ARC Business Solutions Inc. is an established, growing and customer oriented information technology solution provider with proven abilities to incorporate strategy, creativity and technical aspects into business solutions. Core business verticals are: Professional IT Services, Enterprise Content Management, Utility Services and Managed Services.
ARC Business Solutions Inc. is currently seeking Information Security Consultants for immediate opportunities with clients in Toronto, Edmonton and Calgary.
ROLE: INFORMATION SECURITY CONSULTANT
We are looking for a seasoned I.T. Security and Risk management Professional to assist in performing IT compliance and vulnerability assessments, with a business oriented focus. Incumbent will also be tasked with leading the remediation of identified IT control gaps and vulnerabilities within the appropriate timelines.
- Map IT controls, threats and risks to existing applications and systems
- Perform IT compliance assessments in accordance with client’s policies and procedures
- Analyze and classify results of IT compliance and vulnerability assessments, using a risk based approach
- Prepare, summarize and report the results of IT compliance and vulnerability assessments
- Safely operate technology tools supporting the IT compliance and vulnerability assessment program
- Execute risk treatment processes following IT compliance and vulnerability assessments in accordance with client’s risk response framework
- Provide guidance to system owners in selecting risk treatment following IT compliance and vulnerability assessments
- Identify the top three risks for application systems, based on the results of the IT compliance assessments
1. IT Risk Management
2. IT Compliance
3. IT Vulnerability Assessment
- A minimum of 5-6 years of experience in the field of Information Security, IT Audit or related disciplines.
- Experience with scoping and scheduling IT compliance assessments and associated activities, mapping IT controls to IT systems, applications, and networks.
- Solid understanding of IT controls, how to interpret requirements defined in IT control/policy statements
- Ability to interact with control owners at a technical level to make a determination of the status of controls
- Ability to communicate the business implication of deficient controls to system owners
- Understanding of commonly-used concepts, practices, and procedures in the Information Security field including operating systems and network security, application security, vulnerability analysis, encryption technologies, intrusion detection, incident response, business continuity management, etc. to be able to provide guidance to system owners in selecting risk treatment options.
- Strong time management and organizational skills.
- Ability to effectively interact with personnel involved in policy, technical, operational, and program management work.
- Excellent communication skills including technical and business writing, documentation and presentation skills.
- University degree in Computer Sciences, Engineering, Audit, Business or related disciplines; and
- Possession or working toward achieving the following professional qualifications: CISSP, CRISC, CISM, CISA.
We offer a competitive salary, profit sharing, share options and a comprehensive benefits package. These positions can be filled by fulltime ARC employees or contractors.
We thank all applicants for their interest; however only candidates considered for interviews will be contacted. We will be conducting interviews immediately. TO BE CONSIDERED - Please forward your resume clearly displaying reference number JK:ISC in the subject line to email@example.com.