Job Specification

Purpose of Position :

To provide forensics expertise on an enterprise wide basis in the area of forensics and to project lead the conduct of investigations, forensic audits and reviews of sensitive, contentious situations, potential risks or allegations related to fraud and dishonesty related to the OPS province-wide I and IT infrastructure and information resources, and the investigation and response to OPS I and IT infrastructure and networks security incidents.

Duties / Responsibilities :

Within the branch responsible for the development and marketing of information technology security policies and technologies and the provision of expertise to ensure Ontario Government corporate security, the position:
1. Provides forensics expertise and consultative advice to branch colleagues and client ministries on IT security fraud principles and practices to ensure the confidentiality, integrity, availability and protection of information assets of client ministries and compliance with legislative requirements, MGS directives, ministry architectures, and industry best practices.
2. As a technical resource, works with I and IT management, information, application and technology architecture staff, business clients, development and technical staff, advises on major IT fraud and control related issues. Alerts management to control issues requiring expeditious action.
3. Provides project leadership, coordination and/or participation in the conduct of investigative forensic analysis projects involving such matters as security breaches, misuse of government IT assets involving multiple purposes and systems across the Ontario Public Service. Determines project scope, establishes critical success factors, oversees project budgetlresources, assigns work to project teams, monitors project milestones and deliverables, and performs quality control to ensure optimum work within quality professional investigative standards.
4. Provides technical expertise, training, and advisory services in fraud management, the development of tools, techniques and processes to manage exposures, and consultation on related government IT fraud policies. Develops and/or recommends detection procedures and techniques to proactively identify areas of possible fraudulent activity.
5. Conducts a variety of investigations across the OPS. Assesses client ministry vulnerabilities and exposures to dishonesty and fraud. Develops appropriate options and recommendation for corrective actions. Implements proactive strategies to assist the government in detecting and deterring ethical misconduct. Works with law enforcement on the particulars, evidence, or conclusions regarding any investigation or potential investigation that has criminal ramifications.
6. Develops, updates and maintains corporate IT policies, standards, templates, techniques and guidelines pertaining to the investigation of IT fraud in the OPS involving the creation, collection, storage, access/security, retrieval and disposition of government I&IT assets and development of security components to maximize the protection of the corporate environment.
7. Prepares formal investigative reports, briefing notes, memoranda and analytical summaries for senior management. Presents findings and gives evidence before quasi-judicial and judicial proceedings, as necessary, in an objective and professional manner.
8. Serves on committees reviewing and/or evaluating forensic methodologies, security technology and techniques; consults with/advises client groups on methodology use and application. As required, represents the OPS as a member of national or international standards bodies (e.g. ISO 17799) to assist in the identification of necessary areas of standardization, recommends approaches to achieving standardization.

Knowledge :

Position requires knowledge of IT security methodologies, tools, techniques, security design and architecture, threat/risk concepts and practices, Public Key Infrastructure (PKI), mainframe security (e.g. RACF) and emerging technologies, with specialized knowledge and skills in information technology forensics and related professional standards to provide technical consulting expertise in the conduct of investigations and to act as a technical resource to I and IT management and colleagues. Knowledge of privacy and program legislation and ministry business/processes/requirements to investigate IT security fraud and dishonesty and to recommended solutions which conform to corporate I&IT plan and investigation principles and standards. Knowledge of fraud related law, rules of evidence, judicial/quasi-judicial processes, criminology in order to apply such knowledge in dealing with sensitive situations. Knowledge of micro/personal computer system technologies, an understanding of operating systems, programming languages and database management using mainframe/minicomputer, to design, analyze and maximize security investigation capabilities. Knowledge of project methodology and project leadership skills to provide project planning and leadership on concurrent projects including cross government projects and to manage deadlines and competing priorities. Knowledge of emerging land IT trends, best practices and developments to provide input to the selection and use of forensic methodologies, security technology and techniques and to evaluate new products and forensic security tools. Strong relationship building skills to initiate and nurture strong working relationships with colleagues throughout the Division, ministry and OPS and external stakeholders to work cooperatively with all stakeholders to meet mutual goals and to act as a trusted advisor and to support and lead cross government projects. Excellent mediation, negotiation, and facilitation skills to lead/participate on project and work teams and to apply impact and influence and persuasive techniques to adapt a presentation or discussion to appeal to the interest and level of others. Excellent oral communication, consultative and advisory skills to act as a technical resource and provide expertise and advice to ongoing contacts. Excellent written communication skills to prepare investigative reports with detailed findings and recommendations, draft strategies, policies, standards, templates and related technical materials.
Thorough knowledge of internal OPS WDHP and COl policies as well as a good understanding of Labour Relations principles and practice.

