IBM Managing Security Consultant in MARKHAM, Ontario

The Managing Security Consultant: Security Strategy, Risk & Compliance position is for an experienced security professional with demonstrated consulting experience who is able to deliver strategic security advisory services and conduct comprehensive information security assessments for key IBM clients. The Consultant is a subject matter expert in designing and enhancing the IT risk/security metrics program. The ideal candidate should be an experienced information security consulting professional with demonstrated experience performing security assessments and acting as senior security strategy advisors at the Chief Information Security Officer (CISO) level. Candidate should possess proven record of IT and security thought leadership and be recognized for business as well as technical acumen by the customer set supported. The candidate will continue facilitating the automation of IT metrics collection from various enterprise source systems, KPI / KRI analysis and trending, and executive reporting and dashboards. It is preferred that the consultant has experience in mapping to multiple standards and frameworks, including NIST Cyber Security Framework (CSF), ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), etc. and have experience in formulating security roadmaps to bridge existing gaps.

  • English (Fluent)

  • At least 7 years experience in information security consulting (professional services consulting for end clients)

  • At least 5 years experience in interfacing at multiple levels of client management and building relationships

  • At least 3 years experience in supervising/managing and leading teams to success

  • At least 2 years experience in managing complex projects and using project management skills

  • Working knowledge of Archer GRC

  • Strong knowledge in security industry regulations/standards and compliance frameworks (e.g., ISO 27002, COBIT, PCI DSS, ITIL, etc.)

  • Solid experience in IT controls mapping, Sarbanes-Oxley (SOX) IT general controls (ITGC) testing / re-testing, test validation, and reporting

  • Ability to provide subject matter expertise in designing and enhancing the IT risk/security metrics program

Security Services