IT SECURITY AND RISK ADVISOR

Job title: IT SECURITY AND RISK ADVISOR

Company: City of Brampton

Job description: Job Description

Exciting things are happening at the City of Brampton. Take a look at what employees are working on related to our Term of Council Priorities moving us forward towards The Brampton 2040 Vision.

ADVISOR, IT SECURITY AND RISK

12 MONTH CONTRACT

POSTING NUMBER:103673

HIRING SALARY RANGE: $91,190.000-$103,714.00 PER ANNUM

MAXIMUM OF SALARY RANGE: $115,237.00 PER ANNUM

AREA OF RESPONSIBILITY:

This role is responsible to provide advisory subject matter expertise, offer solutions, strategies and recommend ways to ensure all program policies and procedures related to Cyber Security and Information Risk Management within the Corporation are communicated and implemented to meet organizational effectiveness and corporate service standards.

As part of a small IT Security and Risk team, the role will be responsible for a broad range of information security work including: Supporting Information Security tooling, e.g. Vulnerability scanners, IDS/IPS, AntiVirus, Malware Detection Responses, URL Filtering, Threat Hunting, DLP on Endpoints, Network Devices, and 0365/Azure Cloud. Managing operational support for Certificate Management process. Providing security assessments on our in-house developed products as well as procured products; participating in enterprise and project risk management activities; researching, defining evaluation criteria and recommending information security controls and procedures; developing information security standards, policies and procedures; establishing information security metrics, gathering data and preparing reports; participating in the information security incident response process; and championing and communicating the future state of COB’s (City of Brampton) cyber security awareness program.

• OPERATION SUPPORT

• Support projects and security tools by providing governance, and operational delivery of information security services.
• Conduct security and threat risk assessments and security evaluations.
• Conduct product reviews to identify potential vulnerabilities and risks.
• Review IT operational processes, identifying potential security concerns and risks and developing mitigation measures.
• Participate in enterprise and project risk management activities.
• Proactively conduct IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services).
• Consult with the Corporation’s Technology Services teams to research, define evaluation criteria and recommend information security controls and procedures
• Participate in the information security incident response process.
• Inclusive of the above, the architecture focused role will:
• Liaise with the Enterprise Information Architecture team as the source of trusted security expertise for various programs and projects
• Develop, evolve and maintain security in balance with user, business, and system goals.
• Assist with security reviews for conformance to solution architecture
• Collaborate with development services in the development, review, and documentation of detailed security design and re-usable security design patterns.
• STAFF GUIDANCE AND DIRECTION

• Support staff, prioritize and organize daily work direction to meet operational effectiveness.
• Coach, mentor and provide guidance as required to meet operational effectiveness.
• Participate in recruitment and hiring process as required to meet operational effectiveness.
• Provide input into performance review as required.
• CUSTOMER SERVICE

• Serve as a source of trusted information security expertise for various programs and projects.
• Escalate complex issues to appropriate level.
• Liaise with stakeholders in order to understand business needs and recommend solutions to meet operational effectiveness.
• Build and maintain a relationship with internal and external stakeholders, departments and team members to achieve common goals and objectives.
• COMMUNICATION AND REPORTING

• Establish information security metrics, gather data and prepare reports.
• Champion and communicate the future state of COB’s cyber security program.
• Present and convey complex concepts and conditions to stakeholders; develop reports, proposals and make recommendations to management for effective decision-making.
• Keep management informed of activities and initiatives; recommend solutions for effective decision-making.
• CORPORATE CONTRIBUTION

• Develop information security standards, policies and procedures.
• Ensure proper documentation standards are adhered to, and standards are kept up to date.
• Promote security awareness and good data protection practices to safeguard COB’s information assets.
• Help shape strategic technical direction and standards for the organization.
• Keep abreast of new technology trends, information security and cyber risks and standards development in order to recommend solutions that improve business processes, service solutions and best practices.
• Maintain knowledge of collective agreements, City policies and practices, legislation, regulations and Standard Operating Procedures (SOPs).
• BUDGET SUPPORT

• Use of effective resource and expense management at all times to meet corporate policies and guidelines.
• TEAMWORK AND COOPERATION

• Participate on project initiatives as a subject matter expert.
• Work well within diverse groups to achieve common goals and objectives that meet operational effectiveness and corporate service standards.
• Participate as a member of cross-functional team.
• Demonstrate corporate values at all times.

