Start Date- 2024-09-16
End Date- 2025-03-31
Remote/Hybrid work: required to come to the office upon request (once every two weeks).
...
Responsibilities Assesses internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. Where possible, reduce risks through system or organizational design. Implement security measures to prevent or mitigate, detect and respond to security threats and vulnerabilities to information systems and resources at the program and enterprise levels. Periodically review security measures to ascertain that the security measures are still sufficient and continue to operate as expected. Such reviews must also be performed whenever security incidents occur or business processes change. Defines, evaluates, and assesses security architecture requirements for systems environments and IT projects. Ensures the incorporation of IT security and contingency measures in the development of systems. Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards. Carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I&IT management.
Advantages
Having the opportunity to carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service.
Responsibilities
Understanding of threat modeling and risk assessment methodologies.
Ability to identify vulnerabilities and potential impacts on organizational assets.
Knowledge of risk management frameworks like NIST SP 800-30
Proficiency in using cybersecurity tools and software for vulnerability scanning and risk analysis.
Familiarity with network security, endpoint security, and application security.
Awareness of relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001).
Ability to ensure that risk assessments align with regulatory requirements
Expertise in designing secure network architectures, including firewalls, IDS/IPS, and VPNs.
Knowledge of cloud security architectures and best practices.
Proficiency in security technologies such as encryption, authentication, and access control.
Familiarity with security protocols and standards (e.g., TLS, SSL, IPsec).
Knowledge of incident response and disaster recovery planning.
Understanding of industry best practices and frameworks (e.g., NIST, CIS Controls).
Ability to ensure architectural designs comply with regulatory requirements.
Executive IT Communication - 20%
Ability to present complex technical information in a clear and concise manner to non-technical executives.
Proficiency in creating impactful presentations and reports.
Skills in engaging with stakeholders to understand their concerns and requirements.
Ability to build strong relationships with executive leadership and board members
Responsibilities Assesses internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. Where possible, reduce risks through system or organizational design. Implement security measures to prevent or mitigate, detect and respond to security threats and vulnerabilities to information systems and resources at the program and enterprise levels. Periodically review security measures to ascertain that the security measures are still sufficient and continue to operate as expected. Such reviews must also be performed whenever security incidents occur or business processes change. Defines, evaluates, and assesses security architecture requirements for systems environments and IT projects. Ensures the incorporation of IT security and contingency measures in the development of systems. Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards. Carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I&IT management
Qualifications
5+ years information security risk management experience
3+ years security architecture experience
3+ years security risk assessment experience
Strong understanding and expertise in security architecture Experience in the application of Cyber Security methodology and tools to define scope, critical business processes and functions, identify critical assets and dependencies in reports to clients (TRA or other security assessments) Experience and ability to plan and facilitate Threat Risk Assessment and/or other workshops with business clients Experience and ability to apply Harmonized Threat Risk Assessment (HTRA) or equivalent methodology Knowledge of techniques to secure information assets and the planning, design, and implementation of security technologies. Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses. Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk Solid knowledge of current security and contingency technology and techniques (e.g. digital signature, encryption, access controls, fire-walls, authentication, virus protection, etc.); and a proven working knowledge of security audit procedures and protocols. Experience in developing enterprise architecture deliverables (e.g. models) Experience in providing specialized security support at the specified experience level. Experience in establishing secure environments at a network, operating system or application level. Experience with implementing security on complex and distributed systems. Experience in conducting in depth analysis and provide recommendations with all required sign-off in the prescribed timelines as given (TRA reports or other security assessment reports) Experience and knowledge to provide security requirements for procurement documents and participate in security evaluations as part of the procurement process Ability to assess Information Security Risk, Business Continuity Planning and Business Impact Analysis technical issues for any of the technical environments and delivery channels across the Ontario Provincial Government including Mainframe, Unix and Windows. Awareness of emerging IT trends and directions, especially as related to security. Excellent analytical, problem-solving, and decision-making skills; written and verbal communication skills; interpersonal and negotiation skills A team player with a track record for meeting deadlines, managing competing priorities and client relationship management experience Desirable Skills Experience in developing enterprise architecture deliverables (e.g. models) based on Ontario Government Enterprise Architecture processes and practice Knowledge and understanding of Information Management principles, concepts, policies and practices Experience in business recovery and disaster recovery planning. Experience in performing threat and risk assessment. Experience in public key infrastructure development and operation. Experience in security design as part of systems development projects. Experience in intrusion detection systems. Experience in mitigation tools for malicious software. Experience in vulnerability analysis and penetration testing. Experience in network monitoring. Experience in security policy development. Experience in developing and delivering security education. Experience in forensic investigation. Knowledge and understanding of Information Management principles, concepts, policies and practices.
Summary
Are you passionate about cybersecurity and risk management? Are you intrigued about what you can do as a Security Specialist - Threat Risk Assessment? Come join our team and explore the opportunities of how to help our digital future.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
show more
Start Date- 2024-09-16
End Date- 2025-03-31
Remote/Hybrid work: required to come to the office upon request (once every two weeks).
