As an Information Security Advisor, you will be responsible for supporting the strategic and tactical initiatives of the Information Security Compliance & Advisory team. You will also work closely with business units to develop, implement and promote an information security and risk-aware culture following an Enterprise Security Risk Management (ESRM) approach. Primary duties include:

• Perform risk assessments on technology projects, initiatives and infrastructure by working closely with interested parties to identify, classify, and mitigate cyber threats.
• Provide information security expertise and advice to Information Technology (IT), Operations Technology (OT), other business units and associated projects.
• Define and implement security controls based on data classification and risk assessments.
• Participate in vulnerability identification; manage the Vulnerability Management program and collaborate with interested parties on remediation plans and tasks.
• Develop security policies, standards and procedures that may be identified as a project deliverable.
• Develop and maintain cyber security awareness content, campaign activities and reporting.
• Act as the system administrator for security tools such as Vulnerability Management and application systems.
   

• A completed 2-year Technology Diploma and at least 8 years of Information Security or related experience, OR;
• A degree in Information Technology, Computer Science or a related discipline and at least 4 years of Information Security or related experience.
• Extensive experience with cyber security vulnerabilities, risks, threats and various control mechanisms to mitigate business risks is required.
• One or more recognized Security certifications such as Certified Information Systems Security Professional (CISSP), Certification in Risk and Information Systems Control (CRISC), Global Industrial Cyber Security Professional (GICSP), or Global Information Assurance Certification (GIAC) is preferred.
• Experience performing security/threat assessment of Enterprise applications, Cloud-based services (IaaS, PaaS, SaaS, etc.), network environments or Industrial Control Systems (ICS), Internet of Things (IoT) is an asset.
• Experience in artificial intelligence (AI) and privacy risk assessment, controls and mitigation is an asset.
• An understanding of server platforms (for example: Linux, Windows), networking, security (Firewalls, IDS/IPS, proxy systems) and experience with UNIX and Windows Command Line Interface.
• Technical experience with encryption technologies, Vulnerability Management and Endpoint Protection systems in large enterprise deployment.
• Knowledge of how malicious code operates, how technical vulnerabilities are exploited, and knowledge of cyber threats, defenses, motivations and techniques will also be considered an asset.
• Experience with Request for Proposals (RFPs), security tools and vendor evaluation processes in the public sector is preferred.
• Previous experience working in a municipal government or public sector and a broad knowledge of the types of services provided by a large municipality will be beneficial.
• Well-developed interpersonal and communication skills, organization and planning skills and the ability to effectively prioritize and work in a team setting.
• Equivalent combinations of experience and education may be considered.