Reporting to the Supervisor, Information Security,
The incumbent will:
- Ensure that disaster recovery plans are in place and aligned with business continuity plans, lead technical teams in the implementation and testing of plans, and advise business units of roles and responsibilities to enact approved plans
- Lead project teams ensuring stakeholder expectations, scope, plans, timelines, individual responsibilities, materials, equipment, and budgets are met or exceeded to ensure financial and operational risks are mitigated
- Lead cybersecurity incident response and post-mortems, ensuring proactive protection plans are in place to avoid similar situations and to proactively identify other threats that may be present in the environment
- Ensure that the cybersecurity incident response plan is up to date and conduct exercises to ensure roles and responsibilities are understood
- Assist with the vision and roadmap for IT Security and Networking that supports the Departmental Operational Plans and the Organizational Strategic Plan
- Create dashboards, assist with determining KPIs, and gather metrics to communicate organizational security posture to key stakeholders
- Assist with operational and capital budget requests to fund program activities
- Assist with reviews of organizational security policies, recommending changes
- Collaborate on enterprise initiatives as a subject matter expert to identify risk associated with technology and provide advice/guidance for complex situations
- Address functional, monitoring, operational, quality, performance, recovery, and security requirements in an efficient and productive manner
- Review security risk assessments and recommend risk mitigation strategies
- Identify design gaps in existing and proposed architectures or projects and recommend changes or enhancements, update disaster recovery as appropriate
- Ensure ongoing alignment of IT standards, processes, practices, and security controls with audit, compliance, and policy requirements
The successful incumbent will possess:
- A diploma or degree in Computer Science, Computer Technology, Computer Engineering, Cybersecurity, or Information Systems Security, or a related discipline
- Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) Certification required
- Progressive experience in the areas of security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations
- Solid knowledge of cloud concepts, architecture, design, data security, platform security, infrastructure security, application security, and compliance.
- Understanding of IT architecture, OT architecture, networks, operating systems, cryptography, telecommunications, and associated cybersecurity technologies
- Knowledge of information security governance, risk management, security principles, best/good practices, and industry standards
- Experience with complex projects involving integration of technologies/platforms across technical teams and maintaining relationships with stakeholders
- Experience with business continuity planning, disaster recovery planning, cyber incident response planning, and risk management
- Familiarity with the tools and techniques commonly used by malicious actors
- Ability to translate complex technical language and communicate business risks
- Excellent communication and interpersonal skills
- Effective leadership and coaching skills
- Strong project and time management skills
- Strong analytical and troubleshooting skills with the ability to generate and implement innovative and creative solutions
- Ability to multi-task and manage competing priorities, to influence and lead change
- Capacity to maintain tactfulness, integrity, and confidentiality
- Capacity to foster mutual understanding in intercultural and interdepartmental interactions