Judgement :

Position works under the general direction of the Manager, IT Security Operations and the technical leadership of the Forensics Coordinator. Broad guidelines are available in professional forensics standards for the conduct of IT investigations and within Corporate I and IT Security Strategy, corporate security policies and industry, I and IT trends and standards. Position exercises judgement in acting as a technical resource to branch colleagues and client ministries on major IT fraud related issues related to risks to the confidentiality, integrity, availability and protection of information assets of client ministries. Position exercises initiative and judgement in balancing the needs and priorities of ministries with the government's overall corporate I and IT strategic directions as well as the ongoing conflicting priority demands of various concurrent cross government projects; in investigating such matters as security breaches, misuse of government IT assets involving multiple purposes and systems across the Ontario Public Service and in identifying those issues within the control of the client and those issues which need to be raised to a ministry, corporate, or law enforcement level. Judgement is required in determining investigative strategies that will yield timely, responsible, informed, and useful information, in weighing evidence, determining the facts and circumstances of situations, and developing appropriate conclusions for action by senior management. Judgment is exercised in leading projects to identify security mechanisms to mitigate identified risks to an acceptable level and in recommending approaches which may involve investment of millions of dollars in IT infrastructure for the protection of information and information technology assets. Position also exercises judgement in representing the OPS on national and international standards bodies to assist in the identification of necessary areas of standardization, recommend approaches to achieving standardization.

Accountability - Programs :

Provides forensics expertise and consultative advice to branch colleagues and client ministries on IT security fraud principles and practices to ensure the confidentiality, integrity, availability and protection of information assets of client ministries and compliance with legislative requirements, MBS directives, ministry architectures, and industry best practices. Project leads and coordinates the conduct of investigations, forensic audits and reviews of sensitive, contentious situations, potential risks or allegations related to fraud and dishonesty related to the 01'S province-wide I and IT infrastructure and information resources, and the investigation and response to OPS I and IT infrastructure and networks security incidents, Develops, updates and maintains corporate IT policies, standards, templates, techniques and guidelines pertaining to the investigation of IT fraud in the OPS

Accountability – Personnel :

Leads assigned project and/or work leams. Oversees planning of resources. assignment of projecL tasks. monitoring of project progress and review of work to ensure standards are met.

Accountability - Finance and Materials :

Administers assigned project budgets.

Accountability - Impact of Errors :

Ineffective forensics advice and conclusions could result in civil lawsuits and poor decisions which would have an adverse and critical impact on the Government of Ontario's security program and governance framework

Position requires a security clearance.

Contact - Internal :

Frequent contact with branchldivision/OPS colleagues 10 provide expertise as a technical resource in forensics and investigations and to provide expertise and advice on control systems and procedures; with Legal Services branch to discuss findings requiring legal action. Frequent contact with OPS Human Resources and Labour Relations as well as Privacy officials to discuss the scope and parameters of internal investigations.
Participates/leads ministry and inter-ministerial committees to review and/or evaluate new products and security tools.

Contact - External :

Regular contact with the OPP, RCMP to discuss investigations requiring legal action; with counterparts in the Federal and municipal governments to collaborate on efforts, exchange information; with vendors, agencies, private sector companies such as banks to discuss investigations.