The Sr. Security Specialist will support and deliver on multiple initiatives related to Security Governance Risk and Compliance and Cyber Defense Operations. This includes leading multiple initiatives related to security strategy security audit and compliance requirements and findings security governance including policies standards and processes development and security risk management procedures.
Must haves:
Experience in risk management models for assessing and mitigating various aspects of risk exposure.
Experience with risk assessment methodologies such as HTRA and NIST CSF and frameworks such as ISO 27001/2.
Experience with security governance including developing policies standards processes and procedures.
Hands on experience with IPC (Information Privacy Commissioner) triennial audits.
Demonstrated experience in working with various compliance and audit frameworks including PHIPA SOC 2 Type II OAGO
An adept team player who is action oriented with a record of accomplishment of motivating other team members to achieve higher goals.
Desired Skills:
10 years experience in various security domains including third-party risk management IT audits and/or Security Governance Risk and Compliance (GRC)
Bachelors or Masters degree in Computer Science Information Technology Cyber Security Systems or other related field or equivalent work experience.
Professional certifications in information/cyber security (e.g. CISSP CCSP CISA CISM CRISC) is required.
Knowledge of prevalent industry standards (ISO 27001/27002 NIST CIS COBIT)
Required Skills:
An understanding of risk assessment methodologies such as HTRA and CSF and frameworks such as NIST and ISO 27001/2.
Knowledge and experience developing and working with security architecture and IT management frameworks such as SABSA and CoBIT.
Strong knowledge and demonstrated experience working with compliance and audit frameworks including PHIPA SOC 2 TII OAGO audits.
Hands on experience with IPC triennial audits
Technical writing expertise and demonstrated knowledge and experience in developing Information security policies and standards in alignment with PHIPA IPC requirements and industry standards.
Strong understanding and ability to interpret and communicate risk management concepts.
Good experience & knowledge of TRA methodologies and other risk assessment methodologies and tools and familiarity with related security tests and test methodologies
Deep understanding of typical security threats vulnerabilities and safeguards relevant to IT systems.
Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
Experience and working knowledge of risk management lifecycle processes and concepts.
Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
Evaluation Criteria:
Minimum 5 years extensive experience in conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF HTRA and ISO 27001. Risk Assessment mitigation recommendations and management with a strong focus on identifying vulnerabilities analyzing potential impacts and delivering actionable risk mitigation to stakeholders.25 points
Minimum 5 years of extensive experience with Information security governance developing policies and standards with a strong ability to identify gaps between the current security posture and industry standards best practices and regulatory requirements.25 points
Minimum 8 years of hands-on experience with IPC and OAGO audits.30 points
5 years of experience authoring executive-level reports developing cyber security program and risk registers and delivering presentations to stakeholders and senior leadership.20 points
Requirements
Deliverables include but are not limited to:
Development of security policies standards procedures processes.
Development of frameworks and models for select security capabilities
Support implementation of new enterprise governance risk and compliance tool.
Support development of a cyber security strategy and key aspects of program development including program performance reporting.
Support on completion of security assessment using tools based on NIST CSF.
Review of Threat Risk Assessment VA scan report Penetration Test report and other security documents.
Must Haves:
Minimum 8 years of hands-on experience with IPC (very strong) and OAGO audits.
Minimum 5 years extensive experience in conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF HTRA and ISO 27001. Risk Assessment mitigation recommendations and management with a strong focus on identifying vulnerabilities analyzing potential impacts and delivering actionable risk mitigation to stakeholders. 25 points
Minimum 5 years of extensive experience with Information security governance developing policies and standards with a strong ability to identify gaps between the current security posture and industry standards best practices and regulatory requirements. 25 points
5 years of experience authoring executive-level reports developing cyber security program and risk registers and delivering presentations to stakeholders and senior leadership.
