IT SECURITY & RISK ADVISOR
POSTING NUMBER: 103153
HIRING SALARY RANGE: $87,514.00-98,454.00
MAXIMUM OF SALARY RANGE: $109,393.00
AREA OF RESPONSIBILITY:
This role is responsible to provide advisory subject matter expertise, offer solutions, strategies and recommend ways to ensure all program policies and procedures related to Cyber Security and Information Risk Management within the Corporation are communicated and implemented to meet organizational effectiveness and corporate service standards.
As part of a small IT Security and Risk team, the role will be responsible for a broad range of information security work including: providing security assessments on our in-house developed products as well as procured products; participating in enterprise and project risk management activities; researching, defining evaluation criteria and recommending information security controls and procedures; developing information security standards, policies and procedures; establishing information security metrics, gathering data and preparing reports; participating in the information security incident response process; and championing and communicating the future state of COB’s (City of Brampton) cyber security program.
- Support projects by providing governance, and operational delivery of information security services.
- Conduct security and threat risk assessments and security evaluations.
- Conduct product reviews to identify potential vulnerabilities and risks.
- Review IT operational processes, identifying potential security concerns and risks and developing mitigation measures.
- Participate in enterprise and project risk management activities.
- Proactively conduct IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services).
- Consult with the Corporation’s Technology Services teams to research, define evaluation criteria and recommend information security controls and procedures
- Participate in the information security incident response process.
- Inclusive of the above, the architecture focused role will:
- Liaise with the Enterprise Information Architecture team as the source of trusted security expertise for various programs and projects
- Develop, evolve and maintain security in balance with user, business, and system goals.
- Assist with security reviews for conformance to solution architecture
- Collaborate with development services in the development, review, and documentation of detailed security design and re-usable security design patterns
STAFF GUIDANCE AND DIRECTION
- Support staff, prioritize and organize daily work direction to meet operational effectiveness.
- Coach, mentor and provide guidance as required to meet operational effectiveness.
- Participate in recruitment and hiring process as required to meet operational effectiveness.
- Provide input into performance review as required.
- Serve as a source of trusted information security expertise for various programs and projects.
- Escalate complex issues to appropriate level.
- Liaise with stakeholders in order to understand business needs and recommend solutions to meet operational effectiveness.
- Build and maintain a relationship with internal and external stakeholders, departments and team members to achieve common goals and objectives.
COMMUNICATION AND REPORTING
- Establish information security metrics, gather data and prepare reports.
- Champion and communicate the future state of COB’s cyber security program.
- Present and convey complex concepts and conditions to stakeholders; develop reports, proposals and make recommendations to management for effective decision-making.
- Keep management informed of activities and initiatives; recommend solutions for effective decision-making.
- Develop information security standards, policies and procedures.
- Ensure proper documentation standards are adhered to, and standards are kept up to date.
- Promote security awareness and good data protection practices to safeguard COB’s information assets.
- Help shape strategic technical direction and standards for the organization.
- Keep abreast of new technology trends, information security and cyber risks and standards development in order to recommend solutions that improve business processes, service solutions and best practices.
- Maintain knowledge of collective agreements, City policies and practices, legislation, regulations and Standard Operating Procedures (SOPs).
- Use of effective resource and expense management at all times to meet corporate policies and guidelines.
TEAMWORK AND COOPERATION
- Participate on project initiatives as a subject matter expert.
- Work well within diverse groups to achieve common goals and objectives that meet operational effectiveness and corporate service standards.
- Participate as a member of cross-functional team.
- Demonstrate corporate values at all times.
- Post-secondary degree or diploma in Information Technology, Computer Science, Engineering, Business or related degree is required.
- Professional security and privacy certifications from CEH: Certified Ethical Hacker, ECSA: EC-Council Certified Security Analyst, GSEC / GCIH / GCIA: GIAC Security Certifications, CompTIA CSA+.
- Other industry certifications (e.g. MCSE, CCNA, and ITIL) are preferred.
- Information security specific coursework is an asset.
- 7+ years of broad and progressive information security experience in an enterprise environment including: security program development, security risk and vulnerability analyses, system design and architecture required.
- Minimum of 3 years in a senior information security position in a medium to large organization.
- 3-5 years’ supervisory experience is an asset; Ability to guide and motivate staff
- Practical knowledge of Municipal, Regional, Provincial and Federal Governments and applicable Legislations is an asset
- Experience working on solutions that support verticals such as government, finance, human resources and information management preferred.
- Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards required.
- Demonstrable experience presenting analyses and presentations to both internal and external audiences.
- Strong understanding of various information security controls, their strengths and weaknesses, and how best to apply them successfully to mitigate threats.
- Broad understanding of Microsoft and Oracle technology stacks across operating system, server, middleware, storage (database), and development.
- Exceptional knowledge of application, network, and operating system security, security architectures and the application of privacy and security controls (i.e., authentication, authorization, auditing, encryption).
- Strong understanding of Cloud computing concepts, virtualization and software architecture patterns. Microsoft Azure knowledge and experience is highly preferred.
- Understanding of core architectural and security concepts with respect to alignment of business strategy and objectives with technology solutions.
- Ability to understand and translate strategic, tactical and operational business requirements into effective architectures and designs through the use of new or enhanced technology products and services to support business objectives.
- Ability to function with a high level of autonomy in setting objectives based on direction from management.
- Collaboration with team in managing expectations and tracking progress.
- Ability to develop detailed documentation tailored to specific audiences and purposes.
- Exceptional communication skills. Has the ability to interact equally well with experts from multiple disciplines; both technical and non-technical. Listens effectively and articulates complex technology alternatives in ways appropriate for the audience.
- Strong Presentation skills; Facilitate and convey concepts in a clear and concise manner
- Strong Customer Service and People Management skills; Interface with internal and external stakeholders and resolve issues to meet corporate service standards
- Strong Organizational skills; Detail oriented, well organized and able to prioritize complex tasks and meet critical deadlines
- Strong Analytical skills for complex problem solving
- Computer proficiency in Microsoft office/software
Exciting things are happening at the City of Brampton. Watch our Join Our Team video to hear what our employees say about working here. For insight about Brampton’s future, take a peek at what renowned urban planner Larry Beasley has to say.
**Various tests and/or exams may be administered as part of the selection criteria.
Job status: Permanent
Job Type: Non-Union
Applications must be received by: October, 17, 2018
Alternate formats will be provided upon request.
If this opportunity matches your interest and experience, please apply online at: www.brampton.ca/employment quoting reference # 103153 by October 17, 2018 and complete the attached questionnaire. We thank all applicants; however, only those selected for an interview will be contacted. The successful candidate(s) will be required, as a condition of employment, to execute a written employment agreement.
Please be advised, the City of Brampton uses email to communicate with their applicants for open job competitions. It is the applicant’s responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time sensitive correspondence via email (i.e. testing bookings, interview dates), it is imperative that applicants check their email regularly. If we do not hear back from applicants, we will assume that you are no longer interested in the Job Competition and your application will be removed from the Competition.
The City is an equal opportunity employer. We are committed to inclusive, barrier-free recruitment and selection processes and work environments. If you are contacted for a job opportunity, please advise the Human Resources Division of any accommodations needed to ensure you have access to a fair and equitable process. Any information received relating to accommodation will be addressed confidentially.