Senior Cybersecurity Specialist

Position Summary

Join our team as a Senior Cybersecurity Specialist, where you'll play a pivotal role in safeguarding the City of Regina’s digital assets. In this strategic position, you'll lead the development and upkeep of our Information Technology Security Framework, ensuring robust protection of our corporate information. As a key player in enhancing and maintaining the City’s information security, you will tackle complex and diverse challenges, resolving critical security issues. Your expertise will be essential in protecting our enterprise information assets from threats while ensuring seamless access for those who need it. Reporting to the Enterprise Architect, you’ll be at the forefront of our cybersecurity initiatives.

Key Duties & Responsibilities

• Lead the design, implementation, maintenance and review of effective security controls including policies, standards, guidelines, processes and procedures.
• Lead Cybersecurity Strategy and development of Cybersecurity Roadmaps.
• Participate in the planning and design of enterprise security architecture.
• Lead the design, implementation, and review of the City’s Information Technology Security Framework, identifying risk areas and managing action plans to address any issues identified.
• Lead, advise and consult on management responses, action plans and remediation activities for security incident response including virus, malware and Cybersecurity events.
• Contribute to corporate projects as an information security subject matter expert, analyzing solutions, processes & infrastructure, and recommending appropriate information security controls.
• Contribute to influencing behaviour to reduce risk and build a strong corporate risk culture through Cybersecurity Awareness initiatives.
• Guide business owners through completing Information Asset Profiles, sensitivity and criticality classification and Threat Risk Assessments.
• Participate in the review and evaluation of recommended systems, applications and or network solutions to ensure appropriate safeguards are in place.
• Lead the planning and management of the required security policies and systems for the technical infrastructure environment that will prevent, detect and audit unauthorized access, destruction, misuse, or any other abuse of the City’s technological resources.
• Provide specialized consultation to identify, investigate, report and resolve security related issues liaising with Internal and External Audits, Information Management, Legal and HR.
• Maintain working relationships with external entities such as local and federal law enforcement, and other government agencies. Maintain currency and competency of the IT security industry as it relates to cybersecurity, risk management, control and compliance, and the development of new attacks and threat vectors.
• Performs related work as required.

Key Qualifications

• Typically, the knowledge, skills and abilities required for this position are obtained through a degree in Computer Science plus seven to ten years of relevant Information Security work experience; other combinations of education, work experience and professional development may be considered.
• Hold, or qualify for, the Certified Information Security Manager (CISM) and/or Certified Information Systems Security Professional (CISSP) designations.
• Other certifications such as CISA, GSEC, PCI compliance related (QSA, ISA, PCIP) and/or I.S.P. would be an asset.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of authentication, authorization and access control methods.
• Knowledge of risk management processes for assessing and mitigating risk.
• Knowledge of cybersecurity and privacy principles (confidentiality, integrity, availability, authentication, non-repudiation).
• Experience with Threat Risk Assessments and associated mitigation actions.
• Ability to conduct vulnerability scans and recognize vulnerabilities.
• Ability to conduct research into IT security items and products as required.
• Experience with ISO 17799/27001 code of practice for Information Security and Information Security Management Systems.
• Knowledge of security related legislation, regulations, frameworks and standards including PCI and PII.
• Experience in security event logging, monitoring, investigations, analysis and incident response management.
• Experience in policy, standards, guidelines and process development and maintenance.
• Experience working with a high degree of independence and as part of a larger team.
• Ability to communicate effectively, in both oral and written communications and presentations.