Security Specialist (TRA, NIST)

Posted 9 months ago

Security Specialist (TRA, NIST)

JO 2765

Duration: 1 year to start with; 6 months potential extension

Location: Toronto, Ontario

Assignment Duties

  • Determining the scope of each TRA they are assigned
  • Planning and managing all deliverables required in order to conduct TRAs on each assigned application and/or system
  • Conducting the TRA for the assigned projects, following a formal risk assessment methodology such as NIST, Harmonized Threat and Risk Assessment Methodology or equivalent

Developing and implementing a TRA Work Plan, including but not limited to:

  • A detailed schedule, including milestones, critical activities and dependencies for the completion of the work
  • Identifying employees and assets to be safeguarded in a Statement of Sensitivity;
  • Determining threats to employees and assets in Canada and abroad, and assessing the likelihood and impact of threat occurrence;
  • Assessing risks based on the adequacy of existing safeguards and vulnerabilities;
  • Recommending any supplementary safeguards to reduce the risk to an acceptable level;
  • Providing weekly status and progress report updates;
  • Completing relevant Information Security-related work (such as conducting meetings/interviews);
  • Provide subject matter expertise on Threat Risk Assessment, Vulnerability Assessment, Penetration Testing and Privacy Impact Assessment of the IT operations, capital IT projects, IT systems;
  • Develop the Request for Proposals and Request for Quotation for Vulnerability Assessment (VA) services;
  • Assisting with Vulnerability Assessment Risk Treatment Plans and Risk remediation with project teams;
  • Completion and submission of a Final TRA report for each system assessed.

Qualifications and Experience:

  • Knowledge of Formal Threat Risk Assessment (TRA) approaches such as Harmonized Threat and Risk Assessment (HTRA) methodology, NIST;
  • Experience in delivering written TRA reports;
  • Minimum of six years of experience in the information security and/or IT risk management field;
  • Minimum of four years’ experience performing TRA(s) on complex IT projects that include BOTH infrastructure and Application security assessments.
  • Demonstrated ability to engage stakeholders, consult and manage issues;
  • Superior written and oral communication skills with technical and business audiences;
  • Timely with deadlines, team player and organized as well as able to conduct information gathering sessions and interviews with stakeholders;
  • Current holder of security industry specific certifications

Technical Capabilities:

  • Demonstrated understanding of technical and non-technical vulnerabilities and mitigation controls.
  • Expert knowledge of security controls that impact the protection of sensitive/personal information, data integrity, system availability including (but not limited to) internet tools, system interfaces, information security, information architecture and data flows.
  • Well-developed research, analytical and problem-solving skills;
  • Understanding of vulnerability assessments and penetration testing lifecycle;
  • Understanding of Risk remediation and risk treatment.

Job URL:

Apply Online