The Community Services I&IT cluster (CSC) of the Ontario Public Service serves the Colleges, and Universities (MCU), Education (EDU), Municipal Affairs and Housing (MMAH), and Heritage, Sport, Tourism, and Culture Industries (MHSTCI) Ministries. The Data Collection and Decision Support branch (DDSB) within CSC provides data collection and analytic service to all four client ministries. DDSB supports the ministries by providing information management tools that help enable public policy decision making, business and strategic planning, and program support and improvement.
DDSB Application Operations requires a Level 3 Security Specialist who can assist the branch with its security posture. This role will focus on the development of an incident response plan and processes to identify, protect, detect, respond and recover (i.e., NIST Framework) from security incidents. Under the direction of the Manager of Application Operations, the Security Specialist will participate in the review and prioritization of vulnerabilities for remediation, disaster recovery planning from a security perspective, and leading incident response planning.
The assignment entails working with managers, QA Analysts, application administrators, business analysts, and subject matter experts within the Community Services I&IT Cluster throughout the period of the contract.
This role will be providing security solutions to an application operations team. This team has some projects but a lot of work is application support and infrastructure support and cyber security solutions. Looking for Someone that can develop some incident response plans. Deeply knowledgeable with respect to cyber security and how organizations plan to deal with cyber threats and incidents. Familiar with the faster recovery planning and penetration testing. Familiar with security testing of applications, code testing, website testing.
This role will be a part time and remote role- looking for a part time resource - hours based on activity levels. Evenings/weekends are acceptable with some availability for meetings during the day. A resource that is currently completing another contract and would like to supplement their income is welcome. Actual hours to be worked is flexible and to be determined during interview process.
Demonstrated experience developing Incident Response Plans and IR Playbooks for medium to large size organizations for multiple scenarios
Demonstrated experience with DR Planning from a Security perspective
Demonstrated experience working in / for / with a SOC
Demonstrated experience with the prioritization of measures to remediate vulnerabilities
Demonstrated experience participating in / leading penetration tests and remediating
vulnerabilities identified in those tests.
Demonstrated experience working with organizations to ensure their processes and
procedures are compliant with organizational policies
Demonstrated experience drafting team-level policy and processes related to security.
Deeply familiar with NIST, SANS and other IR frameworks
Knowledgeable with multiple jurisdictions including Canada in terms of privacy regulations
Technical knowledge with respect to infrastructure and networks as it relates to application
Knowledge of Incident Response Plans and IR Playbooks
Knowledge of Disaster Recovery Planning from a Security perspective
Knowledge of the functions and processes within a Security Operations Centre (SOC)
Knowledge of penetration testing theory and associated remediation of vulnerabilities