Senior Specialist, Cyber Security Compliance & Controls

Location(s): Calgary Head Office

Employment Type:Full Time- Permanent.

The Senior Specialist, Cyber Security Compliance and Controlsprovides technical leadership and expertise aimed at evolving the AER’s Information Security capability with a focus on defining, implementing, and assessing cyber security controls. This position will also be responsible for defining frameworks and designing organizational wide controls to meet the AER’s Information Security requirements.

“Act as if what you do makes a difference. It does.”

~William James

Responsibilities/Duties:

• Lead the evolution of cyber security controls framework that minimizes cyber security risks to the AER and its stakeholders. This includes working with related disciplines to ensure that the cyber security policy and controls framework are compliant with the overall business and information security strategy.

• Develop and implement standardized practices and processes for effective compliance & controls management. This includes defining and implementing suitable controls, and identifying, evaluating and remediating compliance issues.

• Build strong working partnerships with internal and external auditors and coordinate AER audit responses.

• Participate in the periodic evaluation of security controls to assure their effectiveness (e.g. internal/external penetration testing, manual control assessment, breach and attack simulation exercises, etc.).

• Coordinate the development of action plans for deficiencies or gaps identified during risk assessments, audits, vulnerability assessment, control testing, etc., and follow up on their implementation with various internal stakeholders.

• Manage and plan the development and delivery of information security training and awareness programs including change management related to policy and training development.

Qualifications:
Minimum Qualifications

• University degree or post-secondary diploma in Computer Sciences, Information Systems, business or a related discipline.

• 7+ years of relevant experience demonstrating progressive skill development and responsibility in cyber security and IT governance.

• Minimum of 5 years’ experience in at least 3 of the following domains: Security Architecture; Security Testing & Assessment; Security risk management; Threat assessments; Information governance; IT

• Risk & Compliance Management

• Certified Information Systems Security Architecture Professional (CISSP-ISSAP) and/or Cobit 5 Certification (e.g. CISA, CRISC)

• Expert level knowledge of Cyber security and IT Governance frameworks/standards (ISO 27001, NIST800-53, COBIT, ITIL)

Additional requirements/information for candidates:

• This position will be subject to pre-employment background screening, including a criminal record check and credit check

COVID-19 Information

The majority of employees are working remotely as we navigate the pandemic. As such the following related requirements apply:

• Willing and able to work remotely while we are in Covid-19 pandemic response.

• Have access to personal devices (e.g. computer/laptop).

• Have high speed internet connection with a minimum of 10 Mbps for downloads and 5 Mbps for uploads.

• This will be a Calgary Head office-based position post pandemic

Benefits at the AER

• Defined benefit pension plan

• Personal spending account

• Flexible benefits program

• Work/Life Balance time off programs

• Healthcare spending account

• Voluntary Group Savings Programs

• Employee & Family Assistance Program

• Visit our careers page for more details on all the AER has to offer!

Position Classification:

For Internal Applicants Only

• Under the AER’s Classification Framework this position is a SP4, LEVEL 6

• In the event a current AER employee would like to apply for an internal posting, the employee will inform their leader prior to submitting their application.

• Please note: Should an individual with the required qualifications not be available, applicants with closely related qualifications may be considered. As a result, the position may be redesigned and/or reclassified.

Please note, thisjob advertisementwill close on September 13, 2021 at midnight.