Advisor, IT Security and Risk

Job Description

 

JOB TITLE: Advisor, IT Security and Risk

DEPARTMENT:  Corporate Support Services

POSTING NUMBER:  106500

NUMBER OF POSITIONS:  1

JOB STATUS & DURATION:  Full Time Permanent

HOURS OF WORK:  35-hour workweek

LOCATION:  Hybrid Model*– when working onsite, you will report to the location of West Tower.

SALARY GRADE:  6

HIRING SALARY RANGE:  $97,593.00 - $109,792.00 per annum

MAXIMUM OF SALARY RANGE:  $121,991.00 per annum

JOB TYPE:  Management and Administration

POSTING DATE:  January 06, 2025

CLOSING DATE:  January 17, 2025

 

AREA OF RESPONSIBILITY:

This role is responsible to provide advisory subject matter expertise, offer solutions, strategies and recommend ways to ensure all program policies and procedures related to Cyber Security and Information Risk Management within the Corporation are communicated and implemented to meet organizational effectiveness and corporate service standards.

 

As part of a small IT Security and Risk team, the role will be responsible for a broad range of information security work including: Supporting Information Security tooling, e.g. IDS/IPS, AntiVirus, Malware Detection Responses, URL Filtering, Threat Hunting, DLP, on Endpoints, Network Devices, and 0365/Azure Cloud.  Managing operational support for Mail Gateway, AD PAM, Certificate Management/Provisioning, IAM Onboarding process.  Providing security assessments on our in-house developed products as well as procured products; participating in enterprise and project risk management activities; researching, defining evaluation criteria and recommending information security controls and procedures; developing information security standards, policies and procedures; establishing information security metrics, gathering data and preparing reports; participating in the information security incident response process; and championing and communicating the future state of COB’s (City of Brampton) cyber security awareness program. 

 

KEY RESPONSIBILITIES

OPERATION SUPPORT

• Support projects and security tools by providing governance, and operational delivery of information security services.
• Conduct security and threat risk assessments and security evaluations.
• Conduct product reviews to identify potential vulnerabilities and risks.
• Review IT operational processes, identifying potential security concerns and risks and developing mitigation measures.
• Participate in enterprise and project risk management activities.
• Proactively conduct IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services).
• Consult with the Corporation’s Technology Services teams to research, define evaluation criteria and recommend information security controls and procedures
• Participate in the information security incident response process.
• Inclusive of the above, the architecture focused role will:
• Liaise with the Enterprise Information Architecture team as the source of trusted security expertise for various programs and projects
• Develop, evolve and maintain security in balance with user, business, and system goals.
• Assist with security reviews for conformance to solution architecture
• Collaborate with development services in the development, review, and documentation of detailed security design and re-usable security design patterns

 

STAFF GUIDANCE AND DIRECTION

• Support staff, prioritize and organize daily work direction to meet operational effectiveness.
• Coach, mentor and provide guidance as required to meet operational effectiveness.
• Participate in recruitment and hiring process as required to meet operational effectiveness.
• Provide input into performance review as required.

CUSTOMER SERVICE

• Serve as a source of trusted information security expertise for various programs and projects.
• Escalate complex issues to appropriate level.
• Liaise with stakeholders in order to understand business needs and recommend solutions to meet operational effectiveness.
• Build and maintain a relationship with internal and external stakeholders, departments and team members to achieve common goals and objectives.

COMMUNICATION AND REPORTING

• Establish information security metrics, gather data and prepare reports.
• Champion and communicate the future state of COB’s cyber security program.
• Present and convey complex concepts and conditions to stakeholders; develop reports, proposals and make recommendations to management for effective decision-making.
• Keep management informed of activities and initiatives; recommend solutions for effective decision-making.

CORPORATE CONTRIBUTION

• Develop information security standards, policies and procedures.
• Ensure proper documentation standards are adhered to, and standards are kept up to date.
• Promote security awareness and good data protection practices to safeguard COB’s information assets.
• Help shape strategic technical direction and standards for the organization.
• Keep abreast of new technology trends, information security and cyber risks and standards development in order to recommend solutions that improve business processes, service solutions and best practices.
• Maintain knowledge of collective agreements, City policies and practices, legislation, regulations and Standard Operating Procedures (SOPs).

BUDGET SUPPORT

• Use of effective resource and expense management at all times to meet corporate policies and guidelines.

TEAMWORK AND COOPERATION

• Participate on project initiatives as a subject matter expert.
• Work well within diverse groups to achieve common goals and objectives that meet operational effectiveness and corporate service standards.
• Participate as a member of cross-functional team.
• Demonstrate corporate values at all times. 

