Competition Number: 2024-018
Functional Area: Supply Chain Operations
Location: 200 Front Street W, Toronto Ontario
Job Term: Permanent full-time
Hours of Work: 36.25 hours per week
Bargaining Unit: AMAPCEO
Job Code: AMAPCEO 7
Salary Range: $88,496 – $128,625 per year
Posting Status: Open
Posting Date: September 23, 2024
As a Cyber Security Architect on our team, you will support the continuous improvement of Supply Ontario’s Cyber Security Program to fortify the organization’s digital defenses, safeguard sensitive data, and ensure continuity of operations in the face of evolving cyber risk. Key objectives include bolstering proactive and reactive controls to preserve the Confidentiality, Integrity, and Availability (CIA) of information assets. You will maintain a comprehensive program encompassing various security domains such as Cyber Risk Management, Cyber Policy, Security Compliance, Incident Response, Threat Intelligence, and Security Training and Awareness.
Other key responsibilities include:
- Lead the development of a comprehensive cyber security program tailored to the organization’s specific needs, risk profile, and regulatory requirements.
- Develop and execute comprehensive cyber risk management strategies to identify, assess, and mitigate potential security threats and vulnerabilities.
- Conduct regular risk assessments to evaluate the impact & likelihood of cyber risks and recommend appropriate controls and safeguards.
- Contribute to the development of practices and processes related to cyber operations, threat intelligence, enhancing security monitoring and incident response.
- Develop and implement advance strategies and protocols to improve the effectiveness of incident response operations.
- Create, implement, and maintain comprehensive cyber security policies and procedures to safeguard organizational assets and data.
- Oversee the implementation and maintenance of security compliance measures to meet industry regulations and organizational standards.
- Develop, implement, and manage Identity and Access Management (IAM) systems and policies to ensure secure and efficient access control.
- Lead the development and delivery of cyber security training and awareness programs to educate employees on best practices.
- Identify needs and helps create internal training programs to maintain high cyber security standards.
- Lead and provide expertise in cyber operations, including detecting malicious behaviors and tracking cyber threats.
- Collect and analyze diverse threat data to develop actionable intelligence and forecast potential cyber security issues.
- Assess and recommend advanced cyber tools and techniques to enhance team capabilities.
- Offer cyber security expertise to cross-functional teams and external entities to support security by design principles and practices.
- Prepare and present strategic security KPI’s and intelligence briefings for senior management.
- Lead research to identify cyber tactics, techniques, and procedures analyzing multi-source information.
- Uses qualitative and quantitative data to research and support cyber security products and strategies that support in management decision-making.
- Develops and maintains relationships with external security entities, government agencies, and law enforcement to support information sharing and collaboration.
- Work with supporting infrastructure providers to share actionable intelligence, assess threats, and develop response strategies, ensuring their security measures align with the organization’s standards.
- Lead and direct special projects to enhance cyber posture of the organization.
- Lead security architecture for large, multi-client systems, covering all stages from conceptual to design, and handles integration of commercial and cross-functional systems.
- Develop metrics to ensure systems meet policies, standards, and best practices.
- Assess client requirements across Supply Ontario and manage the architecture, design, and evolution of scalable IT assets and services.
- Guides the deployment of IT systems, including technology, infrastructure, capacity, and service level agreements.
- Analyze and recommends architecture requirements for large-scale IT systems and participate in feasibility studies and reviews.
- Provide detailed advice on architecture, policy, and program development.
- Develop and implement architecture policies, standards, and guidance, including roadmaps and reference architectures.
- Provide technical advice and ensure IT projects adhere to Supply Ontario policies and standards.
- Analyze, define, evaluate, and recommend enterprise architecture requirements, considering all domains of security for IT systems.
- Develop business cases, manage contracts, and ensure deliverables meet standards.
- Maintain relationships with IT managers, senior clients, and project stakeholders, and consults with vendors and peers to address IT issues and developments.
- Provide leadership and training to project teams and consultants, schedules activities, explains procedures, and monitors progress.
Successful candidates will demonstrate the following:
- Bachelor’s degree in Information Technology, Computer Science, or related disciplines.
- 7-10 years of robust experience in a hands-on security role, supporting risk management, incident response, threat intelligence, security architecture, and other security assurance activities.
- Relevant professional certifications such as:
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Systems Security Certified Practitioner (SSCP)
- Certified Ethical Hacker (CEH)
- CompTIA Security+
- GIAC Certifications
- In-depth knowledge and experience with industry standards and security frameworks such as NIST 800-53, ISO/IEC 27001, CIS, COBIT, etc. to provide state of the art advice, including systems analysis, design, development, testing and implementation methods.
- Knowledge and experience working with SOC Audit reports, including SOC 2 Type 2.
- Extensive knowledge in cyber risk management frameworks, conducting threat risk assessments, and recommending mitigations to reduce or eliminate identified risks.
- Knowledge of cyber security concepts, including threats, vulnerabilities, security operations, cloud security, encryption, defense-in-depth, auditing, authentication, risk management, and has a track record of driving security solutions.
- Strong understanding of Cyber Kill Chain, MITRE ATT&CK, Diamond Model of Intrusion Analysis, and Indicators of Compromise (IOCs).
- Experience in developing and deploying security training and awareness campaigns across organizations.
Problem Solving and Communication Skills:
- Strong interpersonal capabilities to effectively liaise with stakeholders ranging from technical teams to senior executives within the organization. Adeptness in understanding, managing, and aligning stakeholder expectations.
- Consultation, collaboration, and facilitation skills to consult with multiple stakeholders and clients to advise on technical issues, facilitate discussions among stakeholders with different interests, encourage participation in the systems design process, and negotiate customer service agreements and resource requirements with client senior management and other IT groups to minimize service delivery issues.
- Leadership skills to provide direction to technical and non-technical personnel within the cyber security operation environment and cross-functional teams.
- Persuasion and negotiating skills to establish effective working relationships, obtain buy-in for systems development, promote systems to senior management and stakeholders and provide advice and recommendations to management staff regarding most effective architecture system strategies.
- Demonstrated experience in developing and maintaining comprehensive documentation. Strong technical and business writing capabilities.
- Agile responsiveness to evolving project dynamics, ability to pivot strategies based on emerging challenges or changes in project requirements.
- Solid experience in fostering and managing relationships with external vendors and ensuring optimal service levels and performance benchmarks are met.
- Exceptional written and oral communication skills, proficient in translating intricate technical details into clear, comprehensible insights for stakeholders irrespective of their technical aptitude.
Supply Ontario offers a competitive compensation package including benefits and defined benefit pension plan.
HOW TO APPLY
To apply, please click on the following APPLY NOW by October 8, 2024.
The selected candidate will be required to reside and work in Ontario.
Candidates are required to provide references and complete a criminal background check. Details will be provided through the application process.
This job offers the opportunity to work from home as part of a hybrid work arrangement; at the time of posting, this position would require in-office presence 3 days per week, based on current operational requirements.
We thank all applicants for their interest, however, only those selected for further consideration will be contacted.
Supply Ontario values inclusivity and diversity in the workplace. We welcome and encourage applicants from diverse backgrounds. We are committed to providing employment practices and accommodation that are in compliance with the Accessibility for Ontarians with Disabilities Act and the Human Rights Code. If you require accommodation at any stage of the recruitment process including in relation to the materials and processes to be used, please notify Human Resources at Talent Acquisition (CSCO) [email protected].
If you request accommodation, Human Resources will consult with you to provide or arrange for suitable accommodation in a manner that takes into account your accommodation needs.