The Senior Cybersecurity Specialist is a strategic position responsible for the development and maintenance of the City of Regina’s Information Technology Security Framework ensuring the protection of digital corporate information assets. This role performs senior level duties required to improve and sustain the City’s information security posture and assists in resolving security issues that are diverse and complex in nature. In addition, this position works to protect enterprise information assets from intentional or accidental destruction or modification while minimizing the impact upon those who need legitimate access to the data. This position reports to the Enterprise Architect.
Typical duties include:
- Lead the design, implementation, maintenance and review of effective security controls including policies, standards, guidelines, processes and procedures.
- Lead Cybersecurity Strategy and development of Cybersecurity Roadmaps.
- Participate in the planning and design of enterprise security architecture.
- Lead the design, implementation, and review of the City’s Information Technology Security Framework, identifying risk areas and managing action plans to address any issues identified.
- Lead, advise and consult on management responses, action plans and remediation activities for security incident response including virus, malware and Cybersecurity events.
- Contribute to corporate projects as an information security subject matter expert, analyzing solutions, processes & infrastructure, and recommending appropriate information security controls.
- Contribute to influencing behaviour to reduce risk and build a strong corporate risk culture through Cybersecurity Awareness initiatives.
- Guide business owners through completing Information Asset Profiles, sensitivity and criticality classification and Threat Risk Assessments.
- Participate in the review and evaluation of recommended systems, applications and or network solutions to ensure appropriate safeguards are in place.
- Lead the planning and management of the required security policies and systems for the technical infrastructure environment that will prevent, detect and audit unauthorized access, destruction, misuse, or any other abuse of the City’s technological resources.
- Provide specialized consultation to identify, investigate, report and resolve security related issues liaising with Internal and External Audits, Information Management, Legal and HR.
- Maintain working relationships with external entities such as local and federal law enforcement, and other government agencies. Maintain currency and competency of the IT security industry as it relates to cybersecurity, risk management, control and compliance, and the development of new attacks and threat vectors.
- Performs related work as required.
Candidates will be screened on the following criteria:
Typically, the knowledge, skills and abilities required for this position are obtained through a degree in Computer Science plus seven (7) to ten (10) years of relevant Information Security work experience; other combinations of education, work experience and professional development may be considered. Hold, or qualify for, the Certified Information Security Manager (CISM) and/or Certified Information Systems Security Professional (CISSP) designations. Other certifications such as CISA, GSEC, PCI compliance related (QSA, ISA, PCIP) and/or I.S.P. would be an asset.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of authentication, authorization and access control methods.
- Knowledge of risk management processes for assessing and mitigating risk.
- Knowledge of cybersecurity and privacy principles (confidentiality, integrity, availability, authentication, non-repudiation).
- Experience with Threat Risk Assessments and associated mitigation actions.
- Ability to conduct vulnerability scans and recognize vulnerabilities.
- Ability to conduct research into IT security items and products as required.
- Experience with ISO 17799/27001 code of practice for Information Security and Information Security Management Systems.
- Knowledge of security related legislation, regulations, frameworks and standards including PCI and PII.
- Experience in security event logging, monitoring, investigations, analysis and incident response management.
- Experience in policy, standards, guidelines and process development and maintenance.
- Experience working with a high degree of independence and as part of a larger team.
- Ability to communicate effectively, in both oral and written communications and presentations.
*Note: Testing may be done to evaluate knowledge, skills and abilities.
*Candidates selected for an interview will be required to provide proof of acquired education*
**In accordance with the City of Regina’s Criminal Record Check Policy, the position requires that the successful candidate provide a satisfactory Criminal Record Check as a condition of employment.**
Division: Citizen Experience, Innovation & Performance
Department: Technology & Digital Innovation
Salary Grade: Civic Middle Management – Salary Grade 8
Salary: $44.71 - $55.85/Hour; $85,244 - $106,484/Annum
The City of Regina values diversity in our workforce and encourages applications from all qualified Employment Equity candidates.
We will contact applicants we wish to consider within six weeks of the competition closing date. All applicants are thanked for their interest.