Senior Information Security Engineer

Senior Information Security Engineer

The Team:

The scope of the information security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. The information security team implements and operates a number of security solutions directly, such as anti-malware solutions, Internet security proxy servers, and the vulnerability scanning platform, and relies on other departments (IT service delivery, HR, facilities) to operate all other security controls.

The information security team is responsible for ensuring the overall effectiveness of the control framework and managing security incidents. The team works with unified principles and processes around the world while maintaining regional stakeholder relationships. It adheres to the international standard ISO 27001, and reports to the firm's chief information security officer.

The Role:

• Provide technical leadership and subject matter expertise of the firm's security solutions.
• Provide security product ownership and maintenance of tools such as next generation anti-virus / EDR, web filtering, vulnerability scanning, and privileged access management solutions.
• Continually improve the team's visibility into the security posture of on-premise and cloud infrastructure; provide associated data and risk records as appropriate.
• Assist with remediation of weak controls as necessary, either technically or through influence.
• Assist with the definition of standards, policies, designs and apply control governance where necessary as a preventative measure.
• Ensure that the firm has the requisite capability to investigate, prevent and remediate against security breaches, viruses and deviations from security procedures.
• Participate in post-mortem investigations of information security incidents while preparing report documents illustrating the findings and lessons learned.
• Propose security controls to mitigate identified risks, while improving ongoing operations and incident response processes. Using the risk management process effectively.
• Act as a technical point of escalation.
• Maintain effective working relationships with a variety of internal stakeholders.
• Mentor to junior team members.

Skills and Experience Required:

• Bachelor's degree in a related discipline (computer science, information systems management, engineering, or similar).
• Minimum 5 years of experience in a related security field.
• Previous network engineering or systems administration background (preferred).
• Deep technical understanding of security products, including web filtering, next-generation anti-virus/ EDR, and vulnerability management tools.
• Ability to rapidly adapt to change and absorb new technologies.
• Ability to lead troubleshooting in complex environments and provide technical recommendations to solve short- and long-term issues.
• Strong knowledge of the security landscape (attack vectors, tooling, best practices for assessment, mitigation, remediation and governance).
• Track record of delivering high-quality solutions through project delivery or ongoing continual improvement in an operational role.
• Working knowledge of authentication protocols, and identity access management technologies such as SSO and MFA.
• Familiarity with security best practices and risk management operating in cloud environments such as Azure (required), GCP and AWS (nice to have), and in other third-party SAAS platforms.
• Knowledge of information security standards such as ISO27001, NIST, CIS.

Personal Attributes:

• Keen sense of responsibility, ability to set a professional example and desire to adhere to defined security practices.
• Strong technical security understanding.
• Self-motivated and able to work calmly and methodically under pressure.
• Analytical, structured and systematic approach to problem solving.
• Excellent interpersonal skills, exceptional levels of personal integrity and the ability to communicate clearly at all levels through reports, presentations and forming effective matrixed relationships.
• Flexible approach to incorporate changing priorities.
• Co-operative, service orientated, individual and established team worker, comfortable working in a geographically dispersed team.
• Good judgement when it comes to confidentiality and sensitivity of information of which you may become aware through the role.
• Adaptable and keen to learn new skills.

Please note that Norton Rose Fulbright Canada requires all Firm members to provide proof of full vaccination against COVID-19 prior to entering the workplace. Applicants who receive an employment offer will be required to provide proof of full vaccination upon arrival to the Firm as a condition of employment. Norton Rose Fulbright has a duty to accommodate those who are unable to get vaccinated due to religious, medical or other protected grounds. For applicants who require an accommodation, please contact TORHR_RH@nortonrosefulbright.comto discuss further.

Norton Rose Fulbright

Norton Rose Fulbright is a global law firm. We provide the world's preeminent corporations and financial institutions with a full business law service. We have more than 3500 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, the Middle East and Africa.

Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy, infrastructure and resources; transport; technology; life sciences and healthcare; and consumer markets. Through our global risk advisory group, we leverage our sector experience with our knowledge of legal, regulatory, compliance and governance issues to provide our clients with practical solutions to the legal and regulatory risks facing their businesses.

Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.

Norton Rose Fulbright Verein, a Swiss verein, helps coordinate the activities of Norton Rose Fulbright members but does not itself provide legal services to clients. Norton Rose Fulbright has offices in more than 50 cities worldwide, including London, Houston, New York, Toronto, Mexico City, Hong Kong, Sydney and Johannesburg. For more information, see nortonrosefulbright.com/legal-notices.

Diversity and Inclusion

Diversity is an important firm value. We are committed to providing equal opportunities in employment and to providing a workplace which is free from discrimination and harassment. This means that all job applicants, employees and partners will receive equal treatment regardless of race, colour, ethnic or national origins, sex, marital status, disability, age, sexual orientation, religion or belief.

To apply, please visit the Careers page of our website at www.nortonrosefulbright.com. We thank all candidates for their application, but will be contacting only those whom we select to invite for an interview.

Norton Rose Fulbright Canada LLP has an accommodation process in place that provides accommodations for employees with disabilities. If you are unable to apply for a position online or require any further accommodations during our recruitment process, please contact TORHR_RH@nortonrosefulbright.com.

Law around the world
nortonrosefulbright.com