Company: Finning CanadaPosting End Date:
May 28, 2019Number of Opening:
Reporting to the Chief Information Security Officer, the Information Security Engineer is responsible for ensuring Finning Projects adhere to security best practices and guidelines, action ad hoc security requests from the business, assisting with security architecture, continued development of security requirements & standards, and working with other pillars to drive Finning's overall security mandate.
The ideal candidate for this position must possess a broad and in-depth understanding of technical and professional skills in many Security related disciplines, including: Security Architecture, Security Operations, Identity and Access Management, Cloud transformation & architecture, Change Management, Agile development, Dev Ops, Data Governance, and Project Management. Job Description: Major Job Functions:
- Project Team Integration - including collaborating with project team members, producing required security documents & checklists, integration with project RFP's, security design/implementation, align projects with Finning guidelines/policies, and ensure any projects handover to security operations are considered
- Security Initiatives - including championing Security/Security Architecture within Finning, create and update artifacts to drive additional efficiencies, assist with ongoing security initiatives (ex: yearly PCI reviews), support new & upcoming initiatives such as IoT & new technologies
- Ad hoc support of security requests from the business (Digital & IT Initiatives, Procurement, Contracts, etc., including acting as the routine contact point for requests, supporting the SOC, supporting security & awareness, assisting with rapid & agile digital initiatives, contract reviews
- Accountable for security related items within projects including: requirements gathering, design, RFP responses, validation, and documentation
- Acknowledge & respond to ad hoc security requests
- Identify risks & security gaps in current & in progress Finning solutions
- Assist with development & review of Security Architecture artifacts, project documents, and templates
- Ensure security & architectural guidelines are applied during design & implementation
- Promote security within the larger Finning organization and assist with security awareness
- Advise & coach others towards leveraging secure information practices within Finning
- Evaluate security technologies
Specific Skills & Knowledge:
- Customer Focus: Being successful means continuously paying attention to customer needs and adapting as these evolve. This heightens the importance of building strong customer relationships and delivering customer centric solutions.
- Cultivates Innovation: Paying attention to what customers want and need - new and improved products, services, solutions, and experiences. Taking initiative and collaborating with people who have diverse points of view. Embrace the mindset you and Finning are never done, never satisfied, never standing still.
- Drives Results: Infusing the team and organizations with a sense of urgency. Creating a culture where organizational performance is always top of mind. Communicating a vision, setting priorities, developing and executing plans that achieve the desired outcome for Finning.
- Courage: Being comfortable with the conflict that is inherent to being a champion of an idea or course of action. Meeting tough situations head-on to constructively resolve them. Saying what needs to be said at the right time, to the right person, in the right manner to effect change.
Education & Experience:
- Experience with Security technologies such as: Firewalls, Web Application Firewalls, Antivirus/Antimalware, Cloud Security, SIEM (Logging/Monitoring), IPS/IDS, Email filtering, Role Based Access Controls (RBAC), Single Sign On (SSO)/Active Directory, and Wireless
- Ability to effectively communicate security concepts to technical and non-technical audiences
- Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines
- Experience in securely migrating solutions to cloud based infrastructures
- High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
- Exercises tact, courtesy and professionalism in ensuring effective team work and fostering productive relationships
- Excellent analytical, technical, planning and organizational skills
- Experience delivering projects in a fast paced & changing environment
- Performs security risk, vulnerability assessments, and business impact analysis information systems
- Identifies, evaluates and recommends options, implementing if required
- Identifies new and emerging hardware and software technologies and products based on own area of expertise, assesses their relevance and potential value to the organization
- Ability to travel periodically
- Spanish is an asset but non mandatory
- Knowledge of a broad range of standards and frameworks - for example, Project Management Framework, International Standards Organization (ISO), IT Infrastructure Library (ITIL), Payment Card Industry - Data Security Standard (PCI DSS), Bill-198, Personal Information Protection and Electronics Documents Act (PIPEDA), General Data Protection Regulation (GDPR)
- Thorough understanding of hosted and cloud infrastructure (SaaS, PaaS, IaaS)
- Familiar with the basic principles of organizational change management, and understanding of how to apply these principles
- Understanding of DevOps, development lifecycle, and Agile methodologies
- Aware of Disaster Recovery (DR) & Business Continuity Planning (BCP) concepts and requirements
- Demonstrable experience in Information Security Engineering gained through 3-5 years of progressively more responsible work in the field of Information Security
- A degree or equivalent education in a related discipline such as Computer Science, Business Computing, or Engineering. Security certification will be an asset as well
- Obtained at least one of or working towards the following certifications:
- Certified Information Systems Security Professional (CISSP)
- Information Systems Security Architecture Professional (ISSA)
- GIAC Security Essentials (GSEC)
- GIAC Information Security Professional (GISP
We are committed to diversity at Finning, to building and sustaining a diverse and inclusive workforce and as an equal opportunity employer we encourage applications from all qualified individuals. Finning does not discriminate against applicants based on genders, races, national and ethnic origins, religions, ages, sexual orientation, marital and family status, and/or mental or physical disabilities.