Information Security and Compliance Officer

Position: Information Security and Compliance Officer

Company: Destiny Solutions

Location: Toronto, Ontario, Canada

Travel: None

Start Date: Immediate

Status: Full-Time Permanent

As the security and compliance officer at Destiny, you will be primarily responsible for implementing, directing, and maintaining the Destiny Solutions security and privacy best practices related to the Destiny One Software development process and production SaaS hosting services. You will be working within the Amazon cloud hosting infrastructure and Windows/SQLServer environment with future Linux requirements. You will be the primary owner of Destiny’s SOC-2, PCI-DSS, and PA-DSS compliance processes. You will be responsible for Destiny’s compliance with required privacy regulations including PIPEDA, FERPA, and GDPR.

We are looking for the type of person that loves to have their hands in everything and someone who can take on the challenge of working within a small growing team with a great deal of responsibility. You have a strong technical background and can mentor and train staff on strong security coding practices while providing governance, controls, and processes to ensure compliance with appropriate standards. You strongly believe in the tenants of a strong security and privacy policy within all aspects of the development and deployment processes and infrastructure. You are excited to be the go-to person in the organization for establishing and monitoring Enterprise Security Guidelines and Policies. You aspire to take on the role of Chief Security and Privacy Officer in your career.

You are calm and poised under pressure and bring the confidence and know how to resolve critical issues as they arise – regardless the time of day. We work in a small dynamic environment with flexible work hours and are an equal opportunity employer. We also provide our staff with many opportunities for both career and professional development. In this role, you will be given an opportunity to be a major contributor to supporting the development of the next-generation of Continuing Education business solutions. Come join us at Destiny, where your opinion matters, your experience is valued and interesting work will be part of your daily routine.

Skills and Qualifications

  • University degree in Computer Science or related field
  • CISSP designation or equivalent preferred
  • Strong understanding of PCI-DSS, PA-DSS, and SOC-2 compliance
  • Knowledge of domestic and international privacy regulations including PIPEDA, FERPA, GDPR
  • Strong knowledge of OWASP Top-10 and protective coding practices.
  • 10+ years development experience
  • 5+ years security focus
  • Experience working with the Windows Server platform and Linux
  • Extensive experience in security and privacy design and software architecture.
  • Demonstrate the ability to manage and prioritize multiple projects
  • Experience with Virtualized environments and management best practices:  experience in Amazon EC2 and ESX-VMware required
  • Experience with the deployment of enterprise web-based transactional applications
  • Proven ability to meet deadlines, prioritize tasks and work effectively with minimal supervision in a team environment
  • Strong analytical and problem solving skills
  • Strong leadership, interpersonal and communication skills (verbal and written with both technical and non-technical staff)
  • Motivated, hardworking and flexible
  • Quick learner who enjoys a challenge and can see the big picture


Responsibilities

  • Ownership of the Destiny One software development security and privacy practices
  • Ownership of Destiny SaaS hosting security practices
  • Compliance owner for PCI-DSS, PA-DSS certifications
  • Compliance owner for all applicable privacy regulations
  • Training/Mentoring staff on Security and Privacy best practices
  • Governance role as company security officer.
  • IT security lead
  • Ensure communications traversing internal and public networks follow best practices to maintain network security
  • Maintain documentation, establish and manage periodic vulnerability scans, maintain audit readiness and provide audit documents for compliance programs (e.g. PCI) as required
  • Implement and perform network and instance monitoring for security events and follow appropriate remediation tasks in the case of an identified fault.
  • Participate in the project planning process including estimating and process improvements;
  • Evaluate new technologies and evaluating how they could be integrated / utilized to better serve our clients (internal and external)
  • Strive at all times to do work using best practices – through experience or experimentation

*Please email your resume to careers@destinysolutions.com and make sure to include the JOB TITLE “Security and Privacy Compliance” in the subject of your message.

We are an equal opportunity employer. We thank you for your interest and look forward to hearing from you.

Please note that ONLY QUALIFIED CANDIDATES will be contact for this opportunity. We are growing and do however welcome you to send your resume for future opportunities and/or other roles for which you might be a better fit.

 

KNOWLEDGE ENGAGEMENT