22-043- Senior Cyber Security Consultant
Number of Vacancies: 1
Duration: 12 months
Location: Toronto (700 University) with flexible remote services available (Ex: up to 4 days per week remote)
Hours: up to 35 hours per week
- Provide security advisory and consulting services to key stakeholders for procuring and implementing technology solutions and/or services.
- Work with various stakeholders and project teams to ensure the effective implementation of security architecture, policy and standard requirements to mitigate security risk.
- Provide cost effective and efficient risk treatment strategies.
- Exercise a good understanding of risk-based approaches, balancing business needs against potential security risks.
- Develop security practices and procedures such as Threat Risk Assessments (TRA), to sustain the continuous assessment of changes to the Ontario Power Generation (OPG) business and technical environment, and evidence associated with the performance of security assessments. Perform thorough TRA's on Applications, Systems and Cloud services.
- Review and approve technical changes, and support the Chief Information Officer (CIO) functions as the Security Subject Matter Expert in this regard.
- Act as the cybersecurity single point of contact (SPOC) for projects initiated by the Office of the Chief Information Security Officer to provide security requirements, direction and make decisions, as required.
- Contribute creative solutions to technical and process challenges.
- Keep abreast of external threats, technology and business changes.
- Build and maintain key stakeholder relationships.
- Educate stakeholders on complex cybersecurity issues to obtain alignment and improve general awareness.
- Perform other duties as required.
- Must hold a CISSP Certification
- Completion of 4 years of University in an appropriate field such as computer science plus 1 year of further concentrated study in cybersecurity programs. (asset)
- Bachelor of Information Technology or Engineering (asset)
- Requires an advanced knowledge of computer sciences and cybersecurity, including in-depth understanding of security best practices, risks and technologies, and the solutions to address those risks.
- Requires knowledge gained through security training organizations, such as Information Systems Security Certification Consortium (ISC2), SysAdmin Audit Network and Security (SANS), and Information Systems Audit & Control Association (ISACA), to provide sound advice and consultation on security technology and services matters to stakeholders, and to ensure that changes to existing or new technology solutions and services continue to meet OPG security requirements.
- Requires practical security experience engaged in analysis and problem solving to provide effective consulting services to stakeholders.
- Requires experience to understand security threats, risks and possible solutions to counter them.
- Require experience to stay current on changes regarding security threats and best practices to contribute to sound implementation approaches and results with respect to technologies and services.
- A period of over 4 years and up to and including 6 years of cyber security is considered necessary to gain this experience.
- Experience with Microsoft Cloud & Microsoft Security
- Requires a good knowledge of communications, both oral and written, to communicate effectively with others.