headDivide.jpg NOTICE: The OPS Careers job alert service has been restored; to sign-up for job posting notifications through the OPS Careers job alert service please access the job alert subscription page.
navArrow1.gifSearch navArrow1.gifWho we are navArrow1.gifOur workforce navArrow2.gifHiring Process navArrow2.gifYouth And New Professionals navArrow2.gifFAQs

Job Specification
Position Title: SECURITY ARCHITECT
Job Code: AMAPCEO - Systems Serv Ama Unit ASY21, 21ASY
Job ID: 22116

Purpose of Position:
To provide senior technical consulting expertise and to manage the processes related to, the design, development and maintenance of I&IT Security plans and strategies for the Health Services Cluster, Ministry of Health and Long-Term Care, and the health care and social services sectors, that define how information and applications are classified, secured and protected. To provide project management leadership and supervision to teams in design and development of logical and physical security structures and mechanisms serving multiple purposes for multi-client use. As a lead technical resource, and in collaboration with IS management, information, application and technology architecture staff, business clients, development and technical staff, ensure the use and application of the Security Architecture in order to optimize the effectiveness of the Ministries` applications and databases. To identify and promote criteria and techniques associated with the design of security applications and mechanisms, consisting of reusable components that can be easily modified to respond quickly to the Ministries` changing business needs.

Duties/Responsibilities:
1. Defines, develops, publishes, maintains, communicates and promotes the Ministries` Security Architecture, which offers the required security services, proposes security mechanisms, and describes design principles for implementing the security mechanisms that provide an environment in which business can be safely transacted, abiding by legal requirements for privacy and confidentiality.

2. Provides current and target Security Architecture definition by reviewing and assessing new directions in relation to the current and future business needs of the Ministries and its clients.

3. Acts as resource to the broader public sector in promotion, development and implementation of the security architecture for the Human Services sector.

4. Develop proposals for the I&IT Security component of ministry information technology plan and security architecture; recommending technical design features and alternatives to ensure proper procedures for classification, protection and contingency recovery, of all ministry databases; identifying data components subject to privacy or confidentiality provisions.

5. Provides detailed standards, templates, techniques, recommendations and strategies for the design and development of security components to maximize the protection of the environment.

6. As a lead resource and in collaboration with IS management, business clients, and technology staff, identifies, selects, adopts, or adapts international, national, or government standards to meet identified Ministry security requirements. May represent the Ministry as a member of national or international standards bodies (e.g. CIHI-Canadian Institute for Health Information) to assist in the identification of necessary areas of standardization, recommend approaches to achieving standardization, and develop Ministry acceptance and adherence to MBS standards.

7. Leads the development and maintenance of policies, standards and guidelines for publication pertaining to the security aspects of creation, collection, storage, access/security, retrieval and disposition of ministry I&IT assets.

8. Participates in corporate/ministry business improvement initiatives; identifying and investigating I.T. opportunities; providing security expertise in developing ministry information technology plans and strategies, development of privacy and confidentiality related policies and standards; project scoping, planning and preparation of IT project proposals; process improvement/re-engineering initiatives.

9. Participates in the development of and approve business application requirements; threat/risk analyses; privacy impact assessments (PIA); security requirements; data access specifications and the security classification of data.

10. Leads corporate projects for identifying security mechanisms to mitigate identified risks to an acceptable level. Ensures compliance and integration with the Enterprise Information Architecture and Cluster architectures; providing supervision, technical direction and project leadership to teams; coordinating development of general design specifications; preparing reports, estimates, feasibility studies, RFPs, implementation schedules, recommendations; monitoring/reviewing database development and ensuring efficiency, performance, integrity; and overseeing testing and implementation.

11. Provides leadership in selection and use of assessment methodologies, security technology and techniques. Serves on committees reviewing and/or evaluating new products and security tools; consults with/advises client groups on methodology use and application.

12. Collaborates with the Information, Application and Technology Architects in the development and maintenance of the Ministry`s Object Architecture, by contributing standards and recommendations regarding the use of security mechanisms and tools.

