vCISO ensuring cybersecurity by managing risks, compliance, and security initiatives for organization. Collaborating across teams and enhancing system security engineering in a fully remote role.
Responsibilities
As a vCISO, you will play a critical role in ensuring the security of our organization's systems and infrastructure.
You will be responsible for supporting governance initiatives, assessing and managing risks, ensuring compliance with relevant regulations and standards, and providing technical expertise to enhance system security engineering.
Additionally, you will support responsibilities related to SOC 2 Type II, HIPAA, and PCI compliance audits while ensuring the security of systems and infrastructure through strategic oversight.
Assist in the development, implementation, and maintenance of effective cyber security policies, procedures, and standards.
Support governance initiatives by establishing and maintaining security frameworks, controls, and documentation.
Conduct risk assessments and work closely with stakeholders to identify, analyze, and mitigate potential security risks.
Ensure compliance with relevant regulatory requirements, industry standards, and best practices.
Collaborate with cross-functional teams to incorporate security controls and requirements into system design and development processes.
Conduct security architecture reviews and provide technical guidance to ensure the implementation of robust security measures.
Perform security assessments and penetration testing on systems, networks, and applications.
Identify vulnerabilities, analyze security flaws, and recommend remediation strategies.
Stay updated with emerging threats, vulnerabilities, and security technologies to enhance system security engineering practices.
Contribute to the development and testing of incident response plans and procedures.
Requirements
Bachelor’s degree in computer science, Information Technology, or a related field
Proven experience as a Cyber Security Engineer, Security Analyst, or a similar role
Strong understanding of cyber security principles, risk management methodologies, and compliance frameworks
In-depth knowledge of security technologies, including firewalls, intrusion detection/prevention systems, SIEM, and vulnerability scanning tools
Familiarity with regulatory requirements (e.g., GDPR, HIPAA), industry standards (e.g., NIST, ISO 27001), and frameworks (e.g., COBIT, ITIL)
Experience with and interpreting cyber security framework (e.g., NIST CSF, HIPAA HITRUST, CIS20, CSA CSF)
Experience in system security engineering, secure software development, or secure system design
Proficiency in conducting security assessments and vulnerability management
Familiarity with incident response processes and security monitoring practices
Excellent problem-solving and analytical skills
Strong communication and collaboration abilities
Relevant certifications such as CISSP, CISM, CASP+, or GIAC are highly desirable
Benefits
100% permanently remote position with no plans to return to an office
Extensive paid time off including paid holidays and float holidays
Highly competitive and flexible medical, dental, and vision benefits plans to suit your needs
401(k) with generous employer match
Tailored Life and Disability insurance plans
Full reimbursement for approved professional certification and career enriching opportunities
Monthly mobile phone plan and internet service stipend
Senior Technology Architect contract with Ontario Ministry. Hybrid in Toronto, 12 - month term. Requires 5+ years in secure architecture, cloud security, and IAM.
Director, Regulatory Trade Reporting Change needed to drive regulatory change initiatives in capital markets for a Toronto - based financial institution.
Deputy CTO managing backend and ML teams at SDG, leading architecture and technical decisions for social discovery products. Collaborating with a network of digital nomads globally in a remote setting.
Kelly Services is hiring IT Field Service technicians for a client in Toronto, involving hardware, networking, and troubleshooting support on a sporadic/on - call basis.