News & Publications ← View All News


March 06, 2020

Shared CISO job posting

MRnet
Shared Chief Information Security Officer (CISO)
Contract position posting

Preamble
MRnet is a not for profit organization in Manitoba dedicated to facilitating the work of the research and education community in Manitoba by providing and operating a very high speed dedicated network to connect all post-secondary institutions and school boards to each other and through the national research and education network to similar institutions nationally and globally. MRnet also facilitates collaboration and provides its member community with tools and expertise in their digital endeavours. Members of MRnet include all post-secondary institutions, MERLIN representing all school boards, and other research centres in the province.


All members of MRnet are committed to keeping their community safe from cyber-attacks by improving their cyber security framework. All are therefore dealing with the issue of continually evolving the cybersecurity programming for their research and education space. This involves development of security guidelines, policies and procedures, incident management procedures, assessing security risk, and providing direction in the development of a robust institutional cybersecurity framework. Each is developing their own approach to meet their specific operational and cultural requirements through internal projects and, when applicable, involvement in joint projects with MRnet including network security monitoring and security information and event management systems.


Recognizing these resource challenges and inspired by similar successful initiatives in other jurisdictions and provinces, three Manitoba post-secondary institutions have agreed to fund a two-year pilot project to engage a Shared CISO. The participating institutions are referred to as the G3 in this document. Reporting to the CEO of MRnet, the successful candidate for the shared CISO position during the life of this pilot project will interact with the G3 institutions and provide the leadership and expertise required, using best practices, to improve each institution’s respective cybersecurity posture. Should the pilot demonstrate value and promise, a further goal would be to determine the feasibility of, and to develop the framework for an ongoing, expanded continuing shared CISO role to include other interested MRnet members.

 

While the original contract for this position will be for two years, it may be continued beyond that time frame depending on the results of the pilot project.

Key responsibilities

  • A primary responsibility during the life of the project will be to continually assess the feasibility of the shared CISO model and at the end of the project provide recommendations for implementing an ongoing shared CISO capability including a governance structure and cost sharing options.

  • Ongoing responsibilities

  • For each member in the G3:

  • Provide cybersecurity program leadership and expert guidance aligned with their needs

  • Risk Management including providing leadership, guidance and recommendations

  • Review and enhance Security Architecture

  • Reporting, including participation in and monthly reporting to the project governance committee.

Qualifications


Education and Professional Skills/Knowledge

  • • Bachelors or Masters Degree in Computer Science or Information System Security or equivalent experience and education.

  • • Three to 5 years of experience in information security, ideally as part of a higher education institution or consulting firm.

  • • Senior/executive level experience including communicating with C level senior management.

  • • Experience in IT risk management and audit requirements.

  • • Ability to work collaboratively with many organizations.

  • • Well-informed on current trends in cybersecurity with knowledge of behaviours of different types of threat actors.

  • • CISSP, CEH, CRISC, CISM certification or equivalent an asset.

  • • Knowledge of ISO27000, COBIT, NIST CSF, ITIL, PCI-DSS standards and frameworks an asset.

  • • Dynamic, self-directed and possessing excellent analytical capabilities.

  • • Excellent interpersonal and communication skills.

  • • Ability to travel as required

For further information contact or to submit an application contact the following
Deadline for applications is 4:00 PM CST June 15 2020

Gerry Miller
CEO MRnet
ceo@mrnet.mb.ca
204.224.4988