Knowledge:
Job requires advanced knowledge of security methodologies, tools, techniques, security architecture, threat/risk concepts and practices, in order to design and develop security mechanisms; provide expert advice to clients; to create security standards/guidelines; to develop solutions to data recovery, integrity and security issues.

Job requires advanced, broad-based knowledge of applicable privacy and program legislation, ministry IT plan, project planning methodology, and ministry business/processes/requirements to address client`s system needs, plan/organize and implement projects in a multi-project environment, ensuring solutions conform to cluster I&IT plan and promote integration of organization`s security requirements and technology.

Job requires knowledge of Public Key Infrastructure and emerging technologies, particularly biometrics, smart card and wireless technologies.

Job requires knowledge of micro/personal computer system technologies, an understanding of operating systems, programming languages and database management using mainframe/minicomputer, to design, analyze and maximize security capabilities.

Job requires knowledge of data management and applications software, to: assess and advise on how software/hardware issues relate to security mechanisms and advise on acquisition of new software/hardware.

Job requires broad-based knowledge of the overall field of Information Technology, including experience in all aspects of planning, requirements definition and analysis. Breadth of knowledge and ability to assess key trends and directions are more important than in-depth technical knowledge in any one area.

Able to coordinate the development of standards and the selection of products through a process of broad consultation with clients and IS management and staff. Proven ability to work effectively as both a team leader and as a member of a team.

Proven ability to lead teams of technical and non-technical staff in projects to design and develop security processes and mechanisms for systems, databases, data management structures, standards, policies and procedures. Proven supervisory and group leadership abilities are required to assign work, review quality and timeliness of assignments upon completion, provide input into performance evaluation and identify training requirements. Proven ability to train and mentor junior staff by transferring knowledge and experience, and by demonstrating best practices to junior analysts and supervising assignment for conformance to guidelines and standards.

Job requires knowledge of government/ministry directives, standards, policies and guidelines governing security management and application development.

Job requires strong communication ability to communicate effectively with both technical and non-technical staff both through written documents and multi-media presentations. Job requires strong oral communication skills to explain technical solutions to non-technical ministry personnel and to make presentations to senior management on proposals for aspects of Ministry Security Architecture and IT plans/strategies. Strong interpersonal skills are required to present and discuss benefits/drawbacks of proposals on security management strategies with senior managers and to encourage support of recommended approaches.

Judgement:
Work is performed independently under the general direction of the Manager, I&IT Security. A high degree of initiative and judgement is required to balance the needs and desires of clients with individual requirements against overall needs and priorities of the Ministries. Using current infrastructure as a base, the incumbent must investigate and evaluate a wide range of alternative approaches to the evolution of the security infrastructure and recommend those options that will meet current needs and contribute to longer-range goals.

The incumbent will face conflicting demands on his or her time and directions that must be resolved through interpretation of overall Ministry priorities.

The incumbent will recommend approaches which will involve investment of millions of dollars in IT infrastructure for the protection of information and information technology assets. Poor judgement could result in considerable direct loss, embarrassment and possible legal action for the Ministries.

Accountability - Programs:
The position is accountable for the development and continual updating and promotion of the Security Architecture, and the security component of IT plans and strategies.

The position is accountable for managing assigned projects:

• Maintenance of cost, resource, and time control over projects;
• Supervision of specialists and consultants as assigned;
• Providing effective advice on the application of security architecture within the Ministries and within the broader Human Services sector that could have significant cost of opportunity impact.

Contact - Internal:
Daily contact with Human Services Cluster and ministry staff, business clients and vendors to gather requirements, seek out solutions, to educate, and to be educated.

Frequent contact with other ministries, clusters and MBS staff to assist in the alignment of IT and security plans across the government and to share expertise and experiences.

Occasional contact with senior Ministry management to present I&IT security options and to educate them as to the potential to harness information technology to meet urgent Ministry security and business priorities.