Lead Advisor, Infosec Threat and Vulnerability

Our culture lifts you up—there is no ego in the way. Our common purpose? We all want to win for our customers. We aim to always be evolving, dynamic, and ambitious. We believe in the power of genuine connections. Each employee is a part of what makes us unique on the market: agile and dedicated.

Time Type:
Regular

Job Description:
SUMMARY OF POSITION:
Reporting to the Manager, Information Security Governance Risk and Compliance, the InfoSec Threat and Vulnerability Management Senior Advisor will lead the design, implementation, reporting and remediation follow ups for vulnerability management. This also includes overseeing penetration testing, evaluating findings, translating findings into actionable tasks and supporting remediation.

The incumbent works to operate an effective and modern vulnerability and risk mitigation program, with an advanced understanding of the current state (threats, risks, people, processes and technologies), in collaboration with the other cybersecurity teams and business units.

**MAIN RESPONSIBILITIES**:
Leads and owns the Vulnerability Management function across all business units (BU).-
- Collaborates with the business units Vulnerability Analysts to consolidate all activities into a corporate InfoSec Vulnerability management database.-
- Collaborates with ERM (Enterprise Risk Management) and the Business Unit ISwg (Information Security working group) leaders to identify and prioritize high exposure vulnerabilities.Provides expertise in the prioritization of vulnerabilities based on real data, the risks posed, and the business context;Operates vulnerability management tools (in a shared responsibility model with the Analysts from the business units) and takes the ownership of constantly improving them;-
- Analyzes asset and vulnerability operational datasets to provide meaningful, actionable metrics and data visualizations;-
- Documents vulnerability analysis and assessment findings after performing risk analysis;-
- Advises business units on corrective actions and collaborates with InfoSec teams and ERM to ensure remediation and any adjustments that could be needed;-
- Identifies new security requirements, risks, trends and develops appropriate responses;-
- Coordinate and supervise penetration testing exercises with external vendors, other InfoSec teams and business units;-
- Translate findings into actionable tasks and follow up on vulnerability remediation plans with the different stakeholders;-
- Gather relevant data to report on vulnerability management metrics;-
- Partners with key stakeholders to develop and/or update information security documents such as policies, standards, procedures, training material;-
- Remains aware of technological trends and developments in the area of information security.ESSENTIAL REQUIREMENTS

ACADEMIC TRAININGRecognized certification in Computer Science, Information Security or any relevant domain.- WORK EXPERIENCEMinimum 5 years experience in information security, IT support or system management-
- Experience in vulnerability risk and analysis and coordinating vulnerability management efforts.- TECHNICAL COMPETENCIESTechnical understanding of general security vulnerabilities and their mechanisms of exploitation;-
- Expertise in setting up and operating Qualys and/or equivalent vulnerability management tool;-
- Experience in penetration testing is an asset;-
- Proficient in information security principles, and industry standards such as NIST and ISO;-
- Current industry standard security certification (Security+, SANS, Microsoft, Cisco etc.) is an asset;-
- Experience using tools to correlate unstructured data from various types of journals and event flows;-
- Experience with information security concepts related to threat and vulnerability management, system architecture and Internet and cloud technology;Knowledge of attack vectors, threat actors, and mitigation techniques;-
- Understanding of information security practices and policies.PARTICULAR COMPETENCIESPreferred fluency in French and English (spoken and written), to be able to collaborate with different Business Units in Quebec, Ontario and across the United States;-
- Has a collaborative business mindset with supporting work ethics;-
- Flexible and able to quickly adapt to change (embraces change);-
- Is viewed as a team player by peers and management;-
- Financial understanding of the impacts of his/her recommendations;-
- Be able to propose and negotiate solutions and initiatives;-
- Be fully autonomous and take ownership of the process;-
- Possess a strong capacity for analysis and synthesis;-
- Strong problem solving skills;-
- Excellent organizational and communication skills;-
- Attention to detail;-
- Ability to work under pressure and manage multiple priorities;-
- Capable of understanding technical details and then presenting in layman’s terms to a less technical audience (eg. executives, product owners, etc).Location:
Montréal, QC

Company:
Cogeco Communications