Security Specialist Threat Risk essment 7836-2612
Security Specialist Threat Risk essment 7836-2612
Posted on :
12-09-2024
Employer Active
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
HM Note: This hybrid role is in office once every two weeks at the managers discretion.
Responsibilities: and nbsp;
Assesses internal and external threats and vulnerabilities of information systems and resources and the likelihood of these threats and resulting impacts. and nbsp;
Where possible reduce risks through system or organizational design. and nbsp;
Implement security measures to prevent or mitigate detect and respond to security threats and vulnerabilities to information systems and resources at the program and enterprise levels. and nbsp;
Periodically review security measures to ascertain that the security measures are still sufficient and continue to operate as expected. Such reviews must also be performed whenever security incidents occur or business processes change. and nbsp;
Defines evaluates and assesses security architecture requirements for systems environments and IT projects. and nbsp;
Ensures the incorporation of IT security and contingency measures in the development of systems. and nbsp;
Advises on the identification analysis and resolution of specific security factors risks vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards. and nbsp;
Carry out information and information technology (I and amp;IT) security projects and tasks in the Ontario Public Service as assigned by Corporate Security or cluster I and amp;IT management
Skills
Experience and Skill Set Requirements
General Skills: and nbsp;
Strong understanding and expertise in security architecture and nbsp;
Experience in the application of Cyber Security methodology and tools to define scope critical business processes and functions identify critical assets and dependencies in reports to clients (TRA or other security assessments) Experience and ability to plan and facilitate Threat Risk Assessment and/or other workshops with business clients and nbsp;
Experience and ability to apply Harmonized Threat Risk Assessment (HTRA) or equivalent methodology and nbsp;
Knowledge of techniques to secure information assets and the planning design and implementation of security technologies. and nbsp;
Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses. and nbsp;
Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk Solid knowledge of current security and contingency technology and techniques (e.g. digital signature encryption access controls firewalls authentication virus protection etc.); and a proven working knowledge of security audit procedures and protocols. and nbsp;
Experience in developing enterprise architecture deliverables (e.g. models) and nbsp;
Experience in providing specialized security support at the specified experience level. and nbsp;
Experience in establishing secure environments at a network operating system or application level. and nbsp;
Experience with implementing security on complex and distributed systems. and nbsp;
Experience in conducting in depth analysis and provide recommendations with all required signoff in the prescribed timelines as given (TRA reports or other security assessment reports) and nbsp;
Experience and knowledge to provide security requirements for procurement documents and participate in security evaluations as part of the procurement process and nbsp;
Ability to assess Information Security Risk Business Continuity Planning and Business Impact Analysis technical issues for any of the technical environments and delivery channels across the Ontario Provincial Government including Mainframe Unix and Windows. Awareness of emerging IT trends and directions especially as related to security. and nbsp;
Excellent analytical problemsolving and decisionmaking skills; written and verbal communication skills; interpersonal and negotiation skills and nbsp;
A team player with a track record for meeting deadlines managing competing priorities and client relationship management experience and nbsp;
Desirable Skills: and nbsp;
Experience in developing enterprise architecture deliverables (e.g. models) based on Ontario Government Enterprise Architecture processes and practice and nbsp;
Knowledge and understanding of Information Management principles concepts policies and practices and nbsp;
Experience in business recovery and disaster recovery planning. and nbsp;
Experience in performing threat and risk assessment. and nbsp;
Experience in public key infrastructure development and operation. and nbsp;
Experience in security design as part of systems development projects. and nbsp;
Experience in intrusion detection systems. and nbsp;
Experience in mitigation tools for malicious software. and nbsp;
Experience in vulnerability analysis and penetration testing. and nbsp;
Experience in network monitoring. and nbsp;
Experience in security policy development. and nbsp;
Experience in developing and delivering security education. and nbsp;
Experience in forensic investigation. and nbsp;
Knowledge and understanding of Information Management principles concepts policies and practices
Cyber Risk Assessment 40%
- Understanding of threat modeling and risk assessment methodologies.
- Ability to identify vulnerabilities and potential impacts on organizational assets.
- Knowledge of risk management frameworks like NIST SP 80030
- Proficiency in using cybersecurity tools and software for vulnerability scanning and risk analysis.
- Familiarity with network security endpoint security and application security.
- Awareness of relevant laws regulations and standards (e.g. GDPR HIPAA ISO 27001).
- Ability to ensure that risk assessments align with regulatory requirements
and nbsp;
Cyber Security Architecture 40%
- Expertise in designing secure network architectures including firewalls IDS/IPS and VPNs.
- Knowledge of cloud security architectures and best practices.
- Proficiency in security technologies such as encryption authentication and access control.
- Familiarity with security protocols and standards (e.g. TLS SSL IPsec).
- Knowledge of incident response and disaster recovery planning.
- Understanding of industry best practices and frameworks (e.g. NIST CIS Controls).
- Ability to ensure architectural designs comply with regulatory requirements.
and nbsp;
Executive IT Communication 20%
- Ability to present complex technical information in a clear and concise manner to nontechnical executives.
- Proficiency in creating impactful presentations and reports.
- Skills in engaging with stakeholders to understand their concerns and requirements.
- Ability to build strong relationships with executive leadership and board members
Must Have:
5 years information security risk management experience and nbsp;
3 years security architecture experience
3 years security risk assessment experience and nbsp;
Employment Type
Full Time
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
