Join Commport Communications International as our Cyber Security Manager!
Company Overview:
Commport Communications International, inc. is a renowned leader in providing innovative supply chain management solutions worldwide. Our commitment to excellence extends to cybersecurity, where we prioritize safeguarding our systems and data integrity. As we continue to grow, we're seeking a passionate and skilled Cyber Security Manager to join our team and lead our cybersecurity efforts with expertise and dedication.
Job Overview:
Reporting to the COO, the Cyber Security Manager at Commport is a pivotal role responsible for overseeing all aspects of cybersecurity operations. This position demands a blend of technical proficiency, leadership acumen, and strategic foresight to effectively manage cybersecurity risks. As a subject matter expert, you will spearhead security-related projects, lead day-to-day security operations, and collaborate cross-functionally to enhance our cybersecurity posture.
What you'll be doing:
Security Operations
- Lead and execute day-to-day security operations, including monitoring systems (phishing, DLP, SEM, MSSP threat case escalation, etc.), investigating incidents, and responding to threats.
- Manage security related vendors, acting as Commport’s point-of-contact with security vendors including Commport’s SOC/MSSP.
- Configure security technologies including audit tools, data classification and alerting.
- Assist Network Operations team with prioritization of Patches and Vulnerability Remediations.
- Execute regularly scheduled internal audits for password compliance.
Security Program Management
- Develop company-wide security strategy and matures security capabilities.
- Manage security policies, standards, procedures, ensuring annual updates and on-going compliance.
- Act as Company Chief Security Officer for GOC Contract Security Program.
- Provide security expertise for infrastructure projects and configurations.
Awareness and Training
- Manage and continuously update the Commport ‘Security’ hub on SharePoint.
- Produce and sends quarterly security newsletters to staff.
- Execute annual security awareness training program and obtain security policy acknowledgments.
- Monitor the external environment and shares relevant information.
Risk Assessment and Mitigation
- Manage risk profiles pertaining to infrastructure and operations; provide recommendations to mitigate risks and participate in remediation projects and activities.
- Make decisions and provide direction to company stakeholders in matters pertaining to infrastructure, operations, policy compliance and security based on current Risk Levels.
- Support Information Security Governance, Risk, and Compliance which includes client inquiries, security contracts, risk management, and compliance management.
- Remain current on security-related regulatory and compliance matters and industry best practices.
- Develop and manages vendor risk management process, including conducting vendor risk assessments, and establishing contractual security requirements.
- Conduct annual review of service-provider SOC audits and/or security controls.
Compliance and Reporting
- Manage corporate technology security audits, including SOC 2 Type 2, penetration tests and others.
- Specifically responsible for responding to client inquiries in relation to Commport’s security controls and leads the effort to respond to customer-initiated audits and security assessments.
- Regularly report on security performance, incident trends, and compliance status.
Incident Response Management
- Lead incident handling and cross-team coordination, including after hours in emergency situations.
- Establish and maintain incident response plans to effectively address security incidents and breaches.
- Lead regularly scheduled table-top exercises and incorporates lessons learned.
Security Infrastructure Management
- Provide cyber-security architecture and systems engineering consulting to IT and business teams.
- Manage the implementation and operation of cyber security controls in collaboration with multiple teams.
- Support the Manager of IT Operations and service providers to develop and implement controls.
*All other duties as assigned.
Key competencies you exel in:
- Accountability
- Communication
- Critical Thinking
- Leadership
- Organizational and Environmental Awareness
- Risk Management
Working conditions:
- Hybrid work model with minimum in-office attendance and flexible working options to support work-life balance
- Manual dexterity required to use desktop computer and peripherals
- Ability to attend and conduct presentations
- On-call as required to achieve assigned duties
Education and experience:
Non negotiables
- University degree or equivalent in Information Technology with a minimum of 7 years of information technology experience, 3 years of which in an Information Security role
- Experience with SOC 2 Type 2 Audits
- Computer literacy, including effective working skills of Microsoft business applications
- Knowledgeable in both qualitative and quantitative risk assessment methodologies
- Understanding of IT/IS concepts and how to articulate those in terms of risk
- Experience with and understanding of overall GRC concepts
- Technological aptitude – learns quickly and adapts easily in a fast-paced technology environment
- Excellent communication and presentation skills, both written and verbal
- Ability to work independently or as a collaborative team member as situations dictate
- Confident decision-making skills regarding determining project guidelines, purpose, following through and completion
- Strong project management skills – able to manage several high-priority, short deadline projects simultaneously
- Proven creative and innovative problem-solving skills and the ability to troubleshoot complex issues in a timely and effective manner
- Demonstrated team leadership abilities to effectively collaborate with multiple teams
- Must have resided in Canada for five consecutive years and undergo/pass an RCMP Criminal Background Check (for Secure B Reliability Status)
Nice-to-haves
- Industry recognized security certifications
- Experience with ISO 27001/27002 and/or NIST CIF
- Knowledge of ITIL and project management
- Experience with PCI
- Internet Security Services (Web Gateway and Application layer firewalls)
- Experience with Solarwinds (SEM, NPM, SCM, Orion Platform)
- Experience with Data Loss Prevention concepts and tools, including MS Purview
- Understanding of financial reports including budgetary guidelines and project expenditures
Direct Reports:
0-2
Application Process:
Commport welcomes all applicants. Accommodations during all phases of the screening and recruitment process will be made wherever possible.
If you're ready to take on this exciting opportunity and contribute to our cybersecurity efforts at Commport Communications, please submit your resume via Indeed or apply through our website at www.commport.com/careers. We look forward to reviewing your application!
We appreciate your application; however, we will only be contacting the candidates we wish to interview.
Salary: $109,000.00-$136,000.00 per year