This role is responsible to provide advisory subject matter expertise, offer solutions, strategies and recommend ways to ensure all program policies and procedures related to Cyber Security and Information Risk Management within the Corporation are communicated and implemented to meet organizational effectiveness and corporate service standards.
As part of the IT Security and Risk team, the role will be responsible for a broad range of information security work including: supporting Information Security tooling, e.g. (Endpoint Detection Responses (EDR), Threat Hunting, Incident Response Plan, DLP at rest and in transit, vulnerability scanners on Endpoints, Network Devices/Security modules including: IDS/IPS, Malware protection, URL filtering; and O365/Azure Cloud), managing operational support for SIEM, Mail Hygiene, Gateway PAM, Certificate Management/Provisioning, IAM process, providing security assessments on our in-house developed products as well as procured products; participating in enterprise and project risk management activities; researching, defining evaluation criteria and recommending information security controls and procedures; developing information security standards, policies and procedures; establishing information security metrics, gathering data and preparing reports; participating in the information security incident response process; and championing and communicating the future state of COB’s (City of Brampton) cyber security awareness program.
Support projects and security tools by providing governance, and operational delivery of information security services.
Conduct security and threat risk assessments and security evaluations.
Conduct product reviews to identify potential vulnerabilities and risks.
Review IT operational processes, identifying potential security concerns and risks and developing mitigation measures.
Participate in enterprise and project risk management activities.
Proactively conduct IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services).
Consult with the Corporation’s Technology Services teams to research, define evaluation criteria and recommend information security controls and procedures
Participate in the information security incident response process.
Inclusive of the above, the architecture focused role will:
Liaise with the Enterprise Information Architecture team as the source of trusted security expertise for various programs and projects
Develop, evolve and maintain security in balance with user, business, and system goals.
Assist with security reviews for conformance to solution architecture
Collaborate with development services in the development, review, and documentation of detailed security design and re-usable security design patterns
STAFF GUIDANCE AND DIRECTION
Support staff, prioritize and organize daily work direction to meet operational effectiveness.
Coach, mentor and provide guidance as required to meet operational effectiveness.
Participate in recruitment and hiring process as required to meet operational effectiveness.
Provide input into performance review as required.
Serve as a source of trusted information security expertise for various programs and projects. Escalate complex issues to appropriate level.
Liaise with stakeholders in order to understand business needs and recommend solutions to meet operational effectiveness.
Build and maintain a relationship with internal and external stakeholders, departments and team members to achieve common goals and objectives.
COMMUNICATION AND REPORTING
Establish information security metrics, gather data and prepare reports.
Champion and communicate the future state of COB’s cyber security program.
Present and convey complex concepts and conditions to stakeholders; develop reports, proposals and make recommendations to management for effective decision-making.
Keep management informed of activities and initiatives; recommend solutions for effective decision-making.
Develop information security standards, policies and procedures.
Ensure proper documentation standards are adhered to, and standards are kept up to date.
Promote security awareness and good data protection practices to safeguard COB’s information assets.
Help shape strategic technical direction and standards for the organization.
Keep abreast of new technology trends, information security and cyber risks and standards development in order to recommend solutions that improve business processes, service solutions and best practices.
Maintain knowledge of collective agreements, City policies and practices, legislation, regulations and Standard Operating Procedures (SOPs).
Use of effective resource and expense management at all times to meet corporate policies and guidelines.
TEAMWORK AND COOPERATION
Participate on project initiatives as a subject matter expert.
Work well within diverse groups to achieve common goals and objectives that meet operational effectiveness and corporate service standards.
Participate as a member of cross-functional team.
Demonstrate corporate values at all times.
Post-secondary degree or diploma in Information Technology, Computer Science, Engineering, Business or related degree is required.
Professional security and privacy certifications (one of more of the following is preferred):Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA)
Information security specific coursework is an asset.
5+ years of broad and progressive information security experience in an enterprise environment including: security tooling support, program development, security risk and vulnerability analyses, system design and architecture required.
Experience with security testing tools and methodologies in conducting vulnerability and application security assessments
Minimum of 3 years in a senior information security position in a medium to large organization.
3-5 years supervisory experience is an asset; Ability to guide and motivate staff
Practical knowledge of Municipal, Regional, Provincial and Federal Governments and applicable Legislations is an asset
Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards required.
Experience in public cloud environment (MS Azure and AWS is highly preferred) and analyzing existing cloud structures and creating new and enhanced security methods
Request and track mitigations to address cyber threats and lead other incident response coordination and remediation activities according to the incident response process
Knowledge of and experience working with the following IT security solutions: Cloud Access Security Broker, Endpoint Detection and Response, Next Generation Firewall, Privileged Access Management, Identity Access Management, Security Information and Event Management (SIEM), Multi Factor Authentication, Vulnerability Management, Penetration Testing, etc.)
Understanding of and experience with general certificate management processes, public key infrastructure (PKI) and commercial Certificate Authority providers
Demonstrable experience presenting analyses and presentations to both internal and external audiences.
Strong understanding of various information security controls, their strengths and weaknesses, and how best to apply them successfully to mitigate threats.
Broad understanding of Microsoft and Oracle technology stacks across operating system, server, middleware, storage (database), and development.
Exceptional knowledge of application, network, and operating system security, security architectures and the application of privacy and security controls (i.e., authentication, authorization, auditing, encryption).
Strong understanding of Cloud computing concepts, virtualization and software architecture patterns. Microsoft Azure knowledge and experience is highly preferred. Ability to understand and translate strategic, tactical and operational business requirements into effective architectures and designs through the use of new or enhanced technology products and services to support business objectives.
Ability to function with a high level of autonomy in setting objectives based on direction from management.
Collaboration with team in managing expectations and tracking progress.
Ability to develop detailed documentation tailored to specific audiences and purposes.
Exceptional communication skills. Has the ability to interact equally well with experts from multiple disciplines; both technical and non-technical. Listens effectively and articulates complex technology alternatives in ways appropriate for the audience.
Strong Presentation skills; Facilitate and convey concepts in a clear and concise manner
Strong Customer Service and People Management skills; Interface with internal and external stakeholders and resolve issues to meet corporate service standards
Strong Organizational skills; Detail oriented, well organized and able to prioritize complex tasks and meet critical deadlines
Strong Analytical skills for complex problem solving
**Various tests and/or exams may be administered as part of the selection criteria.
As part of the corporation’s Modernizing Job Evaluation project, this position will undergo an evaluation which may result in a change to the rate of compensation. Any changes affecting this position will be communicated as information becomes available.
If this opportunity matches your interest and experience, please apply online at: www.brampton.ca/employment quoting reference #103696 by August 10,2020 and complete the attached questionnaire. We thank all applicants; however, only those selected for an interview will be contacted. The successful candidate(s) will be required, as a condition of employment, to execute a written employment agreement. A criminal record search will be required of the successful candidate to verify the absence of a criminal record for which a pardon has not been granted.
Please be advised, the City of Brampton uses email to communicate with their applicants for open job competitions. It is the applicant’s responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time sensitive correspondence via email (i.e. testing bookings, interview dates), it is imperative that applicants check their email regularly. If we do not hear back from applicants, we will assume that you are no longer interested in the Job Competition and your application will be removed from the Competition.