本文发表在 rolia.net 枫下论坛Hi XXX,
If you are suited to and interested in roles similar to this, please send updated resume, along with salary requirements and availability. Thanks......
--------------------------------------------------------------------------------
Security & Risk Management
Salary Range - $72 – 75,000
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
"Must have" skills
Disaster Recovery - (3-5Y)
Security - (3-5Y)
MCSE 2000 - (3-5Y)
Checkpoint Firewall - (3-5Y)
WAN - (3-5Y)
TCP/IP - (3-5Y)
Windows 2000 Server - (2-3Y)
Unix - Solaris - (2-3Y)
"Nice to have" skills
CISSP - (2-3Y)
CISA - (2-3Y)
PKI - (2-3Y)
SSL - (2-3Y)
DNS and DHCP - (2-3Y)
Internal Description
Security & Risk Management Analyst,
This position is part of the Technology Infrastructure and Operations Group within Canada IT, reporting to the Senior Manager, IT Security and Risk Management. The IT Security and Risk Management Analyst will provide security management, operations and disaster recovery coordination.
Overall Role and Responsibilities:
Disaster Recovery
Develop, manage and maintain the Disaster Recovery Plan (DRP) for the Canadian Firm.
· Update and maintain the disaster recovery plan as per the approved DRP maintenance process.
· Conduct a review of the disaster recovery infrastructure every 6 months.
· Ensure the disaster recovery plan is tested successfully every 6 months.
· Ensure any changes or amendments made to the plan are fully tested.
· Keep Canada IT personnel informed of any changes to the DRP in so far as they affect their duties and responsibilities.
· Ensure the disaster recovery orientation material is up to date.
· Manage the notification process for an emergency event.
· Manage the activation process of recovery plans when a disaster is declared.
· Promote an awareness of the Disaster Recovery function and direction to our customers.
· Manage vendor contracts for recovery purposes.
· Ensure that information concerning changes to the business process are properly communicated.
Information Security Management
Assist with information security activities to execute the information security program.
· Ensure that the rules of use for information systems comply with the firm's information security policies.
· Ensure that the administrative procedures for information systems comply with the firm's information security policies.
· Ensure that services provided by other firms, including outsourced providers, are consistent with established information security policies.
· Use metrics to measure, monitor and report on the effectiveness of information security controls and compliance with information security policies.
· Ensure that information security is not compromised throughout the change management process.
· Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.
· Ensure that non-compliance issues and other variances are resolved in a timely manner.
· Ensure the development and delivery of activities that can influence culture and behavior of staff including information security education and awareness.
· Work with Global IT Risk Management to ensure Canadian Firm security policies comply with global standards.
· Provide IT Audit services through the entire Systems Development Life Cycle.
Response Management
Develop and manage a capability to respond to and recover from disruptive and destructive information security incidents.
· Develop and implement processes for detecting, identifying and analyzing security related events.
· Develop response and recovery plans including organizing, training and equipping the teams.
· Ensure periodic testing of the response and recovery plans where appropriate.
· Ensure the execution of response and recovery plans as required.
· Establish procedures for documenting an event as a basis for subsequent action, including forensics when necessary.
· Manage post-event reviews to identify causes and corrective actions.
Customer Service
The successful candidate is self-motivated and has a track record of providing quality customer service. He/she will understand the importance of meeting and exceeding service level targets. In order to meet customer expectations of service delivery, the candidate will participate in the following team activities and initiatives:
· Analysis/interpretation, assessment and prioritization of client requests.
· Effective management of client expectations.
Teamwork and Leadership
He/she will demonstrate commitment in the following ways:
· Work with the Security and Risk Manager Senior Manager to set goals and directions for the Security and Risk Management Team. Provide input into the formulation of the team's work plans and execute plans accordingly.
· Understand and effectively communicate the goals, objectives, and direction of the Security and Risk Management Team to its members. Communicate project plans, expectations, scope of responsibility, and deliverables to team members.
· Foster a cooperative and productive work environment. Strive for a work environment where cooperative effort is a high priority. Promote teamwork within the Security and Risk Management Team and across other Canadian IT teams.
· Seek opportunities to enhance productivity and efficiency in delivering quality services and solutions.
· Encourage improvement through technology and innovation.
· Ensure that knowledge gained is transferred amongst the team members as well as between TI&O teams.
· Effectively communicate the goals, objectives and direction of the Security and Risk Management and TI&O teams across the Canada IT organization.
· Positively influence change through example and behavior.
Project/Work Management
The Security and Risk Management Team is responsible for ensuring effective planning, efficient project management, and the organization and prioritization of team projects and work activities to achieve timely and integrated service delivery. To this end, the Analyst is accountable for successfully performing the following activities:
· Deliver clear presentations that are appropriate to the audience and that achieve the intended results.
· Produce complex written documents including project plans, business cases, position papers and technical reviews.
· Facilitate sharing of information and ideas, assisting individuals and groups in reaching consensus, negotiating the needs of diverse groups.
