Job Specification

Purpose of Position :

To provide project management / technical consulting expertise and team leadership on a corporate enterprise wide basis in the area of threat risk assessments, business impact assessments, and mitigation planning and to participate in the design, development and maintenance of I&IT Security plans and strategies for Corporate Security, Office of the Corporate Chief Information Officer.

Duties / Responsibilities :

Within the branch responsible for the development and marketing of information technology security policies and technologies and the provision of expertise to ensure Ontario Government corporate security, the position:

1. Provides expertise and consultative advice to branch colleagues and client ministries on threat risk assessments, business impact assessments, planning principles including best practices for the development and implementation of enterprise security and risk mitigation strategies to ensure the confidentiality, integrity, availability and protection of information assets of client ministries and compliance with legislative requirements, OPS directives, ministry architectures, and industry best practices.

2. Leads the development and implementation of enterprise wide risk management strategies to ensure the confidentiality, integrity, availability and protection of information assets of client ministries and compliance with legislative requirements, MGS directives, ministry architectures, and industry best practices.

3. As a technical resource, and in collaboration with I and IT management, information, application and technology architecture staff, business clients, development and technical staff, advises on security issues related to enterprise wide information technology systems to mitigate risk though out the system development life cycle.

4. Provides leadership to teams responsible for security planning, development and implementation projects, the research of new methods, standards and techniques and the provision of advisory and training services.

5. Provides project management and leadership to teams responsible for Threat/Risk Assessments. Provides input to corporate security policies, standards, templates, techniques and guidelines pertaining to risk management to maximize the protection of enterprise systems across the Ontario Public Service. Determines project scope, establishes critical success factors, manages project budget/resources, assigns work to project teams, monitors project milestones and deliverables, and performs quality control to ensure optimum work with quality standards.

5. Provides technical expertise, training, and advisory services on an enterprise wide basis including in depth threat/risk analyses, business impact analyses, and security reviews to advise on optimum resolution of security vulnerabilities as well as proactive planning of major organizational or technological changes.

6. Provides leadership in selection and use of assessment methodologies, security technology and techniques. Serves on committees reviewing and/or evaluating new products and security tools; consults with/advises client groups on methodology use and application.

Knowledge :

Position requires knowledge of IT security methodologies, tools, techniques, security design and architecture, threat/risk concepts and practices, Public Key Infrastructure (PKI), mainframe security (e.g. RACF) and emerging technologies, including business continuity and disaster recovery planning to provide senior technical consulting expertise in the area of business impact assessment, threat risk assessment and to act as the lead technical resource to I and IT management and colleagues. Knowledge of the Corporate I and IT Security Strategy and I and IT strategic planning processes, and government IT standards, policies and directives to project lead I and IT security plans and strategies and to develop recommendations for the I and IT Threat/Risk Assessment and Business Impact Assessment component of the corporate risk management. Knowledge of privacy and program legislation and ministry business/processes/requirements to address client's security design needs, ensuring solutions conform to corporate I&IT plan and promote integration of enterprise wide security requirements and technology.

Knowledge of system development methodology and OPS information technology systems and environments including telecommunication systems and application processing systems, network security mechanisms, in order to provide expertise in the development, implementation and support of security and mitigation plans and mechanisms applicable to corporate, Cluster and client ministry requirements. Knowledge of project methodology and superior project management skills to provide project planning and leadership on concurrent projects including cross government projects and to manage deadlines and competing priorities. Knowledge of policy and standards development to lead the development of corporate security design policies, standards, templates, and techniques.

Knowledge of emerging I and IT trends, best practices and developments to provide leadership in selection and use of assessment methodologies, security technology and techniques and to evaluate new products and security tools. Strong team skills to provide guidance and mentoring to branch Threat/Risk Assessment staff. Knowledge of government contract administration policies and practices to analyze and evaluate contractual agreements with service providers. Strong stakeholder management, partnership and relationship building skills to initiate and nurture strong working relationships with colleagues throughout the Division, ministry and OPS and external stakeholders to work cooperatively with all stakeholders to meet mutual goals and to act as a trusted advisor and to support and lead cross government projects. Position requires strong strategic orientation skills to understand and assess the external impact of trends and issues on internal strategy for policy and standards development.

Excellent mediation, negotiation, and facilitation skills to provide leadership on project and work teams and to apply impact and influence and persuasive techniques to adapt a presentation or discussion to appeal to the interest and level of others. Excellent oral communication, consultative and advisory skills to act as a lead technical resource and provide expertise and advice to ongoing contacts. Excellent written communication skills to develop strategies, policies, standards, templates and related technical materials.

Judgement :

Position works under the general direction of the Manager, CSB Risk Management Services and within the broad framework of the Corporate I and IT Security Strategy, corporate security policies and industry, I and IT trends and standards. Position is the senior threat/risk assessment expert for the enterprise and is relied upon to exercise a high level of independent decision making and judgement in acting as the lead technical resource to branch colleagues and client ministries on threat risk assessment and business impact assessments and strategies to capitalize on business opportunities to refine production processes to mitigate exposures and reduce risk of day to day operations. Position exercises a high degree of initiative and judgement in balancing the needs and priorities of ministries with the governments overall corporate I and IT strategic directions as well as the ongoing conflicting priority demands of various concurrent cross government projects.

Position exercises judgement in providing guidance and mentoring to branch Business and Technical staff; in advising on optimum resolution of security vulnerabilities as well as proactive planning of major organizational or technological changes; in leading projects in security planning, development and implementation to mitigate identified risks to an acceptable level and in recommending approaches which may involve investment of millions of dollars in IT infrastructure for the protection of information and information technology assets. Position also exercises judgement in representing the OPS on national and international standards bodies to assist in the identification of necessary areas of standardization, recommend approaches to achieving standardization.

Accountability - Programs :

Provides enterprise wide threat/risk assessment and business impact assessment expertise and consultative advice on security and mitigation planning principles for the development and implementation of enterprise wide security and risk reduction strategies to ensure the confidentiality, integrity, availability and protection of information assets of client ministries and compliance with legislative requirements, MGS directives, ministry architectures, and industry best practices. Leads the development and maintenance of corporate security design policies, standards and guidelines; the design, development and maintenance of I and IT security plans and strategies and the development of proposals for the I and IT Risk Management component of the corporate I and IT plan and security architecture.

Accountability – Personnel :

Leads assigned project and/or work teams. Oversees planning of resources, assignment of project tasks, monitoring of project progress and review of work to ensure standards are met. Provides guidance and mentoring to Branch Threat/Risk Assessment staff.

Accountability - Finance and Materials :

Plans and manages project budgets.

Accountability - Impact of Errors :

Ineffective threat/risk assessment and business impact advice would have an adverse and critical impact on the Government of Ontario's security program and governance framework resulting in potential security risks and protection of the information assets of client ministries.

Prior to the offer of employment, in accordance with the OPS Personnel Screening Checks Policy, the top applicant(s) will be required to undergo personnel screening checks, which includes a police records check. This condition applies to all applicants.

Contact - Internal :

Frequent contact with branch/division/OPS business and technical areas to provide expertise as the Security lead on Threat Risk Assessments and Business Impact Assessments and to provide facilitation on a range of cross government Threat Risk Assessments.