Senior Specialist Ba Resilience (Cloud Security Assessment)

• Job ID: 54159
• Job Category: Information & Technology
• Division & Section: Office of the CISO, Cyber Operations
• Work Location: , 55 John Street, Toronto (Hybrid Work)
• Job Type & Duration: Full-time, Permanent 
• Salary: $122,305.00 -$163,639.00, PSG #TM5099 and wage grade 8.
• Shift Information: Monday to Friday, 35 hours per week per week
• Affiliation: Non-Union
• Number of Positions Open: 1 
• Posting Period: 28-FEB-2025 to 7-MAR-2025
•  

The Senior Specialist, Cloud Security Assessment will be responsible for supporting the Chief Information Security Officer (CISO) in executing the City’s cyber vision, strategy, and goals. The primary focus will be on advising and delivering technical expertise related to cloud security initiatives across the City’s divisions, agencies, and corporations.

The Senior Specialist role involves developing, implementing, and continuously improving cloud security measures while engaging with teams to enhance the cybersecurity posture of cloud environments. The Senior Specialist will provide high-level guidance, subject matter expertise, and operational support within the Cyber Architecture and Application area, ensuring the cloud infrastructure remains secure and compliant with best practices and regulatory requirements.

The successful candidate will assist in the secure design, implementation, and management of cloud security solutions, ensuring the protection of critical data and systems. They will conduct security assessments, threat modeling, and architecture reviews to identify gaps and recommend solutions. Additionally, they will lead research, design, planning, and execution of security initiatives while staying informed on emerging threats. Collaboration with cross-functional teams will be key to ensuring secure adoption of cloud services and identifying areas for improvement.

The Senior Specialist will develop, document, and enforce cloud security policies, standards, and guidelines, ensuring alignment with industry best practices and regulatory requirements. They will work with technology teams to implement robust security controls, safeguard against vulnerabilities, and promote best practices in cloud security, network security, and data protection through training and mentorship. By aligning business and technical teams, they will ensure seamless execution of security programs.

As a subject matter expert, the Senior Specialist will provide strategic advice on cybersecurity risks, develop security strategies, and evaluate emerging technologies. They will lead the selection and recommendation of security solutions, ensuring the adoption of best-in-class technologies and methodologies. Additionally, they will oversee project staff and contract resources, ensuring effective teamwork, high-quality work, and continuous learning while managing daily operations such as scheduling, performance evaluations, and fostering innovation.

To manage cybersecurity risks effectively, the Senior Specialist will identify exposures, conduct risk assessments, and implement mitigation measures. They will proactively resolve cyber risk issues, escalate significant threats when necessary, and collaborate with multidisciplinary teams to execute project plans. Additionally, they will oversee cyber risk activities to ensure compliance with security policies, directives, and standards.

Handling confidential cybersecurity information, the Senior Specialist will prepare reports and recommendations on business process improvements, training initiatives, and service standards. They will assist in the implementation and maintenance of security tools to assess infrastructure vulnerabilities and collaborate with senior management to address active cyber threats and develop mitigation strategies.

Strong relationship management will be essential, as the Senior Specialist will engage with internal and external stakeholders, including strategic partners, to advance cybersecurity initiatives. They will participate in executive meetings to assess security posture and oversee the preparation of formal contractual documents such as Requests for Information, Proposals, and Service Level Agreements. Ensuring accurate reporting of key risk metrics, they will maintain alignment with the organization’s cyber risk appetite.

Finally, the Senior Specialist will remain current on cybersecurity threats, trends, and technologies, ensuring a proactive security approach. They will develop transformation strategies focused on security, integrating and managing technology systems to enhance operational efficiency. Through clear communication with stakeholders, clients, and project teams, they will ensure informed decision-making and alignment with both business and security objectives.

What you bring to the role

• Post-secondary degree in Business, Technology or related discipline or an equivalent combination of education and related experience.
• Extensive experience in cloud security assessments, threat modeling, and cloud architecture reviews.
• Extensive experience with serverless, container hosting and orchestration services.
• Considerable hands-on implementation experience with cloud data platforms.

• Considerable experience applying effective security practices in a large, complex environment and awareness of general security-related training requirements within this environment.
• Experience leading a team (internal or external resources) with strong interpersonal skills to work independently and collaboratively with others in a multidisciplinary team setting.
• Preferred Certifications (at least two in the list):  CISSP, CCSP, CCSK, TOGAF, ISO 27001 LA, or CRISC.
• Strong understanding of cloud security frameworks, industry standards, and regulatory requirements (NIST, CSA CCM, CIS, ISO 27001, etc.).
• In-depth knowledge of cloud platforms, security solutions, and services (AWS, Azure, Google Cloud, etc.).
• Solid understanding of Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Security Posture Management (CSPM), Cloud Native Application Protection Platform (CNAPP) and Cloud Workload Protection Platform (CWPP) tools; knowledge of cloud security frameworks, standards and best practices; and working with cloud IAM and IaaS, PaaS and SaaS native security capabilities.
• Excellent written & verbal communication skills with the ability to communicate effectively at all levels including leadership, business partners, project stakeholders, divisional teams and vendors), translating technical details into easily understood language.
• Ability to assess communications gaps and opportunities and to develop new content strategies that deliver on business objectives.
• Creative, critical, analytical and strategic thinker with the ability to problem, solve and identify solutions to unusual and complex problems.
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Ability to prioritize and effectively manage competing priorities, projects and initiatives while adhering to strict deadlines within a fast paced environment.
• Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
• Self-motivated with desire to go above and beyond required tasks and ability to work extremely well under pressure while maintaining a high level of professionalism
• Transferable skills, including communication and decision-making, are equally important. Being able to think on your feet and show good judgment are especially valuable in this field. Professionals in cyber security must be able to react quicky and strategically to cyber-related incidents.

Notes:

• A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.         
• The successful candidate will be subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

Accommodation

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.