Cyber Security Specialist

Job Title: Cyber Security Specialist

Location: Toronto, ON (Hybrid)
    
Estimated Duration: 6 Months

Cyber Security Specialist / Architect
To provide senior technical leadership and hands-on expertise for IT cyber security and cloud service initiatives to support the development, enhancement and business resilience of complex and specialized security and cloud infrastructure solutions for the Client.
To provide senior cyber security specialist expertise and supervision on projects which have strategic significance for minimizing risk, achieving and strengthening the Client's cyber objectives.

2. Duties and Responsibility
As a member of the Client’s cyber security team, responsible for assessing, protecting, detecting, responding and deterring cyber threats, the position will:
1. Assist in managing the planning, design, delivery and implementation of cyber security and cloud architecture solutions for large scale and complex I&IT projects required to meet critical business requirements impacting external stakeholders.
2.           Lead the development of cyber security and cloud governance strategies, corporate cyber security policies, procedures, standards, guidelines and best practices.
3.           Provide analysis and expertise to corporate initiatives, programs and key agency stakeholders, presenting and explaining technical issues, identifying alternatives,
providing and recommending cyber security solutions and options which will safeguard the confidentiality, integrity and availability of sensitive business data and the vital resources for processing that data.
4.           Develop and mature the Client's cyber security program and governance strategy with the Client’s business and IT stakeholders, ensures performance measures are met to mitigate against cyber risk.
5.           Provide senior technical expertise to lead the overall adoption of cloud and SaaS based solutions involving the evaluation, configuration, development, risk management and implementation of major cloud projects, standards and procedures related to IT security, privacy, technology solutions, and data repositories.
6.           Provide project leadership in the design, development, testing, implementation and monitoring of THE CLIENT wide security and cloud initiatives.
7.           Monitor, aggregates and analyzes technical information, security events, vulnerabilities and Indicators of Compromise (IOC) across all IT security infrastructure to develop recommendations, enhance visibility and situational awareness to senior management and internal security teams. Communicate methods for detecting activities of cyber threats, and to plan operations to mitigate or disrupt threats.
8.           Support security monitoring, incident response and forensic activities by providing actionable intelligence to inform remediation and mitigation decisions.
9.           Undertake in-depth cyber security risk and threat research as they apply to the THE CLIENT, provincial government, agency stakeholders and users and to drive better, more informed responses to security incidents. Captures and communicates key findings for senior management review and decision-making. Develops recommendations to improve technical systems and modern methods (e.g. automation) used to continuously mitigate against cyber threats.
10.        Provide technical expertise in the areas of Identity and Access Management (IAM), Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) to lead/contribute to the design, development and maintenance of IAM strategies and services for the THE CLIENT.
11.        Collaborate with third parties and communities of practice to provide subject matter expertise, participate on special initiatives and to share intelligence.
4. Knowledge
In order to provide senior technical leadership and hands-on expertise on IT cyber security and cloud service infrastructure, job requires knowledge and experience in:
' IT cyber security and cloud technology principles, methodologies, mechanisms and techniques with specialized knowledge of infrastructure products, services and
troubleshooting methods in order to provide senior level expertise and leadership in the development, enhancement, installation and maintenance support of complex and advanced specialized and unique security infrastructures for the THE CLIENT.
' Cyber security technologies, governance processes and practices, as well as cyber threat risk concepts, protocols and principles to provide expertise in the delivery, operationalization, and optimization of cyber resilience capability, services and solutions.
' Information technology systems and emerging security technology systems, tools and techniques such as: IT network defense and cloud technologies including but not limited to firewalls, proxy servers, application delivery controllers, virtual private networks, secure remote access and certificate services.
' Cyber risk vectors and threat landscape trends including common and advanced techniques/procedures used to compromise I&IT service integrity, functions, steal data, and bypass security controls in order to provide subject matter expertise and technical oversight of strategic initiatives to enhance and improve cyber defense and response capabilities.
' IT cyber security and cloud strategies, policies, standards, plans, current and emerging enterprise architecture principles, methodologies, mechanisms and techniques. Knowledge of analyzing and implementing IT architecture policies, standards, tools and techniques.
' Business continuity planning, contingency planning, disaster recovery planning, incident and response, business impact analysis, risk management methodologies including data center and application contingency testing to apply concepts in support of all organizational initiatives.
Government procurement policies and vendor management methods to acquire and manage services provided by external vendors, ensuring value for money and to produce evaluations and proof of concept.
' IT service management e.g. incident, change, SLAs, OLAs, etc. to develop and enhance cyber security governance strategies and track service levels, ensure performance measures are met and to develop operational level agreements with other intended service providers ensure performance levels are achieved.
' Cloud adoption methods to minimize risk and drive the deployment, migration and adoption of cloud infrastructure workloads.
' Vulnerability management practices in large enterprise environments, common attack vectors, application vulnerabilities, and best practices for remediation.
5. Skills
Job requires:
' Research and analytical skills to review I&IT infrastructure and architecture requirements, and manage project teams to promote the development and resilience of the Client's technology solutions and services.

