CLASSIFICATION SPECIFICATION FORM



Similar documents
Chief Information Officer

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Information Security Program CHARTER

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Business Continuity Position Description

IT Risk & Security Specialist Position Description

Qulliq Energy Corporation Job Description

Terms of Reference for an IT Audit of

CHAPTER Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033

Information Security Lead (BISRID_054) Solution Architect, (Head of Business Assurance)

JOB SPECIFICATION. Service Support Manager ORGANISATION CHART: JOB PURPOSE:

ADMINISTRATIVE POLICY # (2014) Information Security Roles and Responsibilities

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

Information Security Program

Head of Engineering Job Description

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Governance and Management of Information Security

HOW NOT TO ATTRACT AN ENTREPRENEURIAL PM

Cloud Security and Managing Use Risks

Leads organization s IT disaster recovery and business resumption planning, testing, and implementation pertaining to computing infrastructure.

Information Security Management Systems

JOB DESCRIPTION CONTRACTUAL POSITION

OPPORTUNITY PROFILE. Associate Dean Executive Education

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

SAMPLE Short-form Job Profile

Information Security Governance:

S86810, page 1 Manager, Technology Operations Job Description

ASAE s Job Task Analysis Strategic Level Competencies

How To Be A Security Officer

Company Synlait Milk Ltd Date: August 2014

Ambulance Victoria. Position Description

This document includes information about the role for which you are applying and the information you will need to provide with the application.

SAMPLE JOB DESCRIPTIONS

Information Technology Governance. Steve Crutchley CEO - Consult2Comply

University of Sunderland Business Assurance Information Security Policy

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

Information and Communication Technology

The ICMCI CMC Competence Framework - Overview

NSW Government Digital Information Security Policy

INFORMATION TECHNOLOGY & MEDIA SERVICES

Domain 5 Information Security Governance and Risk Management

Job Description Solutions Lead

Big Data Engineer Position Description

INFORMATION SECURITY STRATEGIC PLAN

Domain 1 The Process of Auditing Information Systems

INFORMATION TECHNOLOGY ENGINEER V

SENIOR INFORMATION SYSTEMS MANAGER

Chief Information Security Officer

IRAP Policy and Procedures up to date as of 16 September 2014.

Risk Management of Outsourced Technology Services. November 28, 2000

Project Manager Job Descriptions

Certification for Information System Security Professional (CISSP)

B408 Human Resource Management MTCU code Program Learning Outcomes

(Instructor-led; 3 Days)

CARLETON UNIVERSITY POSITION DESCRIPTION. Position Title: Manager, HR Systems Position No.: Approved by:

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

Business Logistics Specialist Position Description

POSITION INFORMATION DOCUMENT

Ambulance Victoria Position Description

Senior Payroll Officer / Accounts Administrator Heslerton Road, Dunsandel, Canterbury

SECURITY RISK MANAGEMENT

Information Security Managing The Risk

Work Toward Your Bachelor s Degree

Utica College. Information Security Plan

ISO Information Security Management Systems Foundation

Competency Requirements for Executive Director Candidates

DevOps Engineer Position Description

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

SUMMARY OF POSITION ROLE/RESPONSIBILITIES:

Customer-Facing Information Security Policy

IT Consultant Job Family

Human Resource Services PO Box Classification and Compensation Gainesville, FL Fax

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

POSITION DESCRIPTION. Role Purpose. Key Challenges. Key Result Areas

UNIVERSITY BOARD SKILLS REVIEW MATRIX Page 1 of 5

Business Relationship Manager Position Description

IT Project Manager III

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

Microsoft s Compliance Framework for Online Services

Canadian ISO User Group Conference. Sun Life Financial s Experience with Security Governance & ISO 17799

Business Intelligence Engineer Position Description

Business Analyst Position Description

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Business Intelligence Analyst Position Description

Role Description Enterprise Architect and Solutions Delivery Manager

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:

SUPERVISOR, SERVICE DESK (Existing position)

Transcription:

www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information Security Office Information Security Information Technology and Business Transformation cityplace H. R.: DATE: May 2016 A. SUMMARY OF RESPONSIBILITY Security Clearance is required for this position Under the general direction of the Vice President, Information Technology and Business Transformation & Chief Information Officer (CIO), the Executive Director, Information Security Office is responsible for developing and implementing a comprehensive information security program designed to protect information assets and supporting information systems from any unauthorized access, use, disclosure, corruption or destruction. The Executive Director, Information Security Office directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The Executive Director, Information Security Office is a senior-level executive responsible for aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected in accordance to the corporate risk tolerance.

B. TYPICAL DUTIES Strategic Planning, Development & Execution Leads the development of a long-term Corporate IT Security strategy and programs to ensure information security and information risk management messaging and implementation are aligned on an enterprise-wide level. Monitors integrity, confidentiality and availability of information to ensure it is owned, controlled and processed by the organization. Provides leadership and strategic direction for the function, identifying protection goals, objectives, and metrics that align with the corporate strategic plan. Anticipates threats and opportunities related to corporate reputation, and develops strategies to mitigate risks. Directs, manages, and is accountable for the implementation of IT security components of operational initiatives and projects, from conceptualization and planning through to implementation. Provides strategic direction to related governance functions and stakeholders throughout the organization on information security matters, such as routine security activities, plus emerging security risks and control technologies. Information Security Controls Oversees the corporate information security management system to identify, quantify, catalog, and remedy information security risk across the enterprise and monitors the overall costs. Leads the information security management system governance committee, providing guidance on best-practices, governance and leadership. Responsible for the development and implementation of corporate information security policy, standards, guidelines and procedures to ensure ongoing maintenance of information security. Establishes a centre of excellence for information security management, offering advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively. Creates a framework for roles and responsibilities with regard to information ownership, accountability, and protection. Oversees the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations to minimize or eliminate risk and audit findings. Responsible for ensuring effective information security awareness, training and educational activities. Responsible for information security activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties. Oversees information security incident response team (ISIRT) planning as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary. Responsible for identity and access management governance. Liaises among information security team, corporate compliance, audit, legal, and HR as required.

