Security Specialist - Level II

Zylog delivers top jobs to top talent. We are currently seeking experienced professionals for exciting new opportunities and career advancement.

Zylog represents hundreds of client companies for both contract and permanent positions. New jobs are being filled every day and our experienced professional resource managers are waiting to help you screen the top jobs that match your skills and experience.

 

You don’t have time to search long lists of postings repeated on multiple web sites, so let our trained and experienced resource managers do the work for you. We review top jobs and will be the first to alert you when the right opportunity arises.

 

Job Description

Our client has a requirement for a Security Specialist – Level 2 for 6 months contract. The position is located in Toronto, Ontario

 

What makes this Special

Our client has a prestigious reputation and excellent work environment. This position offers an opportunity for personal learning and to contribute to important initiatives that make a difference. Our client is actively screening resumes and scheduling interviews to fill this position, so let one our professional resource managers represent you to the client, promote your skills, and help you prepare.

 

Role

The Consultant will be responsible for performing the following tasks:

Perform IFIS compliance management by:

• Reviewing Corporate Directives and Policies and Client-IT Standards to ensure IFIS Security practices are compliant (as needed); and
• Conducting impact and risk assessments for IFIS Security as a result of business process and partner organization changes.

 

Completing Threat Risk Assessment activities as listed below:

• Review in-scope business processes obtained from the IFIS Baseline Architecture and identified process owners
• Follow-up with identified process owners to verify business processes and to ensure process owners are accurately identified
• Schedule workshops with Corporate Security Branch (CSB) and process owners
• Participate in CSB workshops, track identified subject matter experts and documentation identified by process owners
• Meet with SMEs and collect appropriate business process documentation
• Review all submitted documentation to validate applicability against Enterprise Architecture document standards for corresponding TRA being completed i.e. Conceptual, Logical or Physical
• Complete Risk Mitigation reports
• Submit all collected documentation to CSB for review
• Review any documentation gaps identified by CSB and follow-up with SMEs to collect documentation to address gaps.

 

Complete Individual Sessions with Process Owners

• Review in-scope business processes obtained from IFIS Baseline Architecture and identified process owners
• Follow-up with identified process owners to verify business processes and to ensure process owners are accurately identified
• Schedule individual meetings with process owners to identify SMEs and applicable documentation
• Contact SMEs and collect documentation
• Review all submitted documentation to validate applicability against Enterprise Architecture document standards for corresponding TRA being completed i.e. Conceptual, Logical or Physical
• Submit all collected documentation to CSB for review
• Review documentation gaps identified by CSB; address these gaps through follow-up meetings with SMEs.

 

Participate in TRA Kickoff Meeting and schedule Workshops

• Schedule workshops with CSB and identified SMEs
• Participate in the kickoff meeting and workshops and coordinate the collection of any additional documentation required to complete the TRAs
• Follow-up with SMEs and submit documentation to CSB.

 

Report Distribution and Feedback Coordination

• Distribute 1st draft report to business for review
• Coordinate the collection of business feedback for the 1st draft report
• Track feedback from business and submit to CSB
• Review 2nd draft of report to ensure that business feedback for 1st draft has been incorporated
• Distribute 2nd draft of report to business for review
• Coordinate the collection of business feedback for the 2nd draft report
• Track feedback from business and submit to CSB
• Review final draft of report to ensure that business feedback for 2nd draft has been incorporated
• Coordinate final draft of report with CSB
• Distribute final report to business and stakeholders for sign-off
• Submit signed off report to CSB and stakeholders.

 

Other duties as assigned:

• Providing expert advice to management and project team on security management related issues.
• The Vendor’s Personnel will also be required to:
• Complete work and achieve milestones within the assigned deadlines;
• Notify the Cluster/Client project Manager in writing of any issues or other material concerns related to the assignment deliverables, as soon as the he/she becomes aware of them;
• Submit deliverables for the Cluster/Client approval as they are completed;
• Comply with the client and the Cluster/Client security procedures and practices;
• Comply with the client and the Cluster/Client architecture/technology standards and best practices;
• Comply with the client and the Cluster/Client Conflict of Interest and Confidentiality Guidelines;
• Provide knowledge and skill transfer to a designated Cluster/Client staff; and
• Comply with the Client I&IT Directive, Operational Policy on the I&IT Project Gateway Process, and other applicable Guidelines, Standards and Procedures.

 

Requirements and Qualifications

To perform their duties under this request, the Consultant must be able to demonstrate knowledge of, and experience in, the following skills, activities, or areas.

Practical experience in Security management including:

• Security management systems
• Information security policy, standards and procedures
• IT security architecture
• IT risk management.
• Authoritative technical consultation and leadership for threat risk assessments (TRAs) and privacy impact assessments (PIAs)
• Content and application of legislation and directives related to the security and confidentiality of information such as the Freedom of Information and Protection of Privacy Act, Management Board security directive and procedures as they relate to TRAs and PIAs
• Client threat risk assessment (TRA) methodology and the requirements for each of Conceptual, Logical and Physical TRAs
• Consultation and negotiation skills to coordinate and review participants’ comments and responses related to TRAs and PIAs
• Enterprise architecture documentation standards as required for ARB/ACT checkpoints
• Client IFIS Baseline Architecture
• Client Project management methodology and standard practices used within the TRA process
• Research, analytical and problem-solving skills to research, analyze and review specific documentations
• Stakeholder relations building and management skills to gain and sustain participants’ commitment and cooperation.
• The Consultant is expected to have the following experience levels and designation:
• 5+ years of practical experience related to IT Security Management for ERP
• 5+ years of practical experience related to IT Governance and Technology Risk Management.

 

The Consultant must have at least one of the following designations:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM).

 

Other Desirable Requirements

Knowledge and experience within the following areas are highly desirable and are being sought in the consultant:

• Project Management methodologies
• Knowledge of, and experience with Client Information Technology standards, directives and policies
• Excellent relations management skills
• Excellent consultation skills
• Excellent written and verbal communication skills

 

Keywords: Security, Risk Management, security architecture, CISSP, CISA, CISM

How to Apply

Online:

To apply for this and other suitable exciting opportunities with Zylog Systems (Canada) Ltd., you can register and apply online at www.ZylogCanada.com