' Uses the analytical results of research to develop complex threat models to assess the probability and the potential harm of attacks in order to proactively mitigate against cyber security threats and to better inform system architecture, security and design decisions.
' Critical thinking skills to process information, mitigate risk and make decisions that will protect the the Client and public service in the event of a cyber-incident.
' Analytical skills to conduct feasibility studies and business analyses to evaluate technological advances and prepare business cases and RFB's in relation to security and cloud infrastructure products and services.
' Research and analytical skills to direct and conduct research and analysis of advances in security and cloud infrastructure products, technology, methodologies and techniques.
Problem solving skills to conduct infrastructure design, development and operational problem resolution and operational support.
' Troubleshooting and problem solving skills including threat/risk analysis, business impact analysis, and reviews to assess and mitigate security exposures and contingency issues.
' Strategic recommendations designed to support the evolution of cyber security posture improvements that aligns with the evolving threat and technology landscape.
' Project management methodology, principles and practices to plan and manage concurrent projects, prepare charters, track risks, to plan and control project schedules, budgets and resources and managing all phases of projects to ensure success outcomes.
' Coordinate procurement of services as required, managing vendors and contract agreements to ensure compliance with procurement policies and directives.
' Team leadership techniques to provide leadership to team members, developing others, providing constructive feedback and managing conflict and change; and engages team members in a positive and inclusive work environment, promoting innovation and creativity.
' Leadership, guidance and coordination on cyber security and cloud infrastructure design, administration, installation and troubleshooting requiring latitude for decision-making in: recommending architectures, configurations, technologies,
project terms of reference; negotiating with vendors, managed service providers and taking actions, implementing and recommending areas of improvement within defined parameters.
' Communicating, educating and guiding peers, counterparts, team members, senior IT management, stakeholders and users.
' Communicate and advise on cyber security issues, risks, requirements, developments and solutions to senior IT management, technical and nontechnical personnel.
' Oral communication, written and interpersonal skills in nurturing effective working relationships with team members, corporate committees and key stakeholders to discuss and determine strategy and requirements for project development and change management directions.
Present and discuss cyber security and cloud related issues and risks (e.g. security, data, architecture, threat exposures) to encourage and gain support of recommended approach and options from senior IT management and key business stakeholders.
' Written communication skills to prepare various technical materials, policies, prepare business cases, research findings, reports, designs, best practice guidelines, and standard operating procedures.
' Tailor communication and reporting to stakeholder level of needs, understanding, or expertise to ensure analysis and conclusions are being conveyed and properly understood.
6. Freedom of Action
The position works independently under the general direction of senior IT management and requires working within the framework of established enterprise standards, procedures, management techniques and practices, guidelines, goals, strategic directions.
Decision making to proactively identify security vulnerabilities and develop solutions, assessing advances in security and cloud technologies and methodologies and recommend changes and/or acquisitions of new solutions, to ensure incorporation of proper security and contingency measures.
Escalate critical issues and complex situations to senior IT management with recommendations for discussion. The position is relied upon as a subject matter expert in cyber security and cloud services/solutions and work is checked at critical stages for compliance with the Client's policy, standards and management deliverable expectations.
Monitoring and liaising to ensure managed service provider and vendor ongoing performance is SLA-compliant and to provide technical guidance. Design work is reviewed by IT management and technical peers to ensure architectural consistency.