Develops the metrics and reporting framework to measure the efficiency and effectiveness of IT security components of corporate programs and initiatives. Information Risk Management Defines, implements, and is responsible for the organization s global information risk management strategy and framework, collaborating with business units, stakeholders, and committees to get buy-in and build momentum. Oversees the process to administer policy exceptions, ensuring that they are subject to appropriate controls, both before and after approval. Ensures that strategic information security and risk guidance is provided to third-party suppliers in accordance with internal frameworks, and assesses to ensure compliance with required controls. Coordinates and manages any external resources involved in programs, including interviewing and negotiating contracts and fees. Oversees information security risk assessments and controls selection activities. Works with outside consultants as appropriate for independent security audits. Security Architecture and Engineering Ensures that information security architecture standards, policies, and procedures are available and enacted consistently across application development projects and programs. Collaborates with enterprise architecture to define physical, virtual, and logical information security architecture specifications. Collaborates with application owners to understand the risk position around key business applications. Liaises with the enterprise architecture team to ensure alignment between the security and enterprise architectures, coordinating the strategic planning implicit in these architectures. General Leadership Assists the Vice President, Information Technology and Business Transformation & Chief Information Officer with the planning, management, and implementation of corporate information security projects and initiatives. Conducts all activities of an Executive Director, including participation in strategic planning, long- term human resource planning, budgeting, and support for the Information Technology and Business Transformation division. Provides leadership, coaching and direction to direct reports. Provides direction to Security Operations staff and management (currently titled Security, Compliance and Risk Management) by way of a dotted line reporting structure. Fosters the use of leading-edge business research and analysis for the development of policies and initiatives. Represents the corporation at meetings with external organizations, professional and business associations related to Information Security issues and development. Remains current in new technologies, platforms, threats, and risks; actively engages in a defined process to keep current on trends, new practices and new solutions and emerging technologies and threats. Fosters the use of leading-edge business research and analysis for the development of policies and initiatives.

Displays leadership by continually motivating, encouraging and inspiring the development of strong, effective, efficient, ethical and professional teams with a clear focus on the delivery of planned outcomes and the continual development of the capabilities and capacities of the individual team members. C. QUALIFICATIONS 1. Education: Bachelor or Master s Degree in Computer Science, Information Systems, Commerce, Business Administration or related field. Completion of one or more of the following professional designations is preferred: o Information security management qualifications such as: CISSP, CISM, CRISC, CISA or other information security credentials. An MBA would be considered an asset. 2. Experience: Ten years of related senior level experience successfully leading comparable information security management and/or related functions (such as an ISMS, IT audit, and IT Risk Management), including five years at a senior management level. Experience must include a minimum of five years managing multiple, large, cross-functional teams or projects, influencing senior level management and key stakeholders. 3. Technical Knowledge & Skills: Solid understanding of the enterprise information security architecture discipline, processes, concepts, and best practices. Knowledge of information security and risk control frameworks such as COBiT, ISO 27001, ITIL, and ISO 31000 is preferred. Knowledge of business continuity and IT disaster recovery frameworks such as BS 25999 and BS 25777 is preferred. Demonstrated personal values aligned with the corporate values, providing a role model for the team. Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a global, matrix management environment. Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors. Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion. Proficiency in the use of standard software packages, such as Microsoft Word, Excel, and PowerPoint. Strong affinity with technology and an interest in the wider implications of technology. Proven integrity and the ability to handle confidential matters in a professional manner, applying the appropriate level of judgment and maturity. Strong leadership and management skills and recognized as a key strategic thinker. In-depth knowledge of information technology management, including hardware and software.

In-depth knowledge of enterprise application and data architecture principles, and associated tools, technologies, methods. Proven capabilities in research, analysis, and a demonstrated ability to interpret and synthesize complex data. Proven capabilities in the area of project management with the ability to plan and manage multiple complex projects simultaneously. Superior oral and written communication skills, with demonstrated ability to clearly convey complex information in a concise and straightforward manner. Excellent interpersonal skills, with experience of superior performance in public speaking and formal presentations. Proven ability to handle conflict and criticism in a positive and professional manner. Proven ability to adapt to, and effectively contribute to, rapid business transformation. Proven ability to work under pressure and meet deadlines. Superior negotiation skills in working with key stakeholders and vendors. 5. Security Clearance Must be able to obtain and maintain the required level of security clearance as a condition of employment in this classification including: Reliability Status: Consent to a Criminal Name Record Check Consent to a Credit Check Secret (Level II) Security Clearance: Consent to a CSIS (Canadian Security Intelligence Service) Indices Check

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information