RQ00629 - Sr. Security Specialist - Threat Risk Assessment

RQ00629 - Sr. Security Specialist - Threat Risk Assessment

6-month contract (117 business days) - possible extension

ONSITE 5 days - 777 Memorial Ave, Orillia

Must Haves:

• 5+ years experience Conducts Threat Risk Assessments (TRA) and other relevant for OPP software, systems and solutions.
• 5+ years of experience assessing internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. Where possible, reduce risks through system or organizational design.
• 5+ years of experience ensuring the incorporation of IT security and contingency measures in the development of systems
• Public Sector experience

Responsibilities:

• Conducts Threat Risk Assessments (TRA) and other relevant for OPP software, systems and solutions.
• Collaborates with project/development teams, project managers, security architects, testing and compliance teams to document risks, mitigation plans and compile them into formal risk assessment reports directed towards a diverse set of audience, which includes developers, project managers, operations analysts, senior management & OPP leadership.
• Assesses internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. Where possible, reduce risks through system or organizational design.
• Implement security measures to prevent or mitigate, detect and respond to security threats and vulnerabilities to information systems and resources at the program and enterprise levels. Periodically review security measures to ascertain that the security measures are still sufficient and continue to operate as expected. Such reviews must also be performed whenever security incidents occur or business processes change.
• Defines, evaluates, and assesses security architecture requirements for systems environments and IT projects.
• Ensures the incorporation of IT security and contingency measures in the development of systems
• Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards.
• Carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I&IT management

General Skills:

• Strong understanding and expertise in security architecture, governance, risk management and compliance.
• Experience in the application of cyber security methodology and tools to define scope, critical business processes and functions, identify critical assets and dependencies in reports to clients (TRA or other security assessments).
• Experience and ability to plan and facilitate Threat Risk Assessment and/or other workshops with business clients.
• Experience and ability to apply the RCMP Harmonized Threat Risk Assessment (HTRA) or equivalent risk assessment methodology.
• Knowledge of techniques to secure information assets and the planning, design, and implementation of security technologies.
• Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses.
• Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk
• Solid knowledge of current security and contingency technology and techniques (e.g. digital signature, encryption, access controls, firewalls, authentication, virus protection, etc.); and a proven working knowledge of security audit procedures and protocols.
• Experience in establishing secure environments at a network, operating system or application level
• Experience with implementing security on complex and distributed systems.
• Experience in conducting in depth analysis and provide recommendations with all required sign-off in the prescribed timelines as given (TRA reports or other security assessment reports)
• Experience and knowledge to provide security requirements for procurement documents and participate in security evaluations as part of the procurement process
• Ability to assess Information Security Risk, Business Continuity Planning and Business Impact Analysis technical issues for any of the technical environments and delivery channels across the Ontario Provincial Government.
• Awareness of emerging IT trends and directions, especially as related to security, privacy and risk management.
• Excellent analytical, problem-solving, and decision-making skills; written and verbal communication skills; interpersonal and negotiation skills
• A team player with a track record for meeting deadlines, managing competing priorities and client relationship management experience

Desirable Skills:

• Experience in performing threat and risk assessment.
• Knowledge and understanding of Information Management principles, concepts, policies and practices.
• Experience in business recovery and disaster recovery planning.
• Experience in public key infrastructure development and operation.
• Experience in security design as part of systems development projects, using major development tools, techniques and methodologies.
• Experience in vulnerability analysis and penetration testing.
• Experience in network monitoring.
• Experience in developing and delivering security education.

Deliverables

• Lead formal and informal security risk assessments and mitigation strategies.
• Recommended measures to detect, prevent, and respond to security threats.
• Define ad evaluate security architecture for systems and IT projects.
• Provide leadership in cyber security and enterprise IT security architecture across business, technology, and application domains.

AI Disclaimer: Source Code may use artificial intelligence (AI) tools to assist in certain aspects of its recruiting and business operations.

Note: The higher end of the range is intended for absolutely exceptional candidates who meet all must-have requirements and most or all nice-to-have qualifications. The client will evaluate candidates based on both rate expectations and overall skill set when shortlisting.

INCORPORATED RATE RANGE (7.25 billable hours per day)

• $96.46/hr - $115.75/hr Inc.

T4 RATE RANGE (7.25 billable hours per day)

• $77.17/hr - $92.60/hr T4