Senior Cyber Security Specialist
Our client’s mandate is to strengthen supply chain management and procurement across the public sector, ensuring that Ontario ministries, provincial agencies, hospitals, school boards, children’s aid societies and more have access to high-quality, timely, reliable products at the best value.
In response to the escalating cyber threats in today's digital landscape, Ou client is embarking on a strategic initiative to establish a robust and comprehensive cyber security program. This endeavour will aim to fortify the organization's digital defenses, safeguard sensitive data, and ensure continuity of operations in the face of evolving cyber risk.
Their primary goal revolves around the establishment of a mature cyber security program that underpins their core business functions. Focusing on continuous improvement, key objectives include bolstering proactive and reactive controls to preserve Confidentiality, Integrity and Availability (CIA). An extensive program will include areas such as Cyber Policy and Procedure Development, Cyber Risk Assessment & Management, Security Compliance, Security Training & Awareness, Incident Response, and Threat Intelligence.
Through the utilization of cutting-edge technology and industry best practices, they are dedicated to building a comprehensive cyber security program within the organization.
- 7+ years of robust experience in a hands-on security role, supporting incident response, threat intelligence, secure architecture, and other security assurance activities.
- In-depth knowledge and experience with industry standards and security frameworks such as NIST 800-53, ISO/IEC 27001, CIS, Etc.
- Knowledge and experience working with SOC Audit reports, including SOC 2 Type 2.
- Extensive knowledge in cyber risk management frameworks, conducting threat risk assessments, and recommending mitigations to reduce or eliminate identified risks.
- Knowledge of cybersecurity concepts, including threats, vulnerabilities, security operations, cloud security, encryption, defense-in-depth, auditing, authentication, risk management, and has a track record of driving security solutions.
- Strong understanding of Cyber Kill Chain, MITRE ATT&CK, Diamond Model of Intrusion Analysis, and Indicators of Compromise (IOCs).
- Experience in developing and deploying security training and awareness campaigns across organizations.
- Strong interpersonal capabilities to effectively liaise with stakeholders ranging from technical teams to senior executives within the organization. Adeptness in understanding, managing, and aligning stakeholder expectations.
- Demonstrated experience in developing and maintaining comprehensive documentation. Strong technical and business writing capabilities.
- Agile responsiveness to evolving project dynamics, ability to pivot strategies based on emerging challenges or changes in project requirements.
- Solid experience in fostering and managing relationships with external vendors and ensuring optimal service levels and performance benchmarks are met.
- Exceptional written and oral communication skills, proficient in translating intricate technical details into clear, comprehensible insights for stakeholders irrespective of their technical aptitude.
The Senior Cyber Security Specialist is expected to play a pivotal role in the successful execution of a robust cyber security program. Their responsibilities and expectations encompass the following:
- Support the development of a comprehensive cybersecurity program tailored to the organization's specific needs, risk profile, and regulatory requirements.
- Create and maintain cybersecurity policies, procedures, and guidelines that align with industry best practices and standards.
- Conduct regular risk assessments to identify vulnerabilities and threats and establish risk mitigation strategies and incident response plans.
- Ensure that the organization complies with all relevant cybersecurity regulations and standards.
- Support the development and delivery of cybersecurity training and awareness programs to educate employees on best practices.
- Establish and manage an effective incident response plan, including incident detection, containment, recovery, and post-incident analysis.
- Research and recommend cybersecurity tools, technologies, and solutions to enhance the security posture of the organization.
- Oversee third-party vendors and service providers to ensure their security measures align with the organization's standards.
- Coordinate and conduct regular security audits and assessments to evaluate the effectiveness of the cybersecurity program.
- Generate regular reports and documentation on the cybersecurity program's status, risks, and compliance.
- Defines, evaluates, and assesses security architecture requirements for system environments and IT projects.
- Ensures the incorporation of IT security and contingency measures in the development of systems.
- Support security projects and tasks within the agency as assigned.
- Review of SOC 2 Type 2 documentation and writing recommendations for enhancements based on the report findings.
- Educational Background: A bachelor's degree in Information Technology, Computer Science, or related disciplines.
- Relevant professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Systems Security Certified Practitioner (SSCP), CompTIA Security+, GIAC Certifications