Information Security Specialist – JO-2625
Contract Term: 12 months with the option to extend up to six (6) months
This is not a “hands on” role; it is an advisory/SME position; working with both, the management and the “hands on” IT security staff.
The most important responsibilities of this job are showing in bold.
- Provide subject matter expertise on IT Risk Management, Information Security, Cyber Security, and Business Continuity Planning as part of services to clients and project teams;
- Provide subject matter expertise in the threat risk assessment, vulnerability assessment, penetration testing and privacy impact assessment of IT operations, capital IT projects, IT systems.
- Develops and maintains Cyber Security/Information Security governance, policies, guidelines, procedures, standards and safeguards.
- Provides consultation to internal stakeholders and projects. Consistently strive to ensure that adherence to security/risk management policies and procedures are built into project deliverables.
- Develop the Request for Expression of Interest (REOI) and Request for Quotation (RFQ) for Vulnerability Assessment (VA) services.
- Ensure that all acquisitions and outsourcing efforts address Cyber Security requirements consistent with organization goals and industry frameworks (e.g., NIST). Provides direct support for acquisitions that use information technology (IT), applying IT-related standards and policies, and provides IT-related guidance throughout the total acquisition life cycle;
- Provide support to the OEM (Office of Emergency Management) and corporate IT security incident management teams;
- Act as a liaison between corporate IT division and the OEM, Accountability Officers, Legal Services, Human Resources, Labour Relations, Agencies & Commissions, & law enforcement agencies;
- Support remediation of IT audit issues and recommendations;
- Develop documentation as directed by management to address Business Continuity and Disaster Recovery requirements;
- Direct internal and MSSP staff in identifying, developing, implementing and maintaining processes across the organization to reduce Information and IT risk, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures;
- Directs the review, development, testing and implementation of Cyber Security plans, products and controls.
- Provides subject matter expert support/consultation to RFP design and evaluations as directed
- Specifies IT security products and processes.
- Support Critical Infrastructure Protection planning;
- Assist with the strategy development and implementation of: IT Risk Management, BCP/DR, Cyber security education, training and awareness
- Support the Manager of Risk Management, Cyber Security & Compliance as required