You recognize cyber security is the management of cyber risk associated with people, process, technology and data. You understand the risks businesses face and how to use the Microsoft Ecosystem to design “Zero Trust - Identity and Data Centric” solutions that will mitigate these risks and ensure compliance. You’re an astute advisor on Security Transformation, Security Strategy and Security Operations (SOC). As a Cyber Security Manager, you can effectively lead technical and non-technical teams.
Day to day, your work is to:
- Advise clients on the security implications of compliance and regulations such as OSFI, ISO, NIST, PCI, PIPEDA, GDPR etc.
- Carry out threat and risk assessments (TRAs) and develop security architecture to mitigate threats
- Lead and conduct threat modeling activities during Secure Development Lifecycle (SDL)
- Be the “Trusted Advisor” on best practices to protect information
- Actively lead multiple engagements simultaneously and seamlessly
- Mentor junior consultants
- Actively seek and nurture opportunities for business development.
- Lead response to RFPs, scope security programs and assist in closing sales opportunities.
- Actively participate in development of cyber security offerings.
You’re passionate about understanding or discovering security vulnerabilities and aspire to be the “Trusted Advisor.” You know all about identifying, providing and validating security requirements of IT solutions, and you’ve done this in a consulting environment. You’re a skilled communicator who can effectively articulate cyber security risks to technical and non-technical audiences.
You probably have a Bachelor’s degree in technical discipline such as (Computer Science, Engineering, Applied Mathematics etc.) and preferably, a Master’s degree in Science, Engineering or Business. You have several years (7 plus) of consulting experience in systems and infrastructure engineering, focused on Cyber security.
Your skills and experience include:
- Methods and identification tools for risks and security threats
- Knowledge of information security standards (OSFI, ISO, NIST, PCI, PIPEDA, GDPR etc.)
- Proficiency in operating systems, database platforms, web technologies, firewalls and programming languages
- Excellent communication skills in written and oral English
- Giving effective advice in large-scale technology projects while working at all levels - with clients and your team.
- Strong technical skills to design and implement O365 Security services with hands on experience on several of the items outlined below:
- Manage identity and access
- Secure O365 Hybrid environments (Connectivity, sync services, and authentications
- Azure AD Self-service password reset, Azure AD access reviews)
- Authentication Methods (sign-on security, multi-factor authentication (MFA), device sign-on methods, manage authentication methods)
- Conditional Access (Compliance and conditional access policies, device compliance policy, conditional access policy)
- Role-based access control (RBAC)
- Azure AD Privileged Identity Management (PIM)
- Azure AD Identity Protection (User risk policy and sign-in risk policy)
- O365 Threat Protection
- O365 ATP (Anti-phishing protection, anti-spoofing, anti-spam protection, Safe-Attachments, Safe Links, anti-malware solution, and tests using Attack Simulator)
- Information Protection
- Secure data within O365 (Customer Lockbox, Office 365 collaboration workloads, and B2B sharing for external users)
- Azure Information Protection (Azure Rights Management, labels and conditions, templates, AIP scanner, RMS connector, tenant keys, integrate AIP with Microsoft Online Services)
- Data Loss Prevention (Manage DLP policies, manage sensitive information types
- O365 Cloud App Security (Plan implementation and configuration)
- O365 Governance and Compliance
- Security reporting (Windows Analytics, Office Telemetry, Office 365 secure score, Azure Log Analytics integration, and alert policies in the O65 Security and Compliance Center)
- Audit logs and reports (Office 365 auditing and reporting)
- O365 classification and labeling (Data governance classification and labels)
- Data governance and retention (Retention policies, data governance reports and dashboards, Information holds, import data in the Security and Compliance Center, manage inactive mailboxes)
- Search and investigation (Content search and eDiscovery, export content search results, and manage eDiscovery cases)
- Data privacy regulation compliance (Regulatory compliance in Microsoft 365, review and interpret GDPR dashboards and reports, Compliance Manager reports)
- Ability to integrate Microsoft Cloud Technologies with 3rd party security products such as Lookout, Zscaler, MobileIron, AirWatch, Splunk, Symantec DLP, Ping, Okta, SailPoint, etc.
One or more of the following:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Cloud Security Professional (CCSP)
- GIAC Certified
- Microsoft O365 Security Administrator (MS-500)