RQ08536 - Security Specialist - Threat Risk Assessment - Senior

If interested, please share your resume at |

RQ08536 - Security Specialist - Threat Risk Assessment - Senior

Ministry of Public and Business Service Delivery (former MGCS)

12 Months

2025-04-01

2026-03-31

7.25 Hrs. / day

Hybrid role - Candidate is required to come to the office 3 days a week and work remotely 2 days.

General Skills :

• Strong understanding and expertise in security architecture, including applying Cyber Security methodologies and tools to define scope, identify critical assets, and facilitate Threat Risk Assessments (TRA) and workshops with business clients.
• Proficient in Harmonized Threat Risk Assessment (HTRA) or equivalent methodology, with the ability to identify and mitigate security threats and vulnerabilities.
• Knowledge of security legislation and corporate directives, such as the Freedom of Information and Protection of Privacy Act, to assess risks and compliance issues.
• Solid knowledge of current security technologies like digital signatures, encryption, firewalls, and virus protection, along with experience in security audits.
• Experience in developing secure environments at various levels, including network, OS, and application, and implementing security measures on complex systems.
• Ability to analyze security and provide actionable recommendations, including security requirements for procurement.
• Skill in assessing Information Security Risks, Business Continuity Planning (BCP), and Business Impact Analysis (BIA) across different environments.
• Awareness of emerging IT security trends and strong communication, problem-solving, and negotiation skills.
• Experience in developing enterprise architecture deliverables based on Ontario Government standards.
• Knowledge of business and disaster recovery planning, including threat and risk assessments.
• Proficiency in Public Key Infrastructure (PKI) development and operation.
• Expertise in security design, intrusion detection, vulnerability analysis, and penetration testing.
• Experience with mitigation tools for malicious software and network security monitoring.
• Experience in security education and forensic investigations.
• Deep understanding of Information Management principles and threat modeling methodologies.
• Knowledge of risk management frameworks like NIST SP 800-30 and proficiency with cybersecurity tools.
• Familiarity with network, endpoint, and application security, along with relevant laws and standards such as GDPR, HIPAA, ISO 27001.

Cyber Security Architecture - 40%

• Designing secure network architectures, including firewalls, IDS/IPS, VPNs, and cloud security architectures.
• Proficiency in encryption, authentication, access control, and familiarity with security protocols like TLS, SSL, IPsec.
• Understanding of incident response, disaster recovery, and industry best practices (e.g., NIST, CIS Controls).

Executive IT Communication - 20%

• Ability to communicate complex technical information clearly to non-technical executives.
• Proficiency in creating presentations and reports, engaging stakeholders, and building relationships with leadership.