Product Owner, Cybersecurity Vulnerability Management

Product Owner, Cybersecurity Vulnerability Management-0004WW

Posting Date :

Nov 15, 2024, 2 : 42 : 27 PM

Primary Location : Ontario-Ottawa

Ontario-Ottawa

Job Type : Permanent

Permanent

Schedule : Full-time

Full-time

Description

Export Development Canada (EDC) is a financial Crown corporation dedicated to helping Canadian businesses make an impact at home and abroad.

EDC offers financial products and knowledge to help Canadian businesses confidently enter new markets, reduce financial risk, and grow their business.

When you join our team, you’ll be helping Canadian businesses learn the endless possibilities that open to them through export and help bring their vision, passion, and innovation to the world.

Your knowledge and expertise will support more than 25,000 Canadian businesses and their customers in as many as 200 markets worldwide.

You’ll work amongst the best and brightest in an inclusive, collaborative environment that fosters professional development and success.

And you’ll know that you’re making an impact every day for businesses, for Canada and for the people you work with.

Are you ready to make an impact? Join EDC, recognized as a Top 100 and Top Family-Friendly Employer, as we take on the risk so Canadian businesses can take on the world. #LI-Hybrid

Team & Job Overview

The Digital & Technology Solutions (DTS) group under the leadership of the Chief Information Officer was established in 2023 with the mission of empowering our customers and colleagues to take on the world, by seamlessly delivering secure and reliable digital experiences.

Digital & Technology Solutions has set out to achieve the following objectives for EDC :

• Define, execute, and sustain the integrated technology target state, target data model and technology operations required to enable EDC’s 2030 business transformation.
• Establish and manage the rolling 3 Year Digital Roadmap that sequences the technology outcomes required to achieve the technology target state and facilitate its execution across all domains in the organization.
• Keep pace with industry trends and emerging technologies, ensuring EDC has access to the digital technology tools it needs to stay relevant in the market and grow Canadian global trade.
• Lead and ensure integrated digital, data, infrastructure, and cybersecurity implementations to create excellent customer, user, and employee experiences.

The Enterprise Information Security (EIS) team is looking for an experienced resource to perform the role of Product Owner, Vulnerability Management to work with EIS leadership, cybersecurity team and key stakeholders to define outcomes, develop tactical plans and security requirements, and lead security projects that address information security risks with a focus on protecting EDC’s digital assets.

This role will require significant cross-functional collaboration and is critical in supporting the fundamental elements of the Enterprise Information Security strategy and team operations.

The successful candidate is an expert in techniques used to protect sensitive data in multiple environments. The Product Owner, Vulnerability Management has high level of integrity, trustworthiness and confidence, and can represent the company and security leadership with the highest level of professionalism and leads by example.

Key Responsibilities

• Lead EDC’s Vulnerability Management practice, including creating a strategy, roadmap, and service offering for the sustained success of the practice
• Learn and understand EDC’s core business; help tailor service to meet the nuanced needs and manage the key risks to the organization
• Inform, advise and collaborate with technology leadership and business units to secure the technology assets and information at EDC
• Manage and improve the process for identification, intake and contextualization of discovered vulnerabilities (through periodic scans I.

e. weekly), in on-premises and cloud-based infrastructure, and application layer whether through scanning and DevSecOps pipeline, threat detection processes and tools (i.

e. breach attack simulation).

• Prioritize vulnerability remediation based on criticality, exploit probability, rating and business risk exposure.
• Document, prioritize, recommend, validate and report on the state of vulnerabilities.
• Recommend tactical options to reduce attack surface, containment alternatives and impede attackers.
• Work closely with stakeholders and vendors / service providers to remediate vulnerabilities.
• Liaise with the security engineering team to improve monitoring and response workflow.
• Serve as infosec point of contact for new and existing vulnerability-related issues.
• Collaborate and stay aligned with documentation related to vulnerability policies and procedures. Support the advocacy and communication of the VM policies and procedures with stakeholders.
• Operate automated and manual tools utilized to identify vulnerabilities. Generate scan outputs and facilitate sessions with Stakeholders, document decisions and agreed remediation dates.
• Track of vulnerabilities / risk register of findings from penetration (Pen) tests, Vulnerability Management (VM) scans, and DevSecOps findings.
• Manage compliance framework and checks, and stakeholder engagement, compliance scans (I.e. CIS).
• Promote secure coding practices, including secure design principles, secure coding standards, and secure configuration management.
• Advise and support execution on various security testing techniques, such as static code analysis, dynamic application security testing (DAST), and penetration testing.
• Stay up to date with advancements in technology, while also retaining knowledge of legacy systems and applications in use at EDC.

Screening Criteria

• Undergraduate degree in computer science, information assurance, engineering, or related field, or equivalent experience in lieu of education
• Minimum 7 years’ experience in information security administration, vulnerability management or security / infrastructure operations
• Minimum 3 years’ experience working in an outsourced IT environment
• Proficient with vulnerability management solutions such as Qualys, Tenable, and / or ServiceNow
• Experience conducting organization-wide vulnerability scanning and remediation processes
• Exceptional skills in influencing and driving cross-functional teams and delivering solutions in a highly complex, dynamic and nebulous environment
• Excellent verbal and written communication, critical and strategic thinking, time management, priority planning and interpersonal skills
• Proven experience in tech fluency and business fluency, and a demonstrated ability to translate between the two
• Working knowledge of both ITIL and Agile principles; understands how backlogs are formed and how to influence them

Assets

• 3-5 years' experience with a combination of one of more hand-on roles in cybersecurity or IT operations
• Experience working with senior leaders and executives in a service delivery or risk management setting
• Experience governing IT vendor relationships
• Strong understanding of applications, operating systems, networking, cloud infrastructure and basic attacker tactics, techniques and procedures (TTPs), OWASP, CVSS and MITRE ATT&CK framework and the software development lifecycle
• Strong knowledge of industry compliance framework / scans (e.g. CIS)
• Capacity to comprehend complex technical infrastructure, managed services and third-party dependencies
• One or more security certifications such as Certified Information Systems Security Professional (CISSP), CGCED (GIAC Certified Enterprise Defender), GCCC (GIAC Critical Controls Certification), GPEN (GIAC Penetration Tester Certification), GCIH (GIAC Certified Incident Handler Certification), or CRISC
• Bilingualism in both official languages (English & French).

Compensation Details :

Product Owner 18 : Salaries typically range from $92,355 to $123,140 annually, based on qualifications and experiences, plus a performance-based incentive.

Location

• Export Development Canada is a hybrid work environment.
• This role may be performed from EDC's headquarters in Ottawa, Toronto, Mississauga, Calgary, Montreal, Laval, Brossard, Vancouver, or Halifax.
• Relocation assistance is available for eligible candidates.

EDC's Commitment to Employment Equity

EDC is committed to employment equity and achieving a diverse workforce. EDC actively encourages applications from women, Aboriginal peoples, visible minorities, persons with disabilities and members of the 2SLGBTQI+ community.

If selected for an interview, please advise us if you need any special accommodation.

Application deadline : Nov 29, 2024, 11 : 59 : 00 PMCandidates must meet the requisite government security screening requirements.