Responsibilities:
1. Threat and Vulnerability Assessment:
- Assess internal and external threats and vulnerabilities of information systems and resources.
- Implement security measures to prevent, mitigate, detect, and respond to security threats at both program and enterprise levels.
- Periodically review security measures to ensure they remain sufficient and effective, particularly after incidents or changes in business processes.
2. Security Architecture:
- Define, evaluate, and assess security architecture requirements for systems environments and IT projects.
- Ensure the integration of IT security and contingency measures in system development.
- Advise on identifying, analyzing, and resolving security risks, vulnerabilities, and privacy concerns, adhering to industry and international standards.
3. Project Execution:
- Execute information and IT security projects as assigned by Corporate Security or cluster I&IT management within the Ontario Public Service.
Qualifications:
General Skills:
- Strong expertise in security architecture.
- Experience in applying cybersecurity methodologies and tools, including Threat Risk Assessment (TRA) and Harmonized Threat Risk Assessment (HTRA).
- Knowledge of securing information assets and implementing security technologies.
- Familiarity with legislation related to information security and privacy (e.g., Freedom of Information and Protection of Privacy Act).
- Experience with current security and contingency technologies, security audit procedures, and protocols.
- Proficiency in developing enterprise architecture deliverables and providing specialized security support.
- Experience implementing security on complex, distributed systems and conducting in-depth security analysis.
Cyber Risk Assessment:
- Understanding threat modeling, risk assessment methodologies, and risk management frameworks like NIST SP 800-30.
- Proficiency in cybersecurity tools, vulnerability scanning, and risk analysis, with knowledge of regulatory compliance (e.g., GDPR, HIPAA).
Cyber Security Architecture
- Expertise in secure network architecture, cloud security, encryption, authentication, access control, incident response, and disaster recovery.
Executive IT Communication
- Ability to communicate complex technical information to non-technical executives, create impactful presentations, and build strong relationships with executive leadership.
Must-Have Experience:
- 5+ years in information security risk management.
- 3+ years in security architecture.
- 3+ years in security risk assessment.
Job Types: Full-time, Fixed term contract
Contract length: 6 months
Pay: $90.00-$110.00 per hour
Education:
Experience:
- information security risk management: 5 years (required)
- security architecture: 3 years (required)
- security risk assessment: 3 years (required)
- Information security: 8 years (required)
Work Location: Hybrid remote in Toronto, ON M5V 1R5