The position will be responsible for consulting with and providing Security Subject Matter Expertise to projects and project management for all information security aspects of the project life cycle. The position will require excellent people skills to consult with multiple lines of business across, and across all levels of the organization.
As a Cyber Security consultant, the successful candidate will:
- Join a diverse team of experienced Cyber Security practitioners, and act as a subject matter expert for Information Security with the Lines of Business (LOB)
- Focus on security risk management and information security governance as it relates to Information Technology (IT) and Operations Technology (OT) systems
- Translate technical cyber & information security requirements into business actions.
- Preserve and apply the security governance framework (based on the National Institute of Science and Technology (NIST) Cyber Security Framework) for the LOBs.
- Work with different, potentially conflicting requirements (legal, regulatory, industry standards, security strategy) to identify realistic security requirements supporting the business strategy
- Conduct research to maintain and expand knowledge on the latest cyber security technologies and standards, as well as the threat and vulnerability landscape for Industrial Control Systems (ICS) in general, and the Electrical sector in Ontario
- Work as a member of the project team, and perform the following duties:
- Translating technical risks into business risks, and aligning information security objectives with business objectives
- Procuring, coordinating, presenting and providing follow up on security penetration testing and Threat Risk Assessments (TRAs)
- Providing interpretation for the security policies, security code of practise, and standards
- Leads and mentors other team members as required
- Provide information security consulting to the internal LOBs. This includes security architecture review and administering the information security framework throughout projects and change requests. The successful candidate will be required to:
- Participate in Business and IT initiated projects;
- Attend project reviews as required, including assessment of Project Orders, RFP’s, Business Cases and Service Requirement Documents (SRD’s);
- Ensure security requirements for the project are defined and captured;
- Provide security architecture expertise to the project;
- Catalogue and measure all security risks with the project, including those created within the proposed solution and those generated through project activities;
- Review and recommend approval for proposed technology solution; and
- Review and recommend approval for sustainment adjustments as a result of remedial actions for risk reduction.
- Support the Manager, Cybersecurity Governance and Consulting in effectively designing and developing strategies consistent with Hydro One positions related to standards and compliance requirements.
- Provide information security consulting for change requests, sustainment and projects.
This position requires a minimum of 5 years of experience providing security consulting services to projects. The successful candidate's skills include:
- Understanding the role of the security governance team within the organization
- Demonstrating expert knowledge and ability, and can apply the competency in the most complex situations
- Developing new approaches, methods or policies in the area
- Leading the guidance of other professionals
- Experience working with various systems development lifecycles
- Applying security in all phases of the system development lifecycle
- Ability to be a member of the team, working with a project manager and the architects
- Ability to quickly learn the security standards and provide guidance when identifying areas of non-compliance
- Working with the LOBs to understand their business objectives
- Excellent written and verbal communications, and presentation skills
- Knowledge of Microsoft Work, Outlook, PowerPoint and Excel
- Knowledge of IT security frameworks, principles, methods, policies, practices and tools:
- Information Protection / IT security principles, threat and risk assessment methodology, practices, procedures and tools (e.g., government privacy and security-related legislation and policies, biometric and cryptographic principles, firewalls, intrusion logs, encryption and digital [numeric] signature);
- Theories, processes, and methodologies involved in developing, implementing, monitoring and reporting IT security planning frameworks, policies, measures, counter-measures and monitoring programs, procedures, and guidelines;
- Management tools, such as data classification and risk assessment / analysis to identify threats, classify assets and to rate system vulnerabilities;
- IT software and hardware security requirements;
- Preparation and conduction of Security Impact/Sensitivity Assessment, Data Classification, Threat Risk Assessments ('TRA'), Vulnerability Assessments ('VA');
- Accreditation procedures, policies, and practices;
- Security certification procedures;
- Security hardware and software;
- Security Code of Practise, IT standards and policies regarding the development and support of infrastructure systems and networks, including security policies and operational standards.
The following skills are also desirable
- Experience with security of IT and OT networks
- Knowledge of NERC CIP, and the NIST Cybersecurity Framework
- Certification: CISSP, CISA or CISM
This role does not have "on-call" responsibilities.
The successful candidate would work from Toronto / Barrie location(s), with some occasional travel to Markham.
We would like to thank you personally for applying to Step by Step Professional Services Inc. Please note that we will review your application and only those candidates selected for further consideration will be contacted directly. However, we will retain your application on file and would be pleased to contact you if further opportunities arise.