SELECTION CRITERIA:

• Post-secondary degree or diploma in Information Technology, Computer Science, Engineering, Business or related degree is required.
• Professional security and privacy certifications (one of more of the following is preferred):Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA)
• Information security specific coursework is an asset.
• 5+ years of broad and progressive information security experience in an enterprise environment including: security tooling support, program development, security risk and vulnerability analyses, system design and architecture required.
• Minimum of 3 years in a senior information security position in a medium to large organization.
• 3-5 years supervisory experience is an asset; Ability to guide and motivate staff
• Practical knowledge of Municipal, Regional, Provincial and Federal Governments and applicable Legislations is an asset
• Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards required.
• Experience in public cloud environment (MS Azure and AWS is highly preferred) and analyzing existing cloud structures and creating new and enhanced security methods.
• Knowledge of and experience working with the following IT security solutions: Cloud Access Security Broker, Endpoint Detection and Response, Next Generation Firewall, Privileged Access Management, Identity Access Management, Security Information and Event Management (SIEM), Multi Factor Authentication, Vulnerability Management, Penetration Testing, etc.)
• Experience with conducting cybersecurity vulnerability assessments
• Tracking mitigations to address cyber threats and lead security incident response coordination and remediation activities
• Understanding of and experience with general certificate management processes, public key infrastructure (PKI) and commercial Certificate Authority providers
• Demonstrable experience presenting analyses and presentations to both internal and external audiences.
• Strong understanding of various information security controls, their strengths and weaknesses, and how best to apply them successfully to mitigate threats.
• Broad understanding of Microsoft and Oracle technology stacks across operating system, server, middleware, storage (database), and development.
• Exceptional knowledge of application, network, and operating system security, security architectures and the application of privacy and security controls (i.e., authentication, authorization, auditing, encryption).
• Strong understanding of Cloud computing concepts, virtualization and software architecture patterns. Microsoft Azure knowledge and experience is highly preferred. Ability to understand and translate strategic, tactical and operational business requirements into effective architectures and designs through the use of new or enhanced technology products and services to support business objectives.
• Ability to function with a high level of autonomy in setting objectives based on direction from management.
• Collaboration with team in managing expectations and tracking progress.
• Ability to develop detailed documentation tailored to specific audiences and purposes.
• Exceptional communication skills. Has the ability to interact equally well with experts from multiple disciplines; both technical and non-technical. Listens effectively and articulates complex technology alternatives in ways appropriate for the audience.
• Strong Presentation skills; Facilitate and convey concepts in a clear and concise manner
• Strong Customer Service and People Management skills; Interface with internal and external stakeholders and resolve issues to meet corporate service standards
• Strong Organizational skills; Detail oriented, well organized and able to prioritize complex tasks and meet critical deadlines
• Strong Analytical skills for complex problem solving

**Various tests and/or exams may be administered as part of the selection criteria.

Job status: Permanent

Job Type: Management and Administration

Applications must be received by:April 28, 2021

Alternate formats will be provided upon request.

As part of the corporation’s Modernizing Job Evaluation project, this position will undergo an evaluation which may result in a change to the rate of compensation. Any changes affecting this position will be communicated as information becomes available.

If this opportunity matches your interest and experience, please apply online by clicking the button above quoting reference #103696 by April 28, 2021 and complete the attached questionnaire. We thank all applicants; however, only those selected for an interview will be contacted. The successful candidate(s) will be required, as a condition of employment, to execute a written employment agreement. A criminal record search will be required of the successful candidate to verify the absence of a criminal record for which a pardon has not been granted.

Please be advised, the City of Brampton uses email to communicate with their applicants for open job competitions. It is the applicant’s responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time sensitive correspondence via email (i.e. testing bookings, interview dates), it is imperative that applicants check their email regularly. If we do not hear back from applicants, we will assume that you are no longer interested in the Job Competition and your application will be removed from the Competition.

The City is an equal opportunity employer. We are committed to inclusive, barrier-free recruitment and selection processes and work environments. If you require any accommodations at any point during the application and hiring process, please contact TalentAcquisition@brampton.ca or 905.874-2150 with your accommodation needs, quoting the job opening ID#, job title. Any information received relating to accommodation will be

Expected salary:

Location: Brampton, ON

Job date: Sat, 17 Apr 2021 22:40:53 GMT