Information Security Program Specialist

**Who We Are**:
Headquartered in Atlantic Canada with offices across the United States and around the world, Bulletproof has decades of experience in IT, security, and compliance. The company’s footprint now includes users on six continents trusting Bulletproof to address their technology challenges and strengthen their security posture.

Driven by innovative, empowered and creative teamwork, we build solutions that solve business challenges and deliver overall business improvement for our global clients. At Bulletproof, we are committed to our customers, our team and our communities. Bulletproof's practices include Security and Network Operations Centers, Security Assessment & Audit, Quality Assurance and Testing, Project Management, Microsoft Consulting, Managed Services, Managed Security Services, and Product Fulfillment; working together to provide true end-to-end business solutions.

**Why Bulletproof**:
At Bulletproof, our people are the core of who we are and what we do. Founded in Atlantic Canada and now operating globally, it’s our people who drive us and who bring us together. We believe that it’s through trusting and empowering our entire team, that we achieve more. Bulletproof is a Microsoft Solutions Provider, a FOUR-PEAT Microsoft Canada Workplace Impact Award winner, and crowned the 2021 Microsoft Global Security Partner of the Year. Bulletproof is proud to be a member of the Microsoft Intelligent Security Association. We are committed to helping our customers achieve more.

**Job Summary**:
The Information Security Program Specialist works closely with the broader Information Security team to deliver service directly to clients. It is responsible for diving deep into a client organization, conducting risk assessments, leading client security governance meetings, creating policies, implementing information security programs, assessing compliance, and guiding an organization through information security changes.

**Duties and Responsibilities**:

- Consulting and acting as the expert to find the intersection of business process, technical infrastructure and compliance laws, rules, and regulations as it relates to clients.
- Perform or guide an assessment from start to finish with a risk-based approach the client's security posture by identifying findings and providing recommendations to reduce risks.
- Working with clients to Implement Information Security Risk Management programs.
- Working with clients to create written information security plans and/or system security plans, creating and updating policies based on changing security or compliance requirements, business processes and/or provincial/state/federal regulations.
- Providing ongoing guidance and project/program management for client’s information security programs, including consulting with clients, advising on compliance, guiding through information security implementation and compliance situations.
- Leading governance meetings, planning meetings, client training, and tabletop exercises.
- Designing future state from a pragmatic standpoint and advise clients on prioritization to improve their security posture.
- Creating presentations and trainings that are easy to understand, user friendly, and align with company culture.
- Assessing third-party supply chain risks.
- Assessing Information Security and Technology risks.
- Monitoring industry standards and frameworks.
- Defining, improving, and guiding procedures, tools, and reporting practices in GRC.
- Provides support to project scoping and engagement planning, including participating in kick-off meetings, promptly supporting project manager requests, supporting technical inquiries for sales or marketing, responding to complex client technical queries.
- Supports practice leads by performing specific team leadership tasks as assigned, such as hosting team meetings or calls, acting as an owner for specific team organizational processes, or ensuring specific project goals are on track.

**Required Education and Credentials**:

- Information Security certifications such as CISM, CISSP, CRISC, CDPSE, GRCP are considered an asset but not required.

**Skills and Experience**:

- Minimum seven years leading and implementing information security programs experience.
- Three years of business consulting experience.
- Proactive in identifying and resolving issues and working through challenges with a positive attitude.
- Empathetic team member able to build strong relationships with clients and team members.
- Strong written and oral communication skills.
- Critical eye for details.
- Able to work effectively with mínimal supervision.
- Excellent time management, task planning, and prioritization skills.
- Strong proactive project management skills.
- Understanding of Business Management.
- Knowledge of Security technology and cloud environments.
- Knowledge of security and privacy frameworks/standards.
- Able to adapt quickly to changing client and team requirements.
- Pr