Job Specification

Purpose :

To provide research and analytical support in the development, implementation and maintenance of I&IT security strategies and plans.
To provide I&IT security advice and assistance to Ministry management, program managers and project teams.

Key Responsibilities :

1. SECURITYPOLICY RESEARCH AND ANALYSIS
- Provides research, analysis, evaluations and recommendations on security planning, business continuity and disaster recovery to support the development and implementation of security and contingency strategies and plans that ensure the confidentiality, integrity, availability and protection of information systems and assets and are in compliance with legislative requirements, MGS directives, ministry architectures, and industry best practices.
- Co-ordinates and conducts projects concerning specific security concerns and issues. Assesses research and resource requirements, devises protocols and develops and implements project plans .
- Participates as a project member to develop and maintain corporate/cluster security contingency policies, standards, solutions and guidelines for recovery planning development, enhancements and methods.
- Researches, recommends and communicates design criteria, standards and techniques for security applications and mechanisms (including reusable, adaptable components), business application requirements; threat/risk analyses; privacy impact assessments (PIA); security requirements; data access specifications and the security classification of data.
- Participates in the development and approval of business application requirements; threat/risk analyses; privacy impact assessments (PIA); security requirements; data access specifications and security classifications for data.
2. SECURITY LIAISON AND ADVICE
- Provides specialised advice to support the design, development and maintenance of I&IT security plans and strategies, including I&IT privacy assessments, business continuity and disaster recovery planning.
- Participates in cross-government projects for identifying security mechanisms to mitigate identified risks to an acceptable level.
- Participates on committees reviewing and/or evaluating new products and security tools; consults with/advises client groups on methodology use and application.

Knowledge / Skill :

Knowledge of and skills in:
- Corporate I&IT security and strategy, policies and plans, current and emerging I&IT security and contingency principles to conducts research, develop options and provide assistance.
- Security architecture, security tools, threat risk and privacy impact assessments, disaster recovery and business continuity planning, security practices, Public Key Infrastructure (PKI) and emerging technologies, to contribute to the development of operational policies and plans for I&IT security, and assess trends and impacts.
- Legislation, to ensure recommendations for I&IT security programs and operational policies are compliant, and provide input to development of corporate policies and procedures.
- OPS IT operating systems, hardware and software, to participate in the identification and assessment of security requirements and issues and the reduction of threats and risks.
- Current and emerging technologies and trends, best practices and industry developments, to conduct research, make recommendations, and participate in the review of products and tools.
- Policy and program development approaches and OPS decision making processes, to prepare options and recommendations in a manner that facilitate senior level decision-making.
- Research techniques, to conduct research and analysis of best practices in I&IT security , and to develop reliable program options.
- Project development and management techniques and tools to conduct research and analytical work.
- Oral and written communications, to prepare reports, submissions, briefing materials and correspondence.
- Common office computer applications, such as word processing, spreadsheets, project scheduling and internet, to research and prepare own materials.

Interpersonal / Influencing Skill :

- Presentation skills to provide information, options and recommendations to diverse audiences.
- Consultation skills to exchange information, discuss issues, gain support and liaise with other diverse stakeholders on security policy and operational matters.
- Conflict resolution and facilitation skills with policy/project teams, to identify potential issues, address conflicting concerns, and contribute to solution development.
- Advisory skills, to consult with Ministry and client managers on security practices and program options.

Analyzing / Problem Solving Skill :

Analyzing and problem solving skills to:
- Conduct research and analysis concerning the design of I&IT security policies and standards.
- Develop options and recommendations concerning security and privacy aspects of operational policy, security systems design criteria, and associated techniques.

Decision Making / Responsibility :

Responsible for:
- Providing accurate and timely research and analysis for new or improved security options, programs and tools within branch, ministry and government goals, objectives and IT strategic directions.
- Identifying and evaluating issues, trends and developments and their impact on security plans and policies; Has latitude to determine research and analysis material for management decision-making, develop I&IT disaster recovery plans for client business area and management.
Decisions are guided by corporate I&IT security strategy framework, corporate security policies, OPS administrative policies and procedures and industry I&IT trends and standards. Recommendations could impact on data integrity and system costs.

Contacts / Stakeholder :

- Ministry management/client managers, to gather information, consult and provide support, analyses and recommendations on general and specific security matters.
- Counterparts in other OPS organizations, to obtain input, share information and participate on I&IT policy/project teams.

Guidance / Supervision :

Provides assistance and guidance to others on security policy/program issues.

Demands / Pressures :

Work Demands :

Unexpected changes to deadlines; tight time pressures; conflicting work demands; immediate response to security alerts that often lead to unexpected work demands on short notice.

Mental / Sensory :

Frequent requirement to concentrate when reviewing and reading materials, attending meetings and assist with security alerts.

Conditions / Environment :

Work is performed in a typical office environment.