Job Description :

RQ01244 - Security Specialist Senior

Toronto, ON

Start Date

2021-05-03

End Date

2022-03-31

Rate: CAD $ 720/Day

Assignment Type: Hybrid

Security Level: CRJMC

# Business Days: 230.00

Description

Shortlisting Date: Tuesday, March 30th at 2:00 pm EST

Maximum number of Candidate Submissions: 1 (One)

Must Haves:

  • 7+ years of broad and progressive information security experience
  • 2+ years of information security experience working with Cloud platforms (e.g. Azure, AWS)
  • Professional security certification from ISC2 (CISSP) or equivalent is required

Nice to Have:

  • Experience within healthcare industry would be an asset

The purpose of this request is to acquire security expertise to support our FY 2021/22 initiatives.

Must-haves:

- 7+ years of broad and progressive information security experience

- 2+ years of information security experience working with Cloud platforms (e.g. Azure, AWS)

- Professional security certification from ISC2 (CISSP) or equivalent is required

Assets:

  • Experience within healthcare industry would be an asset

Note:

Assignment Type: This position is currently WFH due to COVID-19 related WFH direction. Once OH staff are required to return to the office, the resource under this request will be required to work onsite as well.

Background:

To effectively manage the current COVID-19 outbreak in Ontario, the Ministry of Health continue to invest into the Ontario Health Data Platform (OHDP) that was established last summer of 2020. Its objective is to integrate critical data assets in a privacy protected way for authorized Artificial Intelligence and Machine Learning researchers to generate insights for the current outbreak, and to support longer-term initiatives. Ontario Health (OH) has been critical partner to the Ministry of Health Digital Health Branch to operationalize the data pipeline including collection, data de-identification and disclosure to support this platform by leveraging the Analytics Data Hub (ADH).

As a key member of the OH Enterprise Information Security team, you will already have extensive experience in information security that allows you to partner with all levels of the organization to ensure consistent and effective security risk management practices. This will be accomplished by being a primary security support and key IT risk advisor to our various lines of business.

Our key initiatives for FY 21/22 include migrating several of our products into the cloud. Your role will be to lead and provide the necessary security services in support of this and other initiatives. You will be supporting by conducting security assessments; providing oversight of initiative compliance with security standards, policies and procedures; providing subject matter expertise for the project team; supporting requirements and security architecture reviews.

Deliverables include, but are not limited to:

Assessments

o Security Threat and Risk Assessment activities, including reviews and assessments using industry standard methodologies

o Technical vulnerability assessments

o Pen-testing

o Other assessments as required

Consulting

o Consult with project teams and business units to provide security design, security controls, risk identification, and recommendations for mitigation strategies

o Conduct requirements review and providing security requirements to support initiatives

o Provide expert level guidance and advice to product, programs and other stakeholders including senior management

o Conduct security architecture reviews

o Support Incident Response Team with security investigations as required

o Support the development of the organization's security program, including policy and procedure reviews, process developments and establishing best practices

o Assess the security posture of the organization's 3rd party engagements and outsourcing initiatives including procurement support (RFP, RFS), review of supplier security policies, controls, and onsite inspections when required

o Support IT operational processes by identifying potential security concerns and solutions

o Stay abreast of new technology trends, information security risks, and standards in support of helping to shape strategic technical direction and standards for the organization.

o Support the security team in establishing information security metrics, gathering data, and preparing reports

Responsibilities:

Ensures the incorporation of IT security and contingency measures in the development of systems.

Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of privacy issues; and appropriate industry and international security standards.

General Skills:

Knowledge of techniques to secure information assets and the planning, design, and implementation of security technologies

Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses

Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act, PHIPPA) in order to identify and assess areas of concern and risk

Solid knowledge of current security and contingency technology and techniques (e.g. digital signature, encryption, access controls, fire-walls, authentication, virus protection, etc.); and a proven working knowledge of security audit procedures and protocols

Experience in establishing secure environments at a network, operating system or application level

Experience with implementing security on complex and distributed systems.

Awareness of emerging IT trends and directions, especially as related to security

Excellent analytical, problem-solving, and decision-making skills; written and verbal communication skills; interpersonal and negotiation skills

A team player with a track record for meeting deadlines, managing competing priorities and client relationship management experience

Desirable Skills:

Experience within healthcare industry would be an asset

Experience in Threat Risk Assessment methods

Experience in business recovery and disaster recovery planning.

Experience in performing threat and risk assessment.

Experience in security design as part of systems development projects.

Experience in vulnerability analysis and penetration testing.

Experience in security policy development.

Experience in developing and delivering security education.

Knowledge and understanding of Information Management principles, concepts, policies and practices

Skills

Experience and Skill Set Requirements