Job Description

Are you looking for more than a job? At World Vision Canada we offer challenging careers that change the lives of children all over the world and it will change yours too. Come and be part of a team of 400 Canadians with a vision for the world: Life in all its fullness for every child.



You will experience Christian faith in action helping to make real and lasting change in the lives of the world's most vulnerable children. Join the World Vision Canada team and be part of a powerful and effective force for good:



For Children. For Change. For Life.

Position:

Specialist, IT Security

Reports to:

Vice President, Enterprise Technology and Transformation

Position Term:

Full Time Permanent

Primary Location:

Mississauga, Ontario, Canada

Workplace Type:

Hybrid



Job Purpose

Reporting to the Vice President, Enterprise Technology and Transformation, the Specialist, IT Security will oversee the planning, execution, and management of multi-faceted projects related to IT compliance, control assurance, risk management, security, and infrastructure/ information asset protection.



The Specialist, IT Security will be responsible for developing and managing enterprise IT security across multiple IT functional areas (e.g., data, systems, network and/or Web), developing and managing enterprise security services, and developing security solutions for critical and/or highly complex assignments to ensure the company's infrastructure and information assets are protected.



Responsibilities



Strategies, Policies and Risk Management

Plan, execute, and manage IT projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness Develop and drive security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization Develop, execute and manage data, system, network and internet security strategies and solutions across the enterprise Define and develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines Guide the enforcement of IT security policies and procedures Manage and enforce Identity and Access Management (IAM) and Privilege Access Management (PAM) policies, including multi-factor authentication (MFA) Update, maintain and document security controls and provide direct support to the business and internal IT groups Evaluate and recommend security products, services and/or procedures Communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues

Analysis & Response

Work with and provide guidance to technical teams, as they perform infrastructure, application and code scans as well as Penetration Tests (PEN) tests in order to uncover vulnerabilities within the WVC IT systems topology Analyze vulnerabilities found through Vulnerability (VA) scans and PEN tests and propose remediation strategies Influence delivery teams to align to the WVC security directives and provide guidance and strategies to integrate into the delivery lifecycle Manage data security profiles on all platforms by reviewing security violation reports and investigating security issues and exceptions Administer and optimize security tools, including SIEM, endpoint protection (EDR/XDR), firewall/VPN technologies, and intrusion detection/prevention systems (IDS/IPS) Document all IT security incidents and assess their actual or potential damage to WVC Liaise between WVI Security group and WVC with respect to IT security policy, process, procedures, training and communication If any security incidents should occur, work with the Infrastructure Operations/DevOps team to document the "lessons learned" and manage the implementation of improvements to existing processes/procedures/best practices or the creation of new processes/procedures/best practices if they do not already exist Ensure the Chief, Information Officer & VP, Enterprise Technology & Transformation are provided with weekly/monthly/quarterly and annual security reports

Cyber Security Solutions Delivery

Develop and implement solutions to alleviate risks and enhance system security and support teams as a technical expert for the project, system or solution they are working on Implement network, server, website, application, and Data/Information security improvements for cloud, hosted, and on/off premise solutions, by assessing current situation; evaluating trends; anticipating requirements and making recommendations Ensure site and data security and provide consultation on security issues staying abreast of potential Internet security threats Upgrade systems by implementing and maintaining security controls at all layers (server, network, application, and data/information) Assist in security investigations where required Assist in the development of secure architecture, designs, and provides training on security solutions Support agile and project teams as a subject matter expert Assess and develop mitigation measures to ensure that appropriate mitigation is applied. Play a critical, collaborative role in setting the strategy and goals for delivery teams, with a focus on project impact, product quality, and design efficiency

Systems Solutions Delivery

Provide input to initiative/project security vulnerability and business requirements and ensure that the deliverables produced by the development effort conform to the business requirements. Consult on design/development deliverables, including interface specifications, integration requirements, as well as implementation and release/launch strategies and plans. Contribute to the project planning and administration - assists in developing the project charter documentation, including helping with the high-level plan, the feasibility analysis, and in developing the business case.

Prevention

Review the results of internal PEN tests and define mitigation/remediation strategies Review the results of VA scans and define mitigation/remediation strategies Evaluate and sign-off on initiative/projects' pre-release security scans, architecture and code reviews. Assess the latest internal and external security bulletins and propose a plan to remediate any threats that are applicable to the WVC IT ecosystem.

Leadership and Training

Stay current on IT security trends, news and standards. Ensure that applicable security awareness and compliance training programs are implemented and provide communication and training as needed Provide security briefings to advise on critical issues that may affect client. Conduct knowledge transfer training sessions to operations/DevOps team upon technology implementation Assist in the creation and presentation of training materials, both online and in person, to improve Enterprise Technology & Transformation staff's understanding of security policies and procedures Lead training sessions with IT Systems staff and contractors to convey how WVC security policies affects their programs/projects/initiatives

Qualifications



BSc. in Computer Science, Information Systems or other related field, or equivalent work experience. Minimum of 5 years of progressive experience in IT with at least 3 years focused specifically on security engineering / operations, and/or incident response. Demonstrated experience with: Cloud security principles and controls (Azure/GCP). Network security fundamentals (TCP/IP, firewalls, VPNs, IDS/IPS). Managing enterprise-level security technologies (SIEM, EDR, MDM). Vulnerability scanning tools (e.g., Darktrace, Nessus, Qualys) Strong technical, analytical, communication and consulting skills with knowledge of IT Security and related technologies. Knowledge of specific regulatory frameworks relevant to non-profits (e.g., handling PII, PCI-DSS compliance) Security certifications such as; Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH) Global Information Assurance Certification (GIAC) and/or other certifications) may be required. In-depth knowledge of security issues, techniques and implications across all existing computer platforms

Why Consider Us?

Our competitive compensation & benefits include:

Health Spending Account Up to 6% matched pension contributions Parental leave top-up Generous paid vacation, sick days, wellness and personal days Office closed extra days before long weekends (6x/year) World Vision Canada has consistently been awarded Canada and GTA top employer awards. We are Canada's largest development, relief, and advocacy non-profit organization.

#LI-Hybrid



We bring life-saving support in times of disaster. We help poor communities to take charge of their futures. We provide small loans and training that boost family livelihoods. We work with policy makers to change the way the world is run. Our Christian faith teaches us that every child, regardless of gender, faith or race, is a precious gift to the entire world - and that their wellbeing concerns us all. We shall never rest while children suffer in situations that can be changed.



Canada's Top 100 Employers GTA Top 100 Employers

Our Core Values:

We are committed to the Poor. We are Christian. We are Stewards. We value People. We are Partners. We are Responsive.



Qualified candidates must be able to demonstrate a commitment to the core values and mission of the World Vision partnership.



World Vision Canada takes our Safeguarding responsibilities seriously and we provide an environment that is safe for our child and adult beneficiaries. We have strong recruitment procedures to make sure the safest and most suitable people work with the children in our programs. We provide our staff and volunteers with ongoing supervision, support and training in their work with child and adult beneficiaries.



World Vision Canada welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.



Thank you for your interest; however only those applicants selected for an interview will be contacted.