Security Specialist Threat Risk Assessment 9054-0415
Security Specialist Threat Risk Assessment 9054-0415
Posted on :
04-04-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
HM Note: This hybrid contract role is three 3 days in office. Candidates resume must include first and last name.
Description:
Responsibilities:
Assesses internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. Where possible reduce risks through system or organizational design. Implement security measures to prevent or mitigate detect and respond to security threats and vulnerabilities to information systems and resources at the program and enterprise levels.
Periodically review security measures to ascertain that the security measures are still sufficient and continue to operate as expected.
Such reviews must also be performed whenever security incidents occur or business processes change.
Defines evaluates and assesses security architecture requirements for systems environments and IT projects.
Ensures the incorporation of IT security and contingency measures in the development of systems.
Advises on the identification analysis and resolution of specific security factors risks vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards.
Carry out information and information technology (I and amp;IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I and amp;IT management
General Skills:
Strong understanding and expertise in security architecture
Experience in the application of Cyber Security methodology and tools to define scope critical business processes and functions identify critical assets and dependencies in reports to clients (TRA or other security assessments)
Experience and ability to plan and facilitate Threat Risk Assessment and/or other workshops with business clients
Experience and ability to apply Harmonized Threat Risk Assessment (HTRA) or equivalent methodology
Knowledge of techniques to secure information assets and the planning design and implementation of security technologies.
Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses.
Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk
Solid knowledge of current security and contingency technology and techniques (e.g. digital signature encryption access controls firewalls authentication virus protection etc.; and a proven working knowledge of security audit procedures and protocols.
Experience in developing enterprise architecture deliverables (e.g. models)
Experience in providing specialized security support at the specified experience level.
Experience in establishing secure environments at a network operating system or application level.
Experience with implementing security on complex and distributed systems.
Experience in conducting in depth analysis and provide recommendations with all required signoff in the prescribed timelines as given (TRA reports or other security assessment reports)
Experience and knowledge to provide security requirements for procurement documents and participate in security evaluations as part of the procurement process
Ability to assess Information Security Risk Business Continuity Planning and Business Impact Analysis technical issues for any of the technical environments and delivery channels across the Ontario Provincial Government including Mainframe Unix and Windows.
Awareness of emerging IT trends and directions especially as related to security.
Excellent analytical problemsolving and decisionmaking skills; written and verbal communication skills; interpersonal and negotiation skills
A team player with a track record for meeting deadlines managing competing priorities and client relationship management experience
Desirable Skills
Experience in developing enterprise architecture deliverables (e.g. models) based on Ontario Government Enterprise Architecture processes and practice
Knowledge and understanding of Information Management principles concepts policies and practices
Experience in business recovery and disaster recovery planning.
Experience in performing threat and risk assessment.
Experience in public key infrastructure development and operation.
Experience in security design as part of systems development projects.
Experience in intrusion detection systems.
Experience in mitigation tools for malicious software.
Experience in vulnerability analysis and penetration testing.
Experience in network monitoring.
Experience in security policy development.
Experience in developing and delivering security education.
Experience in forensic investigation.
Knowledge and understanding of Information Management principles concepts policies and practices
Skills
Experience and Skill Set Requirements
General: 30
- Knowledge of and experience with business transformation process improvement and change management
- Excellent analytical problemsolving and decisionmaking skills
- Excellent interpersonal negotiation and stakeholdermanagement skills
- Ability to prioritize workload demonstrate critical thinking identify problems develop and implement solutions
- Strong customer service orientation to ensure needs of Clients are effectively met
- Ability to work independently meet deadlines and manage stakeholder expectation
- Ability to work well within teams and multitask along with a proven track record for meeting strict deadlines
- Excellent written and oral communication skills including group facilitation skills; experience in preparing reports proposals briefing materials presentations and other communications to all levels of the organization
- Eligible to work in Ontario Canada and ability to obtain and maintain security clearances
- Ability to handle and secure sensitive information detailing the duediligence around storage/modification of received documents records retention policies identity management and other controls inplace used to protect OPS information
- Ensure security background checks and duediligence for their resources to ensure trustworthiness and integrity
- Knowledge and experience with the security and amp; IT policies/standards of the Ontario government (e.g. Standards Policies Directives)
- Experience with operational optimization in a unionized Public Sector environment
- Knowledge of Public Sector structure and policies including:
- Relevant public policy objectives principles and constraints
- Organizational culture/unionized Public Sector environment
- Application of relevant legislation and policies (e.g. Conflict of Interest Freedom of Information and Protection of Privacy Act (FIPPA) etc.
Experience: 30
Demonstrated Experience delivering the following:
- and nbsp;organization maturity risk assessments
- industry standard risk assessments
- cyber security health checks
- strategic cyber maturity advice
- securitybydesign advice
- Demonstrated Experience with the following phases of risk assessments
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;Scoping and nbsp;
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;Asset Classification
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;Threats and nbsp;
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;Vulnerabilities and nbsp;
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;Risks and amp; Residual Risks postmitigation responses
- Demonstrated Experience conducting assessments on I and amp;IT solutions against industry controls (e.g. NIST ISF ISO) GOITS standards and policies
- Demonstrated Experience analysing technical documentation conducting interviews to gather further/gap information and to prepare a risk assessment calculate qualitative risk values and residual risk and nbsp;
- Demonstrated Experience drafting and finalising executive risk reports.
and nbsp;
Communication and Writing: 10
- Strong and nbsp;communication and nbsp;skills and nbsp;to and nbsp;prepare and nbsp;documentation and nbsp;including and nbsp;but and nbsp;not and nbsp;limited and nbsp;to; and nbsp;reports and nbsp;reviews and nbsp;assessments
- Ability and nbsp;to and nbsp;present and nbsp;ideas and nbsp;and and nbsp;suggestions and nbsp;clearly and nbsp;and and nbsp;effectively and nbsp;and and nbsp;in and nbsp;a and nbsp;user and nbsp;friendly and nbsp;manner; and nbsp;maintain and nbsp;a and nbsp;high and nbsp;level and nbsp;of and nbsp;customer and nbsp;service and nbsp;to and nbsp;both and nbsp;internal and nbsp;and and nbsp;external and nbsp;clients
- Ability and nbsp;to and nbsp;communicate and nbsp;designs and nbsp;and and nbsp;development and nbsp;in and nbsp;clear and nbsp;and and nbsp;understandable and nbsp;manner
Must Have:
Demonstrated Experience delivering the following:
- and nbsp;organization maturity risk assessments
- industry standard risk assessments
- cyber security health checks
- strategic cyber maturity advice
- securitybydesign advice
Demonstrated Experience conducting assessments on I and amp;IT solutions against industry controls (e.g. NIST ISF ISO) GOITS standards and policies
Employment Type
Full Time
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
