Job Title: Cyber Security Specialist (2)

Location: Toronto, ON (Hybrid)

Estimated Duration: 12 Months

Purpose of Position

To provide senior technical leadership and hands-on expertise for IT cyber security and cloud service initiatives to support the development, enhancement and business resilience of complex and specialized security and cloud infrastructure solutions for the Client.

To provide senior cyber security specialist expertise and supervision on projects which have strategic significance for minimizing risk, achieving and strengthening the Client’s cyber objectives.

Duties and Responsibility

As a member of the Client’s cyber security team, responsible for assessing, protecting, detecting, responding and deterring cyber threats, the position will:

1. Assist in managing the planning, design, delivery and implementation of cyber security and cloud architecture solutions for large scale and complex I&IT projects required to meet critical business requirements impacting external stakeholders.

2. Lead the development of cyber security and cloud governance strategies, corporate cyber security policies, procedures, standards, guidelines and best practices.

3. Provide analysis and expertise to corporate initiatives, programs and key agency stakeholders, presenting and explaining technical issues, identifying alternatives,

providing and recommending cyber security solutions and options which will safeguard the confidentiality, integrity and availability of sensitive business data and the vital resources for processing that data.

4. Develop and mature the Client’s cyber security program and governance strategy with the Client business and IT stakeholders, ensures performance measures are met to mitigate against cyber risk.

5. Provide senior technical expertise to lead the overall adoption of cloud and SaaS based solutions involving the evaluation, configuration, development, risk management and implementation of major cloud projects, standards and procedures related to IT security, privacy, technology solutions, and data repositories.

6. Provide project leadership in the design, development, testing, implementation and monitoring of the Client’s wide security and cloud initiatives.

7. Monitor, aggregates and analyzes technical information, security events, vulnerabilities and Indicators of Compromise (IOC) across all IT security infrastructure to develop recommendations, enhance visibility and situational

awareness to senior management and internal security teams. Communicate methods for detecting activities of cyber threats, and to plan operations to mitigate or disrupt threats.

8. Support security monitoring, incident response and forensic activities by providing actionable intelligence to inform remediation and mitigation decisions.

9. Undertake in-depth cyber security risk and threat research as they apply to the Client, provincial government, agency stakeholders and users and to drive better, more informed responses to security incidents. Captures and communicates key findings for senior management review and decision-making. Develops recommendations to improve technical systems and modern methods (e.g. automation) used to continuously mitigate against cyber threats.

10. Provide technical expertise in the areas of Identity and Access Management (IAM), Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) to lead/contribute to the design, development and maintenance of IAM strategies and services for the Client.

11. Collaborate with third parties and communities of practice to provide subject matter expertise, participate on special initiatives and to share intelligence.

Knowledge

In order to provide senior technical leadership and hands-on expertise on IT cyber security and cloud service infrastructure, job requires knowledge and experience in:

IT cyber security and cloud technology principles, methodologies, mechanisms and techniques with specialized knowledge of infrastructure products, services and

troubleshooting methods in order to provide senior level expertise and leadership in the development, enhancement, installation and maintenance support of complex and advanced specialized and unique security infrastructures for the Client.

' Cyber security technologies, governance processes and practices, as well as cyber threat risk concepts, protocols and principles to provide expertise in the delivery, operationalization, and optimization of cyber resilience capability, services and solutions.

' Information technology systems and emerging security technology systems, tools and techniques such as: IT network defense and cloud technologies including but not limited to firewalls, proxy servers, application delivery controllers, virtual private networks, secure remote access and certificate services.

' Cyber risk vectors and threat landscape trends including common and advanced techniques/procedures used to compromise I&IT service integrity, functions, steal data, and bypass security controls in order to provide subject matter expertise and technical oversight of strategic initiatives to enhance and improve cyber defense and response capabilities.

' IT cyber security and cloud strategies, policies, standards, plans, current and emerging enterprise architecture principles, methodologies, mechanisms and techniques. Knowledge of analyzing and implementing IT architecture policies, standards, tools and techniques.

' Business continuity planning, contingency planning, disaster recovery planning, incident and response, business impact analysis, risk management methodologies including data center and application contingency testing to apply concepts in support of all organizational initiatives.

Government procurement policies and vendor management methods to acquire and manage services provided by external vendors, ensuring value for money and to produce evaluations and proof of concept.

' IT service management e.g. incident, change, SLAs, OLAs, etc. to develop and enhance cyber security governance strategies and track service levels, ensure performance measures are met and to develop operational level agreements with other intended service providers ensure performance levels are achieved.

' Cloud adoption methods to minimize risk and drive the deployment, migration and adoption of cloud infrastructure workloads.

' Vulnerability management practices in large enterprise environments, common attack vectors, application vulnerabilities, and best practices for remediation.

Skills

Job requires:

' Research and analytical skills to review I&IT infrastructure and architecture requirements, and manage project teams to promote the development and resilience of the Client’s technology solutions and services.