Fortinet is looking for a Director of Information Security and Compliance to join our Information Security team in Burnaby site. Successful candidate will provide the vision and leadership necessary to manage site level IT security initiatives and ensure compliance. He/she will be responsible for establishing IT security and compliance objectives, developing strategic plan, implementing comprehensive enterprise IT security practices to achieve IT security and compliance target. Among many other strategic goals, the candidate will lead the effort to achieve ISO 27001 compliance for Burnaby site.Job Responsibilities:
Skills and Qualifications:
- Develop IT security and compliance strategy. Build and lead IT security team to develop, implement and maintain Information Security Management System (ISMS) with an aim to achieve ISO 27001 compliance.
- Lead the effort to implement industrial best security practices to enhance the security of the organization.
- Implement an incident identification and response program working closely with cooperate incident response team to evaluate potential security breaches, coordinates response, and implement corrective actions.
- Working closely with IT operations, product leadership to drive security and compliance of Burnaby R&D site.
- Promote security awareness and training across the site and foster security culture.
- Working with function leaders to manage the business continuity and recovery function for the business.
- Define and report on information security metrics.
Educational & Certification Requirements:
- Experience leading compliance efforts through various standards and certifications (e.g. ISO 27001, NIST 800-53 etc) and regulatory frameworks (SOX, HIPAA, GDPR, etc.).
- Working knowledge of information security control technologies including access control, cryptography, vulnerability management, SIEM/log management, ID/IPS, and penetration test.
- Working knowledge and hardening skills on information technologies including Linux, Windows, VMWare, MySQL, MSSQL, Oracle, etc.
- Working knowledge of network protocols, DNS, and networking devices - routers, VPNs, proxies, firewalls.
- SOC/NOC experience desired.
- Exceptional written and verbal communication skills.
- Experience working with exec leadership team to communicate risks and strategies.
- Bachelors degree in Computer Science, Information Security or related field;
- A certification in one or more of the following desirable:
- CISSP, CISA, CISM, ISO 27001 Lead-Auditor
Software and Programming Information Technology