Information Security Lead
Calgary, AB, CA
Dentons
Dentons is a global law firm driven to provide you with the competitive edge in an increasingly complex and interconnected marketplace. We were formed by the March 2013 combination of international law firm Salans LLP, Canadian law firm Fraser...Dentons is designed to be different. Our firm leads the way in a rapidly changing legal marketplace. We challenge the status quo and deliver consistent results as well as uncompromising quality and value to our clients. Our global presence is renowned as a firm with over 21,000 individuals in more than 200 offices serving clients across 80+ countries.
Dentons Canada is committed to its people and communities. We are consistently recognized as an employer of choice having received numerous awards including being selected as one of Canada’s Top 100 Employers (2024); Canada’s Top Employers for Young People (2024), and Canada’s Best Diversity Employers (2024).
This role is an opportunity for you to join the world’s largest law firm, a firm that offers opportunities to build your career while growing your skills and deepening your expertise.
ROLE
Dentons Canada LLP is currently recruiting for an Information Security Lead who will be responsible for ensuring the security, integrity, and availability of Dentons Canada information assets. The candidate will contribute to the management and continuous improvement of multiple security programs. The position entails the development, implementation, and maintenance of security controls, through people, processes, and technology, across the organization.
KEY RESPONSIBILITIES & ACCOUNTABILITIES
General
- Maintain operational oversight of security systems and security configuration administration to adequately respond to risk to enterprise systems and accounts, both on-premise and the cloud.
- Actively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats.
- Prepare periodic reports to showcase the current security posture of our Information Security Program
- Protect systems in compliance with Information security policies and standards in addition to recognized frameworks (ISO 27001, NIST, etc)
- Lead a team of Information Security professionals across multiple programs.
- Maintain secure, resilient enterprise-grade processes in tandem with various IT stakeholders, such as, Information Security, IT Infrastructure and Operations teams.
- In partnership with Business Services, ensure services are properly positioned within client RFP responses as well as aligning responses at a global level.
- Oversee regional internal and external client audits as it relates to IT security and compliance
- Help develop, maintain, evaluate and implement policies, standards, and procedures in line with both business requirements.
- Help ensure IT services are well aligned with security and information management guidelines.
Security Operations and Incident Management Program
- Lead the implementation, configuration, and daily operation of Information Security technologies.
- Act as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement within the department; and within the organization, from a technical standpoint.
- Orchestrate the incident response process within the department, and work with key stakeholders within the department to respond, resolve and recover from the incident.
- Manage third-party security partners, ensure objectives are met, and work in partnership to continuously improve security operations processes.
- Act as an active participant within Incident Tabletop exercises
- Streamline, mature and automate (where applicable), the Incident Response playbooks and processes within the organization.
Vulnerability Management Program
- Analyze threat and vulnerability feeds data for applicability to the environment and perform compensating controls analysis and validate efficacy of existing controls and provide recommendations.
- Lead the team to perform security research, analysis, assessments and support with penetration testing and remediation actions.
- Conduct vulnerability assessments to evaluate attack vectors, identify vulnerabilities, and develop remediation plans.
- Work with IT stakeholders to guide and assist them during the remediation process.
Data Governance & Compliance
- Ensure that the following activities occur in accordance with Firm information security policies, including:
- Administer document classification audits and coordinate remediation activities.
- Help develop guidance, processes, and tools/controls to ensure Firm data is structured and secured appropriately.
- Help ensure data integrity of core client data across Firm systems.
- Advise on development and implementation of Information Security metrics, measurement criteria and reporting to ensure compliance and continuous improvement.
- Perform periodic compliance reporting to provide assurance of coverage and effectiveness of controls.
SKILLS & COMPETENCIES
- Strong written and oral communication skills.
- Strong stakeholder management skills and experience.
- Strong organizational skills with impeccable attention to detail.
- Strong situational analysis and decision-making skills, with experience balancing technical trade-offs.
