RQ08536 - Security Specialist - Threat Risk Assessment - Senior

Title: RQ08536 - Security Specialist - Threat Risk Assessment - Senior

Client: Ministry of Public and Business Service Delivery (former MGCS)

Period: 12 Months

Start Date: 2025-04-01

End Date: 2026-03-31

Working Hrs.: 7.25 Hrs. / day

Location: 222 Jarvis St. Toronto, ON

Hybrid role: Candidate is required to come in office - 3 days a week/2 days remote

Description:

General Skills:

• Strong understanding and expertise in security architecture: Experience in applying Cyber Security methodology and tools to define scope, critical business processes, and functions, identify critical assets and dependencies in reports (TRA or other security assessments), and facilitate Threat Risk Assessment (TRA) and other workshops with business clients.
• Proficient in Harmonized Threat Risk Assessment (HTRA) or equivalent methodology: Ability to identify and mitigate security threats and weaknesses in the architecture, ensuring the security of information assets and systems.
• Knowledge of security legislation and corporate directives: Understanding of relevant laws such as the Freedom of Information and Protection of Privacy Act to identify and assess risks and compliance issues concerning the security and confidentiality of information.
• Solid knowledge of current security and contingency technologies: Expertise in digital signature, encryption, access controls, firewalls, authentication, virus protection, and a proven working knowledge of security audit procedures and protocols.
• Experience in developing and implementing secure environments: Proven experience in establishing secure environments at the network, operating system, or application level and implementing security measures on complex and distributed systems.
• Experience in conducting in-depth security analysis and providing actionable recommendations: Providing timely recommendations with required sign-offs in security reports (TRA or other assessments), and offering security requirements for procurement documents and evaluations as part of the procurement process.
• Ability to assess Information Security Risk, Business Continuity Planning (BCP), and Business Impact Analysis (BIA): Expertise in assessing technical issues across various environments (e.g., Mainframe, UNIX, Windows) and delivery channels in the Ontario Provincial Government.
• Awareness of emerging IT trends related to security: Keeping up-to-date on advancements in IT security and demonstrating strong analytical, problem-solving, decision-making, written and verbal communication skills, as well as interpersonal, negotiation, and client relationship management expertise.
• Experience in developing enterprise architecture deliverables: Delivering models and architecture processes based on Ontario Government Enterprise Architecture standards and practices.
• Experience in business recovery and disaster recovery planning: Knowledge of creating effective business and disaster recovery plans and performing threat and risk assessments in line with those plans.
• Proficiency in Public Key Infrastructure (PKI) development and operation: Demonstrating expertise in the design and operation of PKI systems to enhance security for organizational infrastructure.
• Security design expertise: Experience in security design for systems development projects, intrusion detection systems, vulnerability analysis, and penetration testing to identify weaknesses and secure systems effectively.
• Experience in mitigation tools for malicious software: Familiar with and capable of deploying tools for mitigating malicious software and ensuring system integrity.
• Proficiency in network monitoring and security policy development: Experienced in monitoring networks for security threats and contributing to the creation and implementation of security policies.
• Experience in delivering security education and forensic investigations: Experience in developing and delivering security training, along with performing forensic investigations into security incidents.
• In-depth knowledge of Information Management principles: Understanding of IM principles, concepts, policies, and practices, and applying them to ensure data security and privacy across organizational processes.

Cyber Risk Assessment - 40%:

• Understanding of threat modeling and risk assessment methodologies.
• Ability to identify vulnerabilities and potential impacts on organizational assets.
• Knowledge of risk management frameworks like NIST SP 800-30.
• Proficiency in using cybersecurity tools and software for vulnerability scanning and risk analysis.
• Familiarity with network security, endpoint security, and application security.
• Aware of relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001).
• Ability to ensure that risk assessments align with regulatory requirements.

Cyber Security Architecture - 40%:

• Expertise in designing secure network architectures, including firewalls, IDS/IPS, and VPNs.
• Knowledge of cloud security architectures and best practices.
• Proficiency in security technologies such as encryption, authentication, and access control.
• Familiarity with security protocols and standards (e.g., TLS, SSL, IPsec).
• Knowledge of incident response and disaster recovery planning.
• Understanding of industry best practices and frameworks (e.g., NIST, CIS Controls).
• Ability to ensure architectural designs comply with regulatory requirements.

Executive IT Communication - 20%:

• Ability to present complex technical information in a clear and concise manner to non-technical executives.
• Proficiency in creating impactful presentations and reports.
• Skills in engaging with stakeholders to understand their concerns and requirements.
• Ability to build strong relationships with executive leadership and board members.