RQ08536 - Security Specialist - Threat Risk Assessment - Senior

Title : RQ08536 - Security Specialist - Threat Risk Assessment - Senior

Client : Ministry of Public and Business Service Delivery (former MGCS)

Period : 12 Months

Start Date : 2025-04-01

End Date : 2026-03-31

Working Hrs. : 7.25 Hrs. / day

Hybrid role : Candidate is required to come to the office 3 days a week / 2 days remote

Description :

• Strong understanding and expertise in security architecture, including applying Cyber Security methodologies and tools to define scope, identify critical assets, and facilitate Threat Risk Assessments (TRA) and workshops with business clients.
• Proficient in Harmonized Threat Risk Assessment (HTRA) or equivalent methodologies, with the ability to identify and mitigate security threats and weaknesses.
• Knowledge of security legislation and directives, such as the Freedom of Information and Protection of Privacy Act, to assess risks and compliance issues.
• Solid knowledge of current security technologies, including digital signatures, encryption, firewalls, access controls, and virus protection, along with security audit procedures.
• Experience in developing and implementing secure environments at various levels and on complex systems.
• Ability to analyze security and provide actionable recommendations, including security requirements for procurement processes.
• Skills in assessing Information Security Risks, Business Continuity Planning (BCP), and Business Impact Analysis (BIA), across diverse environments.
• Awareness of emerging IT security trends, with strong analytical and communication skills.
• Experience in developing enterprise architecture deliverables based on Ontario Government standards.
• Knowledge of business and disaster recovery planning, including threat and risk assessments.
• Proficiency in Public Key Infrastructure (PKI) development and operations.
• Security design expertise, including intrusion detection, vulnerability analysis, and penetration testing.
• Experience with mitigation tools for malicious software and network security monitoring.
• Experience in security education, forensic investigations, and applying Information Management principles.
• Understanding of threat modeling, risk assessment methodologies, and compliance with standards like NIST SP 800-30.
• Proficiency with cybersecurity tools for vulnerability scanning and risk analysis, and familiarity with relevant laws and standards such as GDPR, HIPAA, and ISO 27001.

• Designing secure network architectures, including firewalls, IDS/IPS, and VPNs.
• Knowledge of cloud security architectures and best practices.
• Proficiency in encryption, authentication, and access control technologies.
• Familiarity with security protocols (TLS, SSL, IPsec).
• Understanding of incident response and disaster recovery planning.
• Knowledge of industry frameworks (NIST, CIS Controls) and ensuring compliance.

• Ability to communicate complex technical information clearly to non-technical executives.
• Creating impactful presentations and reports.
• Engaging stakeholders to understand their concerns and requirements.
• Building strong relationships with leadership and board members.