Position Description:

The IT Field, Security & Network Delivery team is a fast-paced and dynamic team within the Information Technology organization.  The team’s mandate is to work with Bell stakeholders and technology partners to deliver solutions that leverage Bell’s significant investment in its IT platforms and architecture.

We are looking for a Senior Specialist, Cyber Security reporting to the Director of IT Delivery to assess, and influence the security posture of Bell’s critical IT & Field systems, platforms and data.

The role requires a self governing, creative, and regimented performer who will work with our team of Project Managers, Business Analysts and Security professionals that focus primarily on solutions for our critical IT & Field delivery platforms as well as, new and emerging IT technologies.

Job Duties/Accountabilities:

Analysis & Response

Develop program strategies to inventory and assess risk on a portfolio of key applications.

Influence delivery teams to align to Bells security directives and provide guidance and strategies to integrate into the delivery lifecycle.

Develop enterprise level remediation efforts and consult on security solutions with technical teams.

Work with and provide guidance to technical architects and security teams, within both Bell and external to Bell, as they perform infrastructure, application and code scans as well as PEN tests in order to uncover vulnerabilities within IT systems topology.

Analyse vulnerabilities found through VA scans and PEN tests and propose remediation strategies.

Monitor/respond to security issues in the IT Field & Network domain.

Document all security incidents and assess their actual or potential risk.

Work with the Systems Security team to document the “lessons learned” and implement improvements to existing processes/procedures/best practices or the creation of new processes/procedures/best practices if they do not already exist. 

Cyber Security Solutions Delivery

Develop and implement solutions to alleviate risks and enhance system security and support teams as a technical expert for the project, system or solution they are working on.

Implement network, server, website, application, and Data/Information security improvements for cloud, hosted, and on/off premise solutions, by assessing current situation; evaluating trends; anticipating requirements and making recommendations.

Play a critical, collaborative role in setting the strategy and goals for delivery teams, with a focus on project impact, product quality, and engineering efficiency.

Ensure site and data security and provide consultation on security issues staying abreast of potential internet security threats.

Assist in the development of secure architecture, designs, and provides training on security solutions.

Support project manager as a subject matter expert.

Assess and develop mitigation measures to ensure that appropriate mitigation is applied.

IT Systems Solutions Delivery

Gathering and documenting the security vulnerability and business requirements and then ensuring that the deliverables produced by the development effort conform to the business requirements.

Consult on design and development deliverables, including interface specifications, integration requirements, Blueprint documentation, as well as the business’s implementation and conversion strategies and plans.

Prevention

Review the results of internal PEN tests and VA Scans and define mitigation/remediation strategies.

Assess the latest internal and external security bulletins and propose a plan to remediate any threats that are applicable to IT & Field Systems.

Qualifications/Competencies:

5+ years of experience in the Security space.

7+ years in an IT Business Analysis, or IT Infrastructure role in large scale IT Systems projects, with leadership experience defining requirements and solutions.

Excellent verbal and written communication skills including the preparation and presentation of senior management reporting packages

Bachelor's degree in Computer Science, Computer Engineering, Information Technology Systems Security or related field.  Master's degree in Information Security is an asset.

The following accreditations are desired:  CISSP, CEH, CCSP, CRISC, CISM, CHFI

Knowledge of GRC Information Security is an asset.

Must possess a thorough understanding of all aspects of data, computer and network security, including such areas as firewall administration, encryption technologies and network protocols.

Highly experienced with data securitization and able to solution for data at rest, in motion, and database encryption

Experience with Application/Data Security and Vulnerability Management programs that leverage SAST (Static application security testing), DAST (Dynamic application security testing), PEN Testing, network vulnerability scanners, etc.

Familiar with Privileged Access Management (PAM) policies and procedures.

Confidently able to be a contributing editor to IT Security standards and policies.

Understanding of security frameworks (e.g. NIST Cybersecurity framework, ISO, PCI, SoX) and risk management methodologies.

Well-developed research, analysis and problem-solving skills to identify risks and propose appropriate mitigation strategies, where required.

#tech

#indeed

#cybersec

#LI-JW1

Bilingualism is an asset (English and French); adequate knowledge of French is required for positions in Quebec.