Senior IT Security Specialist (HYBRID)

About the job

• explore many career paths and follow your passion
• continuously learn and grow professionally
• be recognized for the great work you do
• participate in programs that support your health and wellbeing
   

• Lead IT / cyber security governance and oversight of 3rd party managed security services providers and system administrators;
• Ensure proper application and administration of WSIB's information security systems and policy (whether located at 3rd party sites or at WSIB offices)
• Develop security metrics/dashboards to increase security process consistency, capability & maturity
• Liaise with systems administrators to ensure system integrity, proper installation, operation, and maintenance of all components.
• Lead resolution of security issues such as internet security, application security and major access issues, with 3rd party vendors
• Review/perform risk assessment and compliance to WSIB or industry standard IT Security Policies and controls.
• Provide IT / cyber Security leadership in the following areas;:
• Respond to security incidents by providing analysis and expertise, explaining technical issues, identifying alternatives, providing and recommending solutions which will help protect confidential data and the vital resources for processing that data.
• Monitor and protect the integrity of the information and electronic infrastructure by staying current with advanced technical skills and knowledge in order to respond to the increasing sophisticated intrusion attempts.
• Provide team leadership by assisting the manager in the prioritization of issues, assignments and projects and the monitoring of section projects and activities, providing technical guidance to staff, and advising Manager of major problems and issues.
• Provide advice and consultation to Infrastructure Teams & Applications Development regarding the use of system access and the interface with applications; provide on-call support during implementation of new systems & software releases. Provide rapid response to user community's requests for security assistance and security consultation to development projects.
• Maintain knowledge of vendor products through research of security services or contacts for security investigations or products for the purpose of recommending purchases.
• Provide guidance and technical assistance to operating units, including analyzing, assisting in the selection of security-related software and hardware, evaluating access to and use of online technology (network, LAN, mainframe) and operating systems and applications.
• Plan, design, obtain approval and implement security architectures, procedures and software that safeguard access to WSIB data.
• Ensure that logical access to and use of the WSIB’s computing resources are restricted through the implementation of adequate verification mechanisms of identified users and resources associated with access rules
• Ensure currency of Information Security policies through updates, new development, implementation of controls, etc. Lead development and delivery of corporate security awareness campaigns.
• Conduct and/or oversee internal/external threat risk assessments and audits.
• Review, provide expert input and approve infrastructure and application design and development.
• Plan, coordinate and carry out threat and risk assessments and provide guidance on mitigation options
• Provide a proactive leadership approach to ongoing Information Security Risk Management;
• Review risk assessments, recommend & implement mitigation strategies
• Create, compile and maintain information security policies, procedures, standards and guidelines to support the delivery of new technology
• Re-examine security periodically to maintain formally approved security levels and the acceptance of residual risk
• Monitor a variety of security publications, forums, blogs and mailing lists to keep abreast of emerging threats and control technologies
• Develop computer security incident handling procedures with sufficient expertise and rapid response capability, respond to various security incidents as required
• Provide team leadership to assist with security investigations and Human Resources procedures.
• Lead post security incident investigations and system intrusions, investigate root cause, report on findings, and present to stakeholders
• Network and Security Investigations
   

• College diploma in computer science or related engineering discipline

• 5 years Information security / cyber security incident management experience
• Knowledge of cloud security (for example MS Azure and AWS) and AI security
• One or more InfoSec Certifications:
  • CISSP
  • SANS / GIAC
  • Cisco CCNA Security
  • Comp TIA Security +
  • Microsoft Certified IT Professional.
• And one or more Technical training/certificates;
  • Network & Web Application Penetration Testing
  • Advanced Firewall Administration
  • Network Access Control
  • Intrusion Detection/Prevention Systems