HIRING SALARY RANGE: $91,190.000-$103,714.00 PER ANNUM
MAXIMUM OF SALARY RANGE: $115,237.00 PER ANNUM
AREA OF RESPONSIBILITY:
This role is responsible to provide advisory subject matter expertise, offer solutions, strategies and recommend ways to ensure all program policies and procedures related to Cyber Security and Information Risk Management within the Corporation are communicated and implemented to meet organizational effectiveness and corporate service standards. As part of a small IT Security and Risk team, the role will be responsible for a broad range of information security work including: Supporting Information Security tooling, e.g. IDS/IPS, AntiVirus, Malware Detection Responses, URL Filtering, Threat Hunting, DLP, on Endpoints, Network Devices, and 0365/Azure Cloud. Managing operational support for Mail Gateway, AD PAM, Certificate Management/Provisioning, IAM Onboarding process. Providing security assessments on our in-house developed products as well as procured products; participating in enterprise and project risk management activities; researching, defining evaluation criteria and recommending information security controls and procedures; developing information security standards, policies and procedures; establishing information security metrics, gathering data and preparing reports; participating in the information security incident response process; and championing and communicating the future state of COB’s (City of Brampton) cyber security awareness program.
Support projects and security tools by providing governance, and operational delivery of information security services.
Conduct security and threat risk assessments and security evaluations.
Conduct product reviews to identify potential vulnerabilities and risks.
Review IT operational processes, identifying potential security concerns and risks and developing mitigation measures.
Participate in enterprise and project risk management activities.
Proactively conduct IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services).
Consult with the Corporation’s Technology Services teams to research, define evaluation criteria and recommend information security controls and procedures
Participate in the information security incident response process.
Inclusive of the above, the architecture focused role will:
Liaise with the Enterprise Information Architecture team as the source of trusted security expertise for various programs and projects
Develop, evolve and maintain security in balance with user, business, and system goals.
Assist with security reviews for conformance to solution architecture
Collaborate with development services in the development, review, and documentation of detailed security design and re-usable security design patterns
STAFF GUIDANCE AND DIRECTION
Support staff, prioritize and organize daily work direction to meet operational effectiveness.
Coach, mentor and provide guidance as required to meet operational effectiveness.
Participate in recruitment and hiring process as required to meet operational effectiveness.
Provide input into performance review as required.
Serve as a source of trusted information security expertise for various programs and projects.
Escalate complex issues to appropriate level.
Liaise with stakeholders in order to understand business needs and recommend solutions to meet operational effectiveness.
Build and maintain a relationship with internal and external stakeholders, departments and team members to achieve common goals and objectives.
COMMUNICATION AND REPORTING
Establish information security metrics, gather data and prepare reports.
Champion and communicate the future state of COB’s cyber security program.
Present and convey complex concepts and conditions to stakeholders; develop reports, proposals and make recommendations to management for effective decision-making.
Keep management informed of activities and initiatives; recommend solutions for effective decision-making.
Develop information security standards, policies and procedures.
Ensure proper documentation standards are adhered to, and standards are kept up to date.
Promote security awareness and good data protection practices to safeguard COB’s information assets.
Help shape strategic technical direction and standards for the organization.
Keep abreast of new technology trends, information security and cyber risks and standards development in order to recommend solutions that improve business processes, service solutions and best practices.
Maintain knowledge of collective agreements, City policies and practices, legislation, regulations and Standard Operating Procedures (SOPs).
Use of effective resource and expense management at all times to meet corporate policies and guidelines.
TEAMWORK AND COOPERATION
Participate on project initiatives as a subject matter expert.
Work well within diverse groups to achieve common goals and objectives that meet operational effectiveness and corporate service standards.
Participate as a member of cross-functional team.
Demonstrate corporate values at all times.
Post-secondary degree or diploma in Information Technology, Computer Science, Engineering, Business or related degree is required.
Professional security and privacy certifications (one of more of the following is preferred):Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA)
Information security specific coursework is an asset.
5+ years of broad and progressive information security experience in an enterprise environment including: security tooling support, program development, security risk and vulnerability analyses, system design and architecture required.
Minimum of 3 years in a senior information security position in a medium to large organization.
3-5 years supervisory experience is an asset; Ability to guide and motivate staff
Practical knowledge of Municipal, Regional, Provincial and Federal Governments and applicable Legislations is an asset
Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards required.
Experience in public cloud environment (MS Azure and AWS is highly preferred) and analyzing existing cloud structures and creating new and enhanced security methods.
Knowledge of and experience working with the following IT security solutions: Cloud Access Security Broker, Endpoint Detection and Response, Next Generation Firewall, Privileged Access Management, Identity Access Management, Security Information and Event Management (SIEM), Multi Factor Authentication, Vulnerability Management, Penetration Testing, etc.)
Understanding of and experience with general certificate management processes, public key infrastructure (PKI) and commercial Certificate Authority providers
Demonstrable experience presenting analyses and presentations to both internal and external audiences.
Strong understanding of various information security controls, their strengths and weaknesses, and how best to apply them successfully to mitigate threats.
Broad understanding of Microsoft and Oracle technology stacks across operating system, server, middleware, storage (database), and development.
Exceptional knowledge of application, network, and operating system security, security architectures and the application of privacy and security controls (i.e., authentication, authorization, auditing, encryption).
Strong understanding of Cloud computing concepts, virtualization and software architecture patterns. Microsoft Azure knowledge and experience is highly preferred. Ability to understand and translate strategic, tactical and operational business requirements into effective architectures and designs through the use of new or enhanced technology products and services to support business objectives.
Ability to function with a high level of autonomy in setting objectives based on direction from management.
Collaboration with team in managing expectations and tracking progress.
Ability to develop detailed documentation tailored to specific audiences and purposes.
Exceptional communication skills. Has the ability to interact equally well with experts from multiple disciplines; both technical and non-technical. Listens effectively and articulates complex technology alternatives in ways appropriate for the audience.
Strong Presentation skills; Facilitate and convey concepts in a clear and concise manner
Strong Customer Service and People Management skills; Interface with internal and external stakeholders and resolve issues to meet corporate service standards
Strong Organizational skills; Detail oriented, well organized and able to prioritize complex tasks and meet critical deadlines
Strong Analytical skills for complex problem solving
Internal Number: 103696
About City of Brampton
We're building change in Brampton. The urban centre we serve is one of the youngest, fastest growing, most diverse cities in the country. We're aiming high and thinking big, to position Brampton as an emergent global city of the future.
Leaders in our organization understand success requires passion, creativity and agility. We value progress over process. We hold each other accountable. We are a team who is engaged, excited and empowered to deliver results for Brampton.