 

SELECTION CRITERIA: 

 

EDUCATION:

• Post-secondary degree or diploma in Information Technology, Computer Science, Engineering, Business or related degree is required.
• Professional security and privacy certifications (one of more of the following is preferred):Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA)
• Information security specific coursework is an asset.

 EXPERIENCE:

• 7+ years of broad and progressive information security experience in an enterprise environment including: security tooling support, program development, security risk and vulnerability analyses, system design and architecture required.
• Minimum of 3 years in a senior information security position in a medium to large organization.
• 3-5 years supervisory experience is an asset; Ability to guide and motivate staff

 OTHER SKILLS AND ASSETS:

• Practical knowledge of Municipal, Regional, Provincial and Federal Governments and applicable Legislations is an asset
• Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards required.
• Experience in public cloud environment (MS Azure and AWS is highly preferred) and analyzing existing cloud structures and creating new and enhanced security methods.
• Knowledge of and experience working with the following IT security solutions: Cloud Access Security Broker, Endpoint Detection and Response, Next Generation Firewall, Privileged Access Management, Identity Access Management, Security Information and Event Management (SIEM), Multi Factor Authentication, Vulnerability Management, Penetration Testing, etc.)
• Understanding of and experience with general certificate management processes, public key infrastructure (PKI) and commercial Certificate Authority providers
• Demonstrable experience presenting analyses and presentations to both internal and external audiences.
• Strong understanding of various information security controls, their strengths and weaknesses, and how best to apply them successfully to mitigate threats.
• Broad understanding of Microsoft and Oracle technology stacks across operating system, server, middleware, storage (database), and development.
• Exceptional knowledge of application, network, and operating system security, security architectures and the application of privacy and security controls (i.e., authentication, authorization, auditing, encryption).
• Strong understanding of Cloud computing concepts, virtualization and software architecture patterns. Microsoft Azure knowledge and experience is highly preferred.Ability to understand and translate strategic, tactical and operational business requirements into effective architectures and designs through the use of new or enhanced technology products and services to support business objectives.
• Ability to function with a high level of autonomy in setting objectives based on direction from management.
• Collaboration with team in managing expectations and tracking progress.
• Ability to develop detailed documentation tailored to specific audiences and purposes.
• Exceptional communication skills. Has the ability to interact equally well with experts from multiple disciplines; both technical and non-technical. Listens effectively and articulates complex technology alternatives in ways appropriate for the audience.
• Strong Presentation skills; Facilitate and convey concepts in a clear and concise manner
• Strong Customer Service and People Management skills; Interface with internal and external stakeholders and resolve issues to meet corporate service standards
• Strong Organizational skills; Detail oriented, well organized and able to prioritize complex tasks and meet critical deadlines
• Strong Analytical skills for complex problem solving

 

**Various tests and/or exams may be administered as part of the selection criteria.

 

Interview:  Our recruitment process may be completed with video conference technology.

 

As part of the corporation’s Modernizing Job Evaluation project, this position will undergo an evaluation which may result in a change to the rate of compensation.  Any changes affecting this position will be communicated as information becomes available. *Our Hybrid Model is subject to change.  

 

If this opportunity matches your interest and experience, please apply online quoting reference #106500 by January 17, 2025 and complete the attached questionnaire. We thank all applicants; however, only those selected for an interview will be contacted. The successful candidate(s) will be required, as a condition of employment, to execute a written employment agreement. A criminal record search will be required of the successful candidate to verify the absence of a criminal record for which a pardon has not been granted.

 

As part of the application process, applicants will be invited to complete a self-identification survey. The survey is voluntary. Participation in the survey will have no impact on hiring decisions.  Should you wish to opt out of completing the survey, please select “prefer not to answer” as a response to each question.  All information collected is confidential and will not be shared with the hiring manager. The surveys will be anonymized and will be kept separate from applicant or employee files, such that the individuals who completed the surveys will not be identifiable.  The results of the survey will assist in the analysis of disaggregated metrics for organizational planning purposes and our commitment to advance and foster diversity, equity, and inclusion. The City may use anonymized data to produce aggregate reports for internal or external use.

 

Please be advised, the City of Brampton uses email to communicate with their applicants for open job competitions. It is the applicant’s responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time sensitive correspondence via email (i.e. testing bookings, interview dates), it is imperative that applicants check their email regularly. If we do not hear back from applicants, we will assume that you are no longer interested in the Job Competition and your application will be removed from the Competition. #LI-Hybrid

 

                 If you would like to request content in an alternate format, please contact the Accessibility office by submitting a new Alternate Format Request.