· Develop detailed and comprehensive project work plans and develop cost analyses as required.
· Maximize team productivity by accepting assignments consistent with the teams' accountabilities.
· Keep the Security and Risk Management Senior Manager informed by providing regular progress plans/reports and project status updates.
· Ensure prompt notification of all issues affecting Security and Risk Management and its team members.
· Provide project and incident post-mortems as required.
Qualifications:
Education
· Degree – BA/B.Sc. or equivalent industry experience
Certifications
· Microsoft Certified Systems Engineer (MCSE) - Windows 2000 or Windows 2003
· ISACA Computer Information Security Manager (CISM), ISACA Computer Information System Auditor (CISA) or equivalent (definite assets)
Experience
· 3 - 4 years practical experience designing, implementing, and supporting data network services and Internet based solutions within a large professional organization is required
· Proven ability to manage multiple, concurrent technology projects and initiatives
Technical & Analytical
Strong technical skills – Broad knowledge of infrastructure components including:
· Vulnerability Assessments using established tools such as e-Eye Retina
· Anti-Virus and Spyware remediation
· Intrusion Detection Systems (IDS) and/or Intrusion Protection Systems (IPS)
· URL Filtering Technologies including Secure Computing SmartFilter and SurfControl
· Firewall configuration and maintenance (incl. CheckPoint [corporate] and ZoneAlarm Pro [workstation], TCP and UDP port assignments)
· Server platforms (i.e. Intel/Windows, Sun/Solaris)
· Storage Area Networks (i.e. EMC Clariion or Hitachi Lightning)
· LAN topologies (incl. Ethernet, FastEthernet, Gigabit), Ethernet switches and Wireless (802.11b/g)
· Web hosting infrastructure management (incl. operational familiarity with remote web logons, SSL, PKI, etc.)
· I*Net application infrastructure (incl. IIS, Active Server Pages [ASP], server-side scripting, Oracle Advanced Security, ADO and ODBC connections to SQL databases)
· Internetworking components and facilities (incl. firewalls, proxy servers)
· WAN architectures and industry-wide data communications standards (incl. Frame Relay, ATM, ISDN, Fiber Optics)
· TCP/IP design and management (incl. addressing, DHCP, DNS, WINS)
· Redundant systems / High availability
--------------------------------------------------------------------------------
Keith Taylor
Executive Consultant
ITR Limited
416 628 5966
keith@itrlimited.com更多精彩文章及讨论,请光临枫下论坛 rolia.net
If you are suited to and interested in roles similar to this, please send updated resume, along with salary requirements and availability. Thanks......
--------------------------------------------------------------------------------
Security & Risk Management
Salary Range - $72 – 75,000
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
"Must have" skills
Disaster Recovery - (3-5Y)
Security - (3-5Y)
MCSE 2000 - (3-5Y)
Checkpoint Firewall - (3-5Y)
WAN - (3-5Y)
TCP/IP - (3-5Y)
Windows 2000 Server - (2-3Y)
Unix - Solaris - (2-3Y)
"Nice to have" skills
CISSP - (2-3Y)
CISA - (2-3Y)
PKI - (2-3Y)
SSL - (2-3Y)
DNS and DHCP - (2-3Y)
Internal Description
Security & Risk Management Analyst,
This position is part of the Technology Infrastructure and Operations Group within Canada IT, reporting to the Senior Manager, IT Security and Risk Management. The IT Security and Risk Management Analyst will provide security management, operations and disaster recovery coordination.
Overall Role and Responsibilities:
Disaster Recovery
Develop, manage and maintain the Disaster Recovery Plan (DRP) for the Canadian Firm.
· Update and maintain the disaster recovery plan as per the approved DRP maintenance process.
· Conduct a review of the disaster recovery infrastructure every 6 months.
· Ensure the disaster recovery plan is tested successfully every 6 months.
· Ensure any changes or amendments made to the plan are fully tested.
· Keep Canada IT personnel informed of any changes to the DRP in so far as they affect their duties and responsibilities.
· Ensure the disaster recovery orientation material is up to date.
· Manage the notification process for an emergency event.
· Manage the activation process of recovery plans when a disaster is declared.
· Promote an awareness of the Disaster Recovery function and direction to our customers.
· Manage vendor contracts for recovery purposes.
· Ensure that information concerning changes to the business process are properly communicated.
Information Security Management
Assist with information security activities to execute the information security program.
· Ensure that the rules of use for information systems comply with the firm's information security policies.
· Ensure that the administrative procedures for information systems comply with the firm's information security policies.
· Ensure that services provided by other firms, including outsourced providers, are consistent with established information security policies.
· Use metrics to measure, monitor and report on the effectiveness of information security controls and compliance with information security policies.
· Ensure that information security is not compromised throughout the change management process.
· Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.
· Ensure that non-compliance issues and other variances are resolved in a timely manner.
