Security Specialist

Job Title: Security Specialist

Location: Toronto, ON (Hybrid)

Estimated Duration: 6 months

Security Specialist
Our client in the municipal space requires a Security Specialist to address evolving cybersecurity challenges and ensure robust protection for IT systems supporting the Canada-Wide Early Learning and Child Care (CWELCC) system. This role is critical to safeguarding sensitive data, maintaining compliance with cybersecurity standards, and mitigating emerging threats as the Client modernizes its IT infrastructure.
 
Primary responsibilities include but not limited to cybersecurity strategy development, internal risk assessment and threat management, compliance and policy alignment, secure system integration, monitoring and advanced detection, stakeholder training and awareness, collaboration with other Client groups, documentation and knowledge transfer.
 
The Specialist will play a pivotal role in ensuring that IT systems remain secure, resilient, and compliant throughout the CWELCC program’s lifecycle. The expertise will enable the project teams to confidently address emerging cybersecurity challenges while supporting operational excellence, safeguarding sensitive data, and ensuring uninterrupted delivery of childcare services
 
               
Assignment Duties
1.           Identify risks associated with legacy system migration and ensure appropriate security measures are incorporated into the architecture.
2.           Develop and refine a cybersecurity strategy aligned with the modernization of IT systems.
3.           Conduct internal cybersecurity risk assessments to identify vulnerabilities and threats to IT infrastructure.
4.           Prioritize risks and design mitigation strategies, including preventive and detective controls.
5.           Develop incident response plans to address potential cybersecurity breaches.
6.           Ensure IT systems meet compliance needs with applicable regulatory standards, including privacy and data protection legislation.
7.           Assist in creating or updating internal cybersecurity policies and practices, ensuring alignment with municipal, provincial, and federal mandates.
8.           Provide guidance on integrating cybersecurity measures into modernized platforms and cloud-based solutions.
9.           Work closely with system architects and developers to embed security into system design, reducing potential attack surfaces.
10.        Implement tools and technologies for continuous monitoring and advanced threat detection.
11.        Evaluate the potential use of AI/ML techniques for predictive threat analysis and anomaly detection.
12.        Conduct cybersecurity awareness training for staff to promote a culture of security.
13.        Develop training materials focusing on phishing prevention, password hygiene, and safe handling of sensitive information.
14.        Prepare detailed documentation of security protocols, risk assessments, and mitigation strategies.
15.        Ensure effective knowledge transfer to internal teams, enabling them to maintain and enhance cybersecurity.
16.        Promote modern software development methodologies and processes such as Agile, CI/CD and DevOps / DevSecOps.
17.        Contribute to the ongoing team development by sharing knowledge, information and lessons learned on a regular basis.
18.        Perform other duties as required by the projects.
  
 
Qualifications
It is important that the services be undertaken by the Specialist who can demonstrate expert knowledge of and experience in performing similar work for projects of comparable nature, size and scope as detailed below.
 
Qualifications and Experience:
•            Minimum 8 years of experience in cybersecurity risk assessment, mitigation, and compliance, preferably within public sector or enterprise-level IT environments.
•            Minimum 5 years with privacy impact assessment, together with strong understanding of compliance requirements such as the Privacy Act and PIPEDA, and the provincial FIPPA, MFIPPA and PHIPA.
•            Minimum 5 years of experience with vulnerability assessment and penetration testing, including scanning techniques like SAST, DAST, IAST, SCA, and tools such as Fortify, WebInspect, and Burp Suite.
•            Proficiency in implementing and managing advanced threat detection tools, including SIEM tools like Splunk and developing incident response plans.
•            Experience with secret management, privileged access management, along with related tools like Cyberark or BeyondTrust.
•            Experience with secure coding practices, OWASP, firewalls, intrusion prevention systems, data loss prevention tools, traffic and data encryption.
•            Experience with cloud platforms such as Azure and AWS, including implementation of identity and access management (IAM), encryption, and monitoring tools.
•            Excellent problem solving, leadership, facilitation, interpersonal and communication skills.
•            Relevant cybersecurity certifications such as CISM, CISSP, or CRISC.
•            BS in Computer Science, Engineering or related discipline or equivalent experience.
  
Deliverables
              •            Provide security subject matter expertise to management and project teams in proactive analysis or in incident response.
•            Perform the assessment of internal security risks and associated mitigations.
•            Document key security event and analytic findings.
•            Assess cyber alerts from related authorities for technical relevance, potential risks, and mitigations. 
•            Perform static or dynamic application code analysis (SAST or DAST).
•            Assist with Threat & Risk Assessment, Vulnerability Assessment, Penetration testing, and static and dynamic code scanning
•            Develop and conduct the cyber security training program for developers and other IT staff.
•            Identify risks, issues and constraints associated with solutions and designs.
•            Collaborate with other groups on cybersecurity matters.
•            Mentorship, knowledge sharing and transfer.