Job Specification

Purpose of Position :

To provide technical expertise and project leadership in the planning, development, implementation and management of systems, processes, and services to support the investigation and response to security incidents throughout the OPS through the Information Protection Centre (IPC).

Duties / Responsibilities :

Job requires:

1) Providing project leadership and technical expertise in the development, implementation and communication of corporate and Office of the Corporate Chief Information Officer IT systems, processes and services to ensure the integrity and protection of the OPS I and IT infrastructure.

2) Conducting and/or leading the research, analysis, and evaluation of leading edge intrusion systems, Web filtering, firewalls, and virus protection software; conducting feasibility and/or cost-benefit analysis studies for emerging technology solutions; preparing business cases and RFP's for the acquisition of new security products (e.g. anti-virus software, security devices, etc) for ITS Ontario and client ministries.

3) Providing technical expertise, consultation, training and advisory services to OCCIO and client Ministries on appropriate protective plans and responses to security incidents including: conduct of security audits, vulnerability assessments, threat/risk assessments, business impact analyses, security and contingency training, and education and awareness programs.

4) Providing specialized technical expertise in the monitoring of newly discovered vulnerabilities and assessing the risk posed to customers. Ensuring ongoing currency in knowledge of, and response to, increasingly sophisticated intrusion attempts against the OPS.

5) Leading a range of highly specialized and complex security development, enhancement, installation and maintenance projects to meet the diverse needs of clients within the OPS, Corporate, ITS, client ministry and broader public sector levels; determining resource requirements, developing activity plans and schedules, assigning work to project teams, which consist of staff from the Office of the Corporate Chief Information Officer, client ministries as well as external service providers; controlling project budgets and resources ensuring standard of work and proper quality control.

6) Developing and implementing marketing strategies, tools and resources to promote and communicate IPC's systems, services and processes to province wide clients and the broader public sector.

7) Provides technical expertise in the development, maintenance and enhancement of corporate security operating procedures standards and best practices

8) Obtaining security clearance from law enforcement agencies to plan, manage, support and operate sensitive but unclassified security systems. Liaising/networking with other information protection contacts including other provincial and federal governments and private sector agencies

Knowledge :

Job requires knowledge of:
- IT security and contingency principles, methodologies, mechanisms and techniques in order to provide
development, implementation and communication of corporate and Office of the Corporate Chief Information Officer's IT systems, processes, and services through the IPC to attempt to ensure the integrity and protection of the OPS I and IT infrastructure.
- security architecture analysis and design system development methodology and OPS information technology systems and environments including telecommunication systems and application processing systems in order to provide expertise in the development, implementation and support of security and contingency plans and mechanisms applicable to corporate, ITS and client ministry requirements.
- specialized security technology, systems, programs, products and tools, such as: mainframe security (e.g.) RACF and related technologies; operating system security UNIX, Windows and/or other operating systems as technology advances; firewalls, proxy servers, virtual private networks, routers, and certificate servers; Public Key Infrastructure products and services for various data encryption and digital signature implementations; Virus protection, security management and security monitoring/auditing tools; Intrusion detection technology, security threats and vulnerabilities, business resumption planning, contingency planning, disaster recovery planning, business impact analysis, risk management methodologies and data center/application contingency testing to provide a range of technical expertise, analysis and advice regarding the investigation and response to security incidents and the development of related systems and processes.
- content and application of legislation and directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act, Ministry of Government Services security directives and procedures, etc.) and client ministry policies and standards governing the use and acquisition of information technology in order to develop, implement and support the appropriate security and contingency measures, including but not limited to the acquisition of products and services, and the monitoring of technology upgrades and work of external service providers for adherence to security standards.
- project management techniques to plan and lead concurrent projects
- client ministries' business processes and requirements in order to provide specialized technical expertise in security and contingency solutions which promote government objectives and goals while meeting business needs of client ministries.

Job requires knowledge in the following technical areas:
• Mainframe security such as RACF and related technologies;
• Operating system security for UNIX, Windows NT, Windows 95 and/or other operating systems as technology advances;
• Network security mechanisms including but not limited to firewalls, proxy servers, virtual private networks, encryption routers, and certificate servers;
• Public Key Infrastructure products and services for various data encryption and digital signature implementations;
• Virus protection, security management and security monitoring/auditing tools;
• Intrusion detection technology, security threats and vulnerabilities,
• Security architecture analysis and design,
• Business resumption planning, contingency planning, disaster recovery planning, business impact analysis, risk management methodologies and data center/application contingency testing.

Skills :

Job requires:
- research and analytical skills to research, analyse and evaluate leading edge intrusion systems, web filtering, firewalls, and virus protection software for the acquisition of new security products for ITS and client ministries
- analytical and problem solving skills to conduct security audits, vulnerability assessments, threat/risk assessments, and business impact analyses, to assess security exposures and contingency issues and to recommend viable solutions.
- evaluating skills to monitor newly discovered vulnerabilities and viruses and assess risk to customers

Job requires:
- oral communication and interpersonal skills to provide specialized technical expertise and advice to ITS and ministry clients on appropriate protective plans and responses to security incidents and to provide training, education, and awareness programs.
- written communication skills to prepare reports, briefs and papers on security and contingency policies and standards, to prepare project findings and conclusions including assessment of technical and financial considerations, and to prepare business cases and RFP's.
- oral communication skills to explain security issues and technical solutions to both technical and non-technical personnel in Office of the Corporate Chief Information Officer and OPS ministries, to make
presentations to senior management (Office of the Corporate Chief Information Officer and client ministries) regarding proposals for security policies, standards, plans and implementations.

Job requires interpersonal skills to promote support for changes in security policies and standards among Office of the Corporate Chief Information Officer and client ministry managers, to present and discuss security issues (e.g. security exposures) with senior managers in client ministries to encourage support of recommended approach, and to negotiate acquisition of security technology products and services with vendors, within defined limits.

Freedom of Action :

Job works within government and ministry directives, policies, and guidelines relating to IT security and acquisition, and within recognized system development and management techniques and practices. Job is considered a technical expert on security and contingency issues within Office of the Corporate Chief Information Officer and the OPS. Job requires decision-making in leading projects for the development, implementation and communication of security and contingency systems, processes and services at the corporate and ITS levels. Job requires providing advisory services to Office of the Corporate Chief Information Officer and client ministries to identify security vulnerabilities and develop solutions, assessing advances in security technologies and methodologies and recommending changes and/or acquisitions. Job requires leading highly specialized and complex projects and external service providers participating on projects and advice on corporate security policies, best practices and procedures. Job refers to the Business Manager such problems and issues such as the lack of resources for projects, conflicts between client IT security plans and government strategic directions, the need for significant changes to corporate or Office of the Corporate Chief Information Officer security and contingency strategies and plans, and security violations, and incidents that warrant internal and/or external investigations.