60 destinations across Canada, the US, Mexico, the Caribbean and Europe. At EIA you become part of a tightly knit team, working in a supportive environment, dedicated to fulfilling our vision of more flights to more places.
Reporting to the Operations SBU, Director, Information Technology, the Manager, IT Security is a member of the Information Technology Management Team. This position is focused on IT Security, assessment and compliance activities across all the IT related disciplines, both Corporate IT & Airport IT, and is the primary point of contact related to managing the Airport’s cyber security risk exposure.
· Create and manage a strong team of Stratum 1 employees, including determination of optimal numbers, recruitment, retention, and development.
· Ensure the delivery of optimal results against appropriate performance metrics. Including: progress related to maturity assessments based on NIST-CSF (National Institute of Standards and Technology – Cyber Security Framework), user “participation” in IT Security Training and “susceptibility ratings” to phishing or social engineering by Edmonton Airports Staff, Network Penetration testing and vulnerability scanning, PCI-DSS (Payment Card Industry Data Security Standard) certifications on both the Campus Area Network (service provider) as well as Parking Systems (merchant).
· Development of IT Security Governance and Policy recommendations including the Procedures, Controls and Measurements & Metrics to adequately mitigate any related risk exposures resulting from the use of technology.
· Utilize tools related to monitoring of the Security Operations of the IT Environment (including but not limited to Security Information & Event Management, Dark Trace Enterprise Immune System, Windows Defender Security Center, Microsoft “Sure Score” evaluations of the Windows & Office 365 cloud environments, Crowdstrike Falcon Overwatch, SHODAN vulnerability scanning) and follow-up with the various IT Teams & Management to ensure that any identified discrepancies are promptly addressed.
· Maintain an IT Risk Register, aligned with the Corporate Enterprise Risk Management Framework and Integrated Assurance activities lead by Risk, General Council & Governance SBU. This includes bi-monthly (every 2 weeks) scheduled “check in” meetings with the Manager, Internal Audit and Risk Assurance. Meeting topics would include progress on any internal or third-party assurance work, new technologies coming into production, risk identification and assessment.
· Bachelor’s Degree in Computer Science, Engineering or equivalent post secondary education and direct IT industry work experience
· Leadership Development Program certificate or equivalent training to enhance leadership skills
· Relevant technical Cyber Security Certifications such as SANS Systems and Network Auditor (GSNA) or Information Security Professional (GISP) or Certified Information Systems Security Professional (CISSP) certifications required
· Relevant leadership Cyber Security Certifications such as SANS GIAC Security Leadership (GSLC) or Certified Information Security Manager (CISM) certifications considered an asset
· Experience working in Audit, Compliance, Quality Assurance or equivalent capacity
· Direct experience with Contract Management negotiation and ensuring deliverables
· Direct experience with Budgeting and Program/Project Management
· Ability to secure and maintain appropriate airport security clearance and acceptable criminal record check is required.
Applicants from this competition may be utilized to fill future vacancies of a similar nature
Manager, IT Security
1 Full-Time, Permanent Position; Poster #2018-32
REPORTS TO: Director, Information Technology
SALARY: Commensurate with experience
POSTING DATE: July 27, 2018 (External)
CLOSING DATE: Until a suitable candidate is found