- Demonstrates how to Act as One by being a team player across the Firm.
- Leads by example by modelling excellent customer service and leadership (demonstrating empathy, patience, attentiveness, and tenacity).
- Strong problem solving and analytical skills; can clearly explain and present problems and issues to others and contribute to their resolution.
- Ability to work under pressure and think clearly in challenging situations in a logical manner.
- Ability to be flexible in approach and be comfortable with a fluid organizational structure that requires both teamwork and self-sufficiency as necessary, with the ability to work under minimal supervision.
- Demonstrate initiative and the ability to be proactive, anticipating needs.
- Continues to develop leadership and technical skills.
- Flexibility to accommodate working in multiple time zones.
EDUCATION, EXPERIENCE & CERTIFICATIONS
- Post-secondary education with a specialization in Information Technology and / or minimum of 8+ years of Information Technology experience in designing, developing, and maintaining IT cybersecurity solutions
- 6+ years of experience in an Information Security related role with at least 3 years of experience in a management or functional lead capacity relating to information security & policy, preferably in a professional services environment.
- Experience assessing against standards and frameworks (ISO 27001/27002, ISO 15408, NIST Cybersecurity Framework)
- Strong understanding of cloud computing concepts, architecture patterns, and best practices.
- Experience in incident response
- Familiarity with the MITRE ATT&CK framework
- Experience with MS Sentinel, and Microsoft suite of security products, such as, but not limited to, Defender for Endpoint, Defender for Identity, Defender for cloud, etc.
- At least one relevant certification such as CISSP, CISM, or from GIAC/ISACA is required.
We thank all applicants for their interest, however, only those selected for an interview will be contacted.
At Dentons we are committed to offering equitable and competitive pay, we achieve this by aligning internal salary ranges for specific roles to similar positions in the external market. In the normal course, our practice is to hire, transfer and promote employees within the entry part of our range, adjusting as needed based on the prior experience, skills and competencies required for the role along with any market differentials.
Recognizing our exceptional talent means providing a comprehensive total rewards package beyond a competitive salary. We have curated our employee benefits portfolio to offer inclusive and comprehensive wellbeing and developmental programs for our people. With extended benefits and mental health plans, paid time off, savings plans, fitness subsidy, parental leave top up and more, our benefits are flexible, aligned to our core values and supports the various needs of our people. Additionally, our personal and professional development programs include people networks, mentorships, and leadership series programming to help people grow their career.
Note: Availability of the benefits and perks may be subject to your location and employment type and may have certain eligibility requirements. Dentons reserves the right to alter these programs and offerings in whole or in part at any time without advance notice.
Equal Opportunity Statement
At Dentons Canada, inclusion, diversity and equity (ID&E) are not just ancillary values, they are foundational to our business. We believe that ID&E is essential to the shared success of our team and our clients. Our forward-thinking and inclusive culture supports the professional development of all our people, enhances the leading services we offer to our clients, and informs our commitment to make a positive impact in the communities where we live and work. As a testament to our commitment to ID&E, we have been recognized as one of Canada’s Best Diversity Employer’s for 12 consecutive years (2011-2022), as well as one of Canada’s Top Employers for Young People (2022) for the fifth time.
Dentons Canada is an equal opportunity employer and we welcome your application. All employment decisions, including hiring, will be made without regard to age, ancestry, citizenship, colour, creed, disability, ethnic origin, family status, gender assigned at birth, gender identity, marital status, place of origin, race, sexual orientation or any other characteristic protected by applicable human rights legislation.
We are committed to providing you with an inclusive, barrier-free and accessible workplace to support your success. Should you require accommodation during the recruitment process, for example as a result of a disability, please contact us at careers.canada@dentons.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISM CISSP Cloud Compliance GIAC Governance Incident response ISACA ISO 27001 IT infrastructure MITRE ATT&CK NIST Pentesting RFPs Sentinel Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity / stock options Flex hours Flex vacation Health care Parental leave Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.