Responsibilities Assesses internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. Where possible, reduce risks through system or organizational design. Implement security measures to prevent or mitigate, detect and respond to security threats and vulnerabilities to information systems and resources at the program and enterprise levels. Periodically review security measures to ascertain that the security measures are still sufficient and continue to operate as expected. Such reviews must also be performed whenever security incidents occur or business processes change. Defines, evaluates, and assesses security architecture requirements for systems environments and IT projects. Ensures the incorporation of IT security and contingency measures in the development of systems. Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards. Carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I&IT management.
...
Advantages
Having the opportunity to carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service.
Responsibilities
Understanding of threat modeling and risk assessment methodologies.
Ability to identify vulnerabilities and potential impacts on organizational assets.
Knowledge of risk management frameworks like NIST SP 800-30
Proficiency in using cybersecurity tools and software for vulnerability scanning and risk analysis.
Familiarity with network security, endpoint security, and application security.
Awareness of relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001).
Ability to ensure that risk assessments align with regulatory requirements
Expertise in designing secure network architectures, including firewalls, IDS/IPS, and VPNs.
Knowledge of cloud security architectures and best practices.
Proficiency in security technologies such as encryption, authentication, and access control.
Familiarity with security protocols and standards (e.g., TLS, SSL, IPsec).
Knowledge of incident response and disaster recovery planning.
Understanding of industry best practices and frameworks (e.g., NIST, CIS Controls).
Ability to ensure architectural designs comply with regulatory requirements.
Executive IT Communication - 20%
Ability to present complex technical information in a clear and concise manner to non-technical executives.
Proficiency in creating impactful presentations and reports.
Skills in engaging with stakeholders to understand their concerns and requirements.
Ability to build strong relationships with executive leadership and board members
Responsibilities Assesses internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. Where possible, reduce risks through system or organizational design. Implement security measures to prevent or mitigate, detect and respond to security threats and vulnerabilities to information systems and resources at the program and enterprise levels. Periodically review security measures to ascertain that the security measures are still sufficient and continue to operate as expected. Such reviews must also be performed whenever security incidents occur or business processes change. Defines, evaluates, and assesses security architecture requirements for systems environments and IT projects. Ensures the incorporation of IT security and contingency measures in the development of systems. Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards. Carry out information and information technology (I&IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I&IT management
Qualifications
5+ years information security risk management experience
3+ years security architecture experience
3+ years security risk assessment experience
Strong understanding and expertise in security architecture Experience in the application of Cyber Security methodology and tools to define scope, critical business processes and functions, identify critical assets and dependencies in reports to clients (TRA or other security assessments) Experience and ability to plan and facilitate Threat Risk Assessment and/or other workshops with business clients Experience and ability to apply Harmonized Threat Risk Assessment (HTRA) or equivalent methodology Knowledge of techniques to secure information assets and the planning, design, and implementation of security technologies. Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses. Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk Solid knowledge of current security and contingency technology and techniques (e.g. digital signature, encryption, access controls, fire-walls, authentication, virus protection, etc.); and a proven working knowledge of security audit procedures and protocols. Experience in developing enterprise architecture deliverables (e.g. models) Experience in providing specialized security support at the specified experience level. Experience in establishing secure environments at a network, operating system or application level. Experience with implementing security on complex and distributed systems. Experience in conducting in depth analysis and provide recommendations with all required sign-off in the prescribed timelines as given (TRA reports or other security assessment reports) Experience and knowledge to provide security requirements for procurement documents and participate in security evaluations as part of the procurement process Ability to assess Information Security Risk, Business Continuity Planning and Business Impact Analysis technical issues for any of the technical environments and delivery channels across the Ontario Provincial Government including Mainframe, Unix and Windows. Awareness of emerging IT trends and directions, especially as related to security. Excellent analytical, problem-solving, and decision-making skills; written and verbal communication skills; interpersonal and negotiation skills A team player with a track record for meeting deadlines, managing competing priorities and client relationship management experience Desirable Skills Experience in developing enterprise architecture deliverables (e.g. models) based on Ontario Government Enterprise Architecture processes and practice Knowledge and understanding of Information Management principles, concepts, policies and practices Experience in business recovery and disaster recovery planning. Experience in performing threat and risk assessment. Experience in public key infrastructure development and operation. Experience in security design as part of systems development projects. Experience in intrusion detection systems. Experience in mitigation tools for malicious software. Experience in vulnerability analysis and penetration testing. Experience in network monitoring. Experience in security policy development. Experience in developing and delivering security education. Experience in forensic investigation. Knowledge and understanding of Information Management principles, concepts, policies and practices.
Summary
Are you passionate about cybersecurity and risk management? Are you intrigued about what you can do as a Security Specialist - Threat Risk Assessment? Come join our team and explore the opportunities of how to help our digital future.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
show more