Under the general direction of the Security Manager, the role of the Security Assistant Manager is to supervise Redesign security project staff ensuring that all security controls are defined, documented, and implemented in the new Retirement Benefit Administration System. The Security Assistant Manager will be responsible for, but not limited to, the following:
In conjunction with client’s Selected Implementation Vendor, guide the technical support for operating system security for the new Retirement Benefit Administration System and ensure that the Security Manager is aware of any emerging issues.
In conjunction with CLIENT’S Selection Implementation Vendor, guide the development, implementation, and maintenance of detailed technical designs and procedures for operating system security and required security roles in accordance with existing OSC’s systems standards as well as any other applicable standards.
In conjunction with CLIENT’S Selected Implementation Vendor, guide the proactive monitoring, diagnosing, and correcting computer system security problems. (i.e., access permissions, password reset, login issues, etc.).
Assist in oversight of the selection, installation, and maintenance of client’s computer security software.
Assist in oversight of the development of backup, recovery and contingency/disaster planning.
Assist in oversight of CLIENT’S Selected Implementation Vendors for conversion planning, to ensure that the servers and operating system environment are designed, developed, installed and are performing in a manner adequate to meet the security needs of the client’s Project.
Assist in the coordination of CIO staff to ensure they understand the full impact of system security enhancements as they relate to OSC, developing and monitoring SLAs (Service Level Agreements) where necessary to ensure that work is accomplished in a coordinated, well-planned manner and meets expectations.
Assist in oversight of all aspects of the new Retirement Benefit Administration System, other organizations at the client, and external entities, to ensure that security needs are addressed as implementation proceeds.
Assist in the development and implementation of the LOB user administration process including the creation, maintenance, role maintenance and the related policies, for all internal staff and external customer’s usage of client’s self-service web applications.
Assist in the development and implementation of the policies surrounding the business and IT processes proposed in the new Retirement Benefit Administration System including, but not limited to: receiving and sending data to external partners, movement of data files within OSC, business reports, IT Change Management (application and system changes) throughout the system, user lifecycle management as well as the secure integration between component parts of the new Retirement Benefit Administration System.
Ensure that all client’s Security Policies and directives are upheld and maintained as the new system is developed.
Collaborate and cooperate with related ISO and CIO security staff and keep them informed of key security activities.
Assist in oversight of any third party vendor(s) who may perform Network Vulnerability Assessments. Manage the review of any reports that are developed in this regard (including reports from the QA/IV&V Vendor) and ensure that any and all deficiencies are reviewed and appropriate follow-up action is taken.
Assist in the management of the certification and accreditation of the security of the new Retirement Benefit Administration System, the program under which it is implemented and the resulting business environment in which it will continue to operate.
Assist in oversight of CLIENT’S Selected Implementation Vendor’s development of an information security program which includes, but is not limited to:
Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of client.
Subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate.
Security awareness training.
Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually.
A process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of client.
Procedures for detecting, reporting, and responding to security incidents.
Plans and procedures to ensure continuity of operations for information systems that support the operations and assets of client.
Assist in data classification activities including the development, implementation and maintenance of CLIENT’S data classification program in consultation with the division’s business units.
MINIMUM QUALIFICATIIONS:
At least nine (9) years of IT security experience, at least two (2) years of which must be supervising in an IT environment, (e.g. web, imaging, workflow, customer relationship management (CRM)).
Experience must include the following, which may be concurrent:
Two (2) years’ experience working on advanced security features, such as encryption, and Internet and Web protection.
Two (2) years’ experience establishing and maintaining an organization's security policy and plan.
Two (2) years’ experience building appropriate user profiles, roles, and privileges, etc., involving all aspects of user administration in support of secure internal and external controls.