· Ensure the development and delivery of activities that can influence culture and behavior of staff including information security education and awareness.
· Work with Global IT Risk Management to ensure Canadian Firm security policies comply with global standards.
· Provide IT Audit services through the entire Systems Development Life Cycle.
Response Management
Develop and manage a capability to respond to and recover from disruptive and destructive information security incidents.
· Develop and implement processes for detecting, identifying and analyzing security related events.
· Develop response and recovery plans including organizing, training and equipping the teams.
· Ensure periodic testing of the response and recovery plans where appropriate.
· Ensure the execution of response and recovery plans as required.
· Establish procedures for documenting an event as a basis for subsequent action, including forensics when necessary.
· Manage post-event reviews to identify causes and corrective actions.
Customer Service
The successful candidate is self-motivated and has a track record of providing quality customer service. He/she will understand the importance of meeting and exceeding service level targets. In order to meet customer expectations of service delivery, the candidate will participate in the following team activities and initiatives:
· Analysis/interpretation, assessment and prioritization of client requests.
· Effective management of client expectations.
Teamwork and Leadership
He/she will demonstrate commitment in the following ways:
· Work with the Security and Risk Manager Senior Manager to set goals and directions for the Security and Risk Management Team. Provide input into the formulation of the team's work plans and execute plans accordingly.
· Understand and effectively communicate the goals, objectives, and direction of the Security and Risk Management Team to its members. Communicate project plans, expectations, scope of responsibility, and deliverables to team members.
· Foster a cooperative and productive work environment. Strive for a work environment where cooperative effort is a high priority. Promote teamwork within the Security and Risk Management Team and across other Canadian IT teams.
· Seek opportunities to enhance productivity and efficiency in delivering quality services and solutions.
· Encourage improvement through technology and innovation.
· Ensure that knowledge gained is transferred amongst the team members as well as between TI&O teams.
· Effectively communicate the goals, objectives and direction of the Security and Risk Management and TI&O teams across the Canada IT organization.
· Positively influence change through example and behavior.
Project/Work Management
The Security and Risk Management Team is responsible for ensuring effective planning, efficient project management, and the organization and prioritization of team projects and work activities to achieve timely and integrated service delivery. To this end, the Analyst is accountable for successfully performing the following activities:
· Deliver clear presentations that are appropriate to the audience and that achieve the intended results.
· Produce complex written documents including project plans, business cases, position papers and technical reviews.
· Facilitate sharing of information and ideas, assisting individuals and groups in reaching consensus, negotiating the needs of diverse groups.
· Develop detailed and comprehensive project work plans and develop cost analyses as required.
· Maximize team productivity by accepting assignments consistent with the teams' accountabilities.
· Keep the Security and Risk Management Senior Manager informed by providing regular progress plans/reports and project status updates.
· Ensure prompt notification of all issues affecting Security and Risk Management and its team members.
· Provide project and incident post-mortems as required.
Qualifications:
Education
· Degree – BA/B.Sc. or equivalent industry experience
Certifications
· Microsoft Certified Systems Engineer (MCSE) - Windows 2000 or Windows 2003
· ISACA Computer Information Security Manager (CISM), ISACA Computer Information System Auditor (CISA) or equivalent (definite assets)
Experience
· 3 - 4 years practical experience designing, implementing, and supporting data network services and Internet based solutions within a large professional organization is required
· Proven ability to manage multiple, concurrent technology projects and initiatives
Technical & Analytical
Strong technical skills – Broad knowledge of infrastructure components including:
· Vulnerability Assessments using established tools such as e-Eye Retina
· Anti-Virus and Spyware remediation
· Intrusion Detection Systems (IDS) and/or Intrusion Protection Systems (IPS)
· URL Filtering Technologies including Secure Computing SmartFilter and SurfControl
· Firewall configuration and maintenance (incl. CheckPoint [corporate] and ZoneAlarm Pro [workstation], TCP and UDP port assignments)
· Server platforms (i.e. Intel/Windows, Sun/Solaris)
· Storage Area Networks (i.e. EMC Clariion or Hitachi Lightning)
· LAN topologies (incl. Ethernet, FastEthernet, Gigabit), Ethernet switches and Wireless (802.11b/g)
· Web hosting infrastructure management (incl. operational familiarity with remote web logons, SSL, PKI, etc.)
· I*Net application infrastructure (incl. IIS, Active Server Pages [ASP], server-side scripting, Oracle Advanced Security, ADO and ODBC connections to SQL databases)
· Internetworking components and facilities (incl. firewalls, proxy servers)
· WAN architectures and industry-wide data communications standards (incl. Frame Relay, ATM, ISDN, Fiber Optics)
· TCP/IP design and management (incl. addressing, DHCP, DNS, WINS)
· Redundant systems / High availability
--------------------------------------------------------------------------------
Keith Taylor
Executive Consultant
ITR Limited
416 628 5966
keith@itrlimited.com更多精彩文章及讨论,请光临枫下论坛 rolia.net