The Sr. Security Specialist will support and deliver on multiple initiatives related to Security Governance Risk and Compliance and Cyber Defense Operations. This includes leading multiple initiatives related to security strategy security audit and compliance requirements and findings security gover...
The Sr. Security Specialist will support and deliver on multiple initiatives related to Security Governance Risk and Compliance and Cyber Defense Operations. This includes leading multiple initiatives related to security strategy security audit and compliance requirements and findings security governance including policies standards and processes development and security risk management procedures.
Must haves:
Experience in risk management models for assessing and mitigating various aspects of risk exposure.
Experience with risk assessment methodologies such as HTRA and NIST CSF and frameworks such as ISO 27001/2.
Experience with security governance including developing policies standards processes and procedures.
Hands on experience with IPC (Information Privacy Commissioner) triennial audits.
Demonstrated experience in working with various compliance and audit frameworks including PHIPA SOC 2 Type II OAGO
An adept team player who is action oriented with a record of accomplishment of motivating other team members to achieve higher goals.
Desired Skills:
10 years experience in various security domains including third-party risk management IT audits and/or Security Governance Risk and Compliance (GRC)
Bachelors or Masters degree in Computer Science Information Technology Cyber Security Systems or other related field or equivalent work experience.
Professional certifications in information/cyber security (e.g. CISSP CCSP CISA CISM CRISC) is required.
Knowledge of prevalent industry standards (ISO 27001/27002 NIST CIS COBIT)
Required Skills:
An understanding of risk assessment methodologies such as HTRA and CSF and frameworks such as NIST and ISO 27001/2.
Knowledge and experience developing and working with security architecture and IT management frameworks such as SABSA and CoBIT.
Strong knowledge and demonstrated experience working with compliance and audit frameworks including PHIPA SOC 2 TII OAGO audits.
Hands on experience with IPC triennial audits
Technical writing expertise and demonstrated knowledge and experience in developing Information security policies and standards in alignment with PHIPA IPC requirements and industry standards.
Strong understanding and ability to interpret and communicate risk management concepts.
Good experience & knowledge of TRA methodologies and other risk assessment methodologies and tools and familiarity with related security tests and test methodologies
Deep understanding of typical security threats vulnerabilities and safeguards relevant to IT systems.
Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
Experience and working knowledge of risk management lifecycle processes and concepts.
Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
Evaluation Criteria:
Minimum 5 years extensive experience in conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF HTRA and ISO 27001. Risk Assessment mitigation recommendations and management with a strong focus on identifying vulnerabilities analyzing potential impacts and delivering actionable risk mitigation to stakeholders.25 points
Minimum 5 years of extensive experience with Information security governance developing policies and standards with a strong ability to identify gaps between the current security posture and industry standards best practices and regulatory requirements.25 points
Minimum 8 years of hands-on experience with IPC and OAGO audits.30 points
5 years of experience authoring executive-level reports developing cyber security program and risk registers and delivering presentations to stakeholders and senior leadership.20 points
Requirements
Deliverables include but are not limited to:
Development of security policies standards procedures processes.
Development of frameworks and models for select security capabilities
Support implementation of new enterprise governance risk and compliance tool.
Support development of a cyber security strategy and key aspects of program development including program performance reporting.
Support on completion of security assessment using tools based on NIST CSF.
Review of Threat Risk Assessment VA scan report Penetration Test report and other security documents.
Must Haves:
Minimum 8 years of hands-on experience with IPC (very strong) and OAGO audits.
Minimum 5 years extensive experience in conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF HTRA and ISO 27001. Risk Assessment mitigation recommendations and management with a strong focus on identifying vulnerabilities analyzing potential impacts and delivering actionable risk mitigation to stakeholders. 25 points
Minimum 5 years of extensive experience with Information security governance developing policies and standards with a strong ability to identify gaps between the current security posture and industry standards best practices and regulatory requirements. 25 points
5 years of experience authoring executive-level reports developing cyber security program and risk registers and delivering presentations to stakeholders and senior leadership.