Senior IT Forensic Specialist

---

Job Summary:

To provide specialized expertise on an enterprise wide basis in the area of IT forensics. This includes project management of complex IT investigations, forensic audits and reviews of contentious situations, allegations of fraud, dishonesty and inappropriate use related to the WSIB IT infrastructure and information resources. To provide support and expertise on investigation and response to network security incident and threat to the WSIB I and IT infrastructure. To perform vulnerability assessments and penetration testing where required.

---

About the job

1. IT Forensic Investigations
• Conduct and provide senior expertise on a variety of IT investigations across the WSIB. This includes evidence collection, chain of custody, analysis, data and information recovery and disposal. Prepare formal investigative reports, briefing notes, memoranda and analytical summaries for senior management. Present findings and give evidence before quasi-judicial and judicial proceedings, as necessary, in an objective and professional manner.
• Conduct sensitive HR related IT investigations and prepare formal report for bargaining unit and senior management.
• Provide IT forensics expertise and consultative advice to colleagues and client groups on rules of evidence, relevant legislation, investigation best practices and technologies.
• Assess client vulnerabilities and exposures to data breaches as a result of dishonesty and fraud. Develop appropriate options and recommendations for corrective actions and strategies to assist in the detection and deterring of ethical misconduct. Works with law enforcement on the particulars, evidence, or conclusions regarding any investigation or potential investigation that has criminal ramifications.
• As a technical resource, work with I and IT management, technology, application development and architecture staff as well as business and HR clients to advise on major IT fraud and control related issues.

2. Network IT Forensic Investigations
• Investigate and assess the nature and scope of network breaches and assist with the recovery of critical systems and data. Review procedures for response, recovery, and restoration, and recommend enhancements.
• Responsible for investigating and finding vulnerabilities in the WSIB IT network and developing recommendations for how to minimize these vulnerabilities. Perform post incident investigation to determine cause and develop strategies for future mitigation.
• Conduct formal penetration and vulnerability assessments on applications networks, and other types of computer systems on as required. Conduct physical security assessments of servers, computer systems, and networks.
• Evaluate and provide expert advice on response procedures to identify, assess, and properly address threats and/or recover from an incident.

3. Project Management and Leadership
• Provide project leadership and coordination for investigative forensic analysis projects involving such matters as security breaches, misuse of IT assets or information involving multiple purposes and systems across the WSIB network. Provide leadership and advice on eDiscovery initiatives resulting from FOI and legal disclosure requests.
• Plan, design, obtain approval and implement security architectures, procedures and technologies that will enable efficient investigative practices.

4. Communications, Negotiation and Advisory
• Develop, update and maintain corporate IT policies, standards, templates, techniques, processes and guidelines pertaining to IT investigations at the WSIB.
• Provide technical expertise, training, and advisory services in fraud management, the development of tools, techniques and processes to manage exposures, and consult on related IT fraud policies. Develop and/or recommends detection procedures and techniques to proactively identify areas of possible fraudulent activity.
• Serve on committees reviewing and/or evaluating forensic methodologies, security technologies and techniques. As required, represent the WSIB at national or international standards bodies to assist in the identification of necessary areas of standardization of investigative best practices.

5. IT Security Incident Management
• Respond to IT security incidents by providing detailed analysis and expertise, explaining technical issues, identifying alternatives, providing and recommending solutions to help protect confidential data and the critical resources that processing the data.
• Monitor and protect the integrity of the information and electronic infrastructure by staying current with advanced technical skills and knowledge in order to respond to the increasing sophisticated intrusion attempts.
• Lead resolution of security breach issues such as internet security, application security and major access issues, with 3rd party vendors.

---

What you bring to the team

Job Requirements:

1. Education (Level and Specialty / Discipline):
• College Diploma in a Computer Science or equivalent experience

2. Experience (Years of Related Experience and Type of Experience):
• 4-7 years' experience in IT Security, 3 of which must be conducting/leading IT forensic investigations

3. Technical or Professional Qualifications or Certifications/Designations:
• Experience using commercially available IT forensic analysis technology e.g.: EnCase, AccessData

---

Additional information:

Note:

• This posting is for an organization that is not a part of the Ontario Public Service. The information and tips on the Ontario Public Service Careers website may not apply to this posting. Please use the contact information below to contact the organization directly if you have questions.

---

Language requirements and assessment:
All external Ontario Public Service (OPS) job ads are posted in English and French. Check the "position(s) language" section at the top of each job ad for the language requirements. For all roles, candidates are assessed in English, the business language of the OPS. If the position is bilingual (English/French), you'll also need to pass a French-language proficiency test.

Exigences en matière de langue et évaluation:
Toutes les offres d'emploi externes de la fonction publique de l'Ontario (FPO) sont affichées en français et en anglais. Consultez la section « Langue du ou des postes » en haut de chaque offre d'emploi pour connaître les exigences linguistiques. Pour tous les postes, les candidats sont évalués en anglais, la langue d'affaires de la FPO. Si le poste est bilingue (anglais/français), vous devrez également passer un test de compétences linguistiques en français.

All external applicants (including former employees of the Ontario Public Service) applying to a competition in a ministry or Commission public body must disclose (either in the cover letter or resume) previous employment with the Ontario Public Service. Disclosure must include positions held, dates of employment and any active restrictions as applicable from being rehired by the Ontario Public Service. Active restrictions can include time and/or ministry-specific restrictions currently in force, and may preclude a former employee from being offered a position with the Ontario Public Service for a specific time period (e.g. one year), or from being offered a position with a specific ministry (either for a pre-determined time period or indefinitely). The circumstances around an employee's exit will be considered prior to an offer of employment.

Information collection notice

We are collecting your personal information to assess how well you meet the qualifications for employment with the Ontario Public Service, and for related recruitment purposes. The collection of personal information is necessary to the proper administration of OPS Careers, which is an authorized common service in accordance with s. 6 of the Ministry of Government Services Act, R.S.O. 1990, c. M.25.

Please do not include any more personal information than is needed for your application (for example, do not include your photograph or social insurance number).

If you have any questions about how your information is collected, used, shared or saved, please contact us.