Information Security Specialist

Why work at Blaney McMurtry LLP?

Blaney McMurtry LLP is a multi-service 120 + lawyer firm, based in the heart of downtown Toronto. For more than seventy years, we have helped clients overcome challenges and seize opportunities through our continuing commitment to achieving results and building relationships. We seek exceptional individuals who take pride in their work and know the importance of excellent client service.

Our motto is "Expect the Best" and that goes both ways. At Blaneys, we value a diverse and inclusive workplace that respects and supports all our staff. We offer a competitive salary based on experience and paid vacation. Your well-being is very important to us, and therefore we offer an excellent benefit package which includes health, dental, as well as an Employee Assistance Program. If you would like to gain new skills, we have abundant training and professional development opportunities to help to achieve your personal and professional goals.

Reporting to Director of Information Technology, the Information Security Specialist manages and executes the delivery of professional, technical and analytical IT Security services and solutions to the organization, providing strategic and tactical planning, development, evaluation and coordination of the technology and security systems that support the company's business goals.

Key Accountabilities

• Ownership of the Firm's Security Systems and policies, administration of security configuration.
• Ownership of the Vulnerability Management program, analyzing threat and vulnerability information from multiple sources for applicability to the environment and perform compensating controls analysis and validate efficacy of existing controls and provide recommendations.
• Responsible for actively monitor, assess, and recommend initiatives based on new and emerging threats, collaborating with other teams to ensure vulnerabilities are properly patched or mitigated within the established timeline. Ensure patches are applied and configurations are updated.
• Monitoring and analysis of cybersecurity tools, alerts, incidents and performance to ensure compliance with industry standards and best practices.
• Lead the investigation of Cyber Security Events and potential incidents; development of remediation, conduct root cause analysis and provide clear, well-thought-out recommendations, with prevention mechanisms.
• Lead security threat and risk assessments to evaluate implemented controls and their effectiveness, ensuring appropriate mitigation strategies are in place.
• Perform security research, analysis, assessments and support with penetration testing and leading remediation actions.
• Protect systems in compliance with Information security policies and standards in addition to recognized frameworks (ISO 27001, NIST, etc.), support internal and external audits to ensure compliance.
• Correlate highly technical information from multiple sources to determine the validity and risk from Information Technology security platforms and technology system logs, responding to events generated by the company's security platforms, tools, and partners.
• Prepare periodic reports of the current security posture of the Firm's Information Security Program.
• Assist in the development, testing, and implementation of business continuity plans and disaster recovery strategies, ensuring critical business functions can continue during disruptions.
• Implement and maintain polices and goals that support the organization's technology and security requirements, including antivirus, group security policy, firewall policy, endpoint protection, vulnerability management and patch management, applying security patches and implement configuration changes required to mitigate security issues aligned with global Information Security standards.
• Ensure the highest level of security including scanning for virus, malware, phishing attacks, etc. and ensures that compliance to industry best practices is followed.
• Assist with the resolution of tickets and escalated issues and actively participating in problem management activities.
• Create and update appropriate system documentation.
• Strong attention to detail, comprehensive problem solving and troubleshooting skills.
• Participate in other information technology related project and tasks as needed.

Education and Experience

• A College or Bachelor's degree in computer science, system administration, engineering or equivalent and 5 to 7 years of relevant industry experience.
• Minimum of 5 years experience in a similar role in a mid to large corporate environment with exposure to Cisco platforms.
• 2 to 3 years experience in an operational support role.
• 2 to 3 years experience managing vendors in a technical capacity.
• Recognized Certifications in Cisco, VMware, Microsoft, or other relevant combinations (CompTIA Security+ , GIAC Certified Vulnerability Assessor, and CISSP Certifications desirable).
• An equivalent combination of education and/or experience may be considered.

Technical Requirements

• Experience managing and maintaining a Vulnerability Management program.
• Experience assessing against standards and frameworks (ISO 27001/27002, ISO 15408, NIST Cybersecurity Framework).
• Strong understanding of Network Security, hands-on experience with Cisco Systems such as Cisco ISE, AnyConnect, AMP, Meraki, SecureConnect, Umbrella / SecureX, Duo, and Cisco ASA and FirePower firewalls, Network Access Control, and Wireless.
• Strong understanding of operating systems (Windows, Linux), web applications, and Microsoft Technologies (M365, Windows Server, Microsoft Azure, Active Directory).
• Familiarity with Email Security and Email Gateways (such as Mimecast, Proofpoint, Barracuda, Cisco ESG and Exchange Online Protection), and Data Loss Prevention tools.
• Good understanding of Virtualization, backups, data center technologies and Disaster Recovery (Veeam, ComVault, ZERTO).
• Strong communication skills including both technical and business writing, documentation and presentation skills.
• Excellent interpersonal skills.
• Excellent problem solving and analytical thinking and innovation.
• Exceptional time management and multi-tasking skills.
• An understanding of law firm processes and procedures would be an asset.

To apply for this position, please submit your resume to Anthony Belmonte at abelmonte@blaney.com. In your email, make sure to include the job title in the subject line. Only those candidates selected for an interview will be contacted.

This position is full time in office.

If you require any accommodation in the application process, please contact us. Blaney McMurtry is committed to providing accommodations for people with disabilities. If you require accommodation, we will work with you to meet your needs.

We look forward to hearing from you and thank you for your interest.