Senior Cyber Security Specialist

Our public sector client is seeking a Senior Cyber Security Specialist to deliver cyber security in the public sector

This role is responsible for leading cyber security initiatives. The position operates within the cyber security team and provides expertise in the public sector context. The work has strategic impact, supporting critical financial infrastructure security for the Ontario government.

Contract, Toronto,

1 year contract, with possible 1 year extension

Hybrid Downtown Toronto, 3 days a week on site

Must Haves

• Cybersecurity and cloud technology principles, methodologies, mechanisms and techniques with specialized knowledge of infrastructure products, services and troubleshooting methods in order to provide senior level expertise and leadership in the development, enhancement, installation and maintenance support of complex and advanced specialized and unique security infrastructures for the OFA.
• Cybersecurity technologies, governance processes and practices, as well as cyber threat risk concepts, protocols and principles to provide expertise in the delivery, operationalization, and optimization of cyber resilience capability, services and solutions.
• Information technology systems and emerging security technology systems, tools and techniques such as: IT network defense and cloud technologies including but not limited to firewalls, proxy servers, application delivery controllers, virtual private networks, secure remote access and certificate services.
• Cyber risk vectors and threat landscape trends including common and advanced techniques/procedures used to compromise I&IT service integrity, functions, steal data, and bypass security controls in order to provide subject matter expertise and technical oversight of strategic initiatives to enhance and improve cyber defense and response capabilities.
• IT cybersecurity and cloud strategies, policies, standards, plans, current and emerging enterprise architecture principles, methodologies, mechanisms and techniques. Knowledge of analyzing and implementing IT architecture policies, standards, tools and techniques.
• Business continuity planning, contingency planning, disaster recovery planning, incident and response, business impact analysis, risk management methodologies including data center and application contingency testing to apply concepts in support of all organizational initiatives.
• Government procurement policies and vendor management methods to acquire and manage services provided by external vendors, ensuring value for money and to produce evaluations and proof of concept.
• IT service management e.g. incident, change, SLAs, OLAs, etc. to develop and enhance cybersecurity governance strategies and track service levels, ensure performance measures are met and to develop operational level agreements with other intended service providers to ensure performance levels are achieved.
• Cloud adoption methods to minimize risk and drive the deployment, migration and adoption of cloud infrastructure workloads.
• Vulnerability management practices in large enterprise environments, common attack vectors, application vulnerabilities, and best practices for remediation.

Nice to Have

• Experience with public sector finance organizations
• Participation in major cyber security projects
• Advanced certifications in cyber security

Responsibilities

• Assist in managing the planning, design, delivery and implementation of cybersecurity and cloud architecture solutions for large-scale and complex I&IT projects required to meet critical business requirements impacting external stakeholders.
• Lead the development of cybersecurity and cloud governance strategies, corporate cybersecurity policies, procedures, standards, guidelines and best practices.
• Provide analysis and expertise to corporate initiatives, programs and key agency stakeholders, presenting and explaining technical issues, identifying alternatives, providing and recommending cybersecurity solutions and options which will safeguard the confidentiality, integrity and availability of sensitive business data and the vital resources for processing that data.
• Develop and mature the organization's cyber security program and governance strategy with business and IT stakeholders, ensuring performance measures are met to mitigate against cyber risk.
• Provide senior technical expertise to lead the overall adoption of cloud and SaaS based solutions involving the evaluation, configuration, development, risk management and implementation of major cloud projects, standards and procedures related to IT security, privacy, technology solutions, and data repositories.
• Provide project leadership in the design, development, testing, implementation and monitoring of organization-wide security and cloud initiatives.
• Monitor, aggregate and analyze technical information, security events, vulnerabilities and Indicators of Compromise (IOC) across all IT security infrastructure to develop recommendations, enhance visibility and situational awareness to senior management and internal security teams. Communicate methods for detecting activities of cyber threats, and to plan operations to mitigate or disrupt threats.
• Support security monitoring, incident response and forensic activities by providing actionable intelligence to inform remediation and mitigation decisions.
• Undertake in-depth cybersecurity risk and threat research as they apply to the organization, provincial government, agency stakeholders and users and to drive better, more informed responses to security incidents. Capture and communicate key findings for senior management review and decision-making. Develop recommendations to improve technical systems and modern methods (e.g. automation) used to continuously mitigate against cyber threats.
• Provide technical expertise in the areas of Identity and Access Management (IAM), Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) to lead/contribute to the design, development and maintenance of IAM strategies and services for the organization.
• Collaborate with third parties and communities of practice to provide subject matter expertise, participate on special initiatives and to share intelligence.