Senior Advisor, Information Security Analyst

The Senior Advisor, Information Security Analyst will have a key role developing, leading & supporting key activities for the firm's information security program.  This function will be responsible for managing key activities including Risk Management, Vendor Assessments/Compliance, technology enhancements to improve technical landscape, staff education, & assessments. This role will work hand-in-hand with the IS & Network teams and other Agency departments leading the implementation and support of new processes and solutions to further the protection of information security across the Agency.

Responsibilities:

• Collaborate with other departments, business teams to ensure systems, applications and networks are secure by design. Support Change Control process ensuring new solutions comply with security requirements. 20%
• Perform vendor assessments providing risk levels and recommendations on activities required to work with various vendors based on risk exposure. 20%
• Lead and contribute to the development and support (operations and maintenance) of the information security incident management & breach response process, awareness trainings and campaigns, vulnerabilities management and penetration testing. 15%
• Lead the development, implementation and maintenance/support of information security policies, standards, and processes to prevent, detect, analyze, and respond to information security incidents. 10%
• Lead the development and owner of risk-based security controls for protection of information systems, networks and applications. 10%
• Lead and/or support security operations including Security Incident & Event Management (SIEM) processes, vulnerability assessments, and threat and incident management to mitigate risks. 10%
• Assist internal and external stakeholders including auditors, when required, with information security questionnaires, audits, reviews, investigations, etc. 10%
• Proactively research and develop technical solutions/security tools to help mitigate security vulnerabilities and the development of automated repeatable tasks. 5% 

Requirements:

• Bachelor Degree or equivalent experience in Information Technology or Information Security, plus at least 7 years of relevant experience
• Experience working on information security or related, technical, IT experience
• Security related certification/s would be a plus
• Experience working with distributed IT infrastructure, network and application environment
• Capacity to build and maintain excellent relations and to work effectively in a multicultural and multi-ethnic environment respecting diversity
• Strong personal, organisational and self-management skills.

A Plus

• Proficiency with at least one of the scripting languages (e.g.: Perl, Python, PowerShell)
• Strong understanding of/willingness to learn key trends in international and humanitarian development and how technology can and is being utilized to support these developments.
• CISSP or other Security Certifications