Senior Cybersecurity Specialist

Position Summary

The Senior Cybersecurity Specialist is a strategic position responsible for the development and maintenance of the City of Regina’s Information Technology Security Framework ensuring the protection of digital corporate information assets. This role performs senior level duties required to improve and sustain the City’s information security posture and assists in resolving security issues that are diverse and complex in nature. In addition, this position works to protect enterprise information assets from intentional or accidental destruction or modification while minimizing the impact upon those who need legitimate access to the data. This position reports to the Enterprise Architect 

Key Duties & Responsibilities

• Support the design, implementation, maintenance, and review of security controls, policies, standards, and procedures.
• Support cybersecurity strategy development and roadmaps, and contribute to enterprise security architecture planning.
• Perform hands-on security monitoring, analysis, and investigation to identify, triage, and respond to potential threats and security incidents.
•  Administer the IT Security Framework, identifying and tracking risks, supporting control compliance, and facilitating remediation activities across teams.
• Provide expert advice on projects, recommending controls and promoting cybersecurity awareness and risk culture.
• Guide business owners on asset classification and threat risk assessments and review systems to ensure safeguards.
• Plan and manage security measures to prevent, detect, and audit unauthorized access or misuse.
• Provide consultation on security issues, collaborating with audits, legal, HR, and external partners.
• Maintain relationships with external agencies and stay current on evolving cybersecurity threats and practices.

Key Qualifications

• Typically requires a Computer Science degree and 7–10 years of information security experience; equivalent combinations may be considered.
• Holds or is eligible for CISM and/or CISSP, with additional certifications (CISA, GSEC, PCI, I.S.P.) considered assets.
• Strong knowledge of networking, security methodologies, access controls, and risk management processes.
• Understanding of cybersecurity and privacy principles, threat risk assessments, and vulnerability identification.
• Experience with ISO 27001 standards, security legislation (e.g., PCI, PII), and incident response management.
• Skilled in security monitoring, analysis, and investigation, as well as policy and standards development.
• Demonstrated experience with cybersecurity tools and platforms used for identity management, monitoring, threat detection, and incident response. Ability to conduct research on security technologies and work both independently and collaboratively.
• Strong communication and presentation skills, both written and verbal.