Job Title: IT Security Compliance and Risk Specialist
Non Union
Job Opening Id: 29580
# Required: 1
Business Unit: Corporate Services
Division: I.T. Solutions
Location: Headquarters Campbell West
Standard Hours: 35.00 / week
Full/Part Time: Full-Time
Regular/Temporary: Temporary
Salary Grade: 7
Salary Range: $ 85,770.00 - $100,910.00
Post Date: 2021-09-23
Close Date: 2021-10-06
Serving a diverse urban and rural population of more than 430,000, Niagara Region is focused on building a strong and prosperous Niagara. Working collaboratively with 12 local area municipalities and numerous community partners, the Region delivers a range of high quality programs and services to support and advance the well-being of individuals, families and communities within its boundaries. Nestled between the great lakes of Erie and Ontario, the Niagara peninsula features some of Canada’s most fertile agricultural land, the majesty of Niagara Falls and communities that are rich in both history and recreational and cultural opportunities. Niagara boasts dynamic modern cities, Canada’s most developed wine industry, a temperate climate, extraordinary theatre, and some of Ontario’s most breathtaking countryside. An international destination with easy access to its binational U.S. neighbour New York State, Niagara attracts over 14 million visitors annually, as well as a steady stream of new residents and businesses.
Please note that the Niagara Region requires that all newly hired employees are to be fully vaccinated against COVID-19 as a condition of being hired and provide proof of full vaccination, or provide proof of a bona fide medical or Human Rights Code exemption on a form issued from and approved by Niagara Region.
Approximate Duration: 24 months
Job Summary
Reporting to the Manager of Infrastructure, the IT Security Compliance and Risk Specialist is responsible for analyzing, interpreting and developing solutions and strategies to manage the internal and external IT security audits and assessments. Acting as the liaison between potential auditors and technical teams, this role collaborates with key stakeholder to identify risks and to ensure IT implemented solutions are compliant with corporate policies, regulations, and standards. The role is also responsible for monitoring remediation of audit findings up to completion, as well ensuring any mitigation strategies and security controls for all IT related findings are completed and documented.
The role will be pivotal in developing and conducting threat risk analysis for various initiatives at the Niagara Region. This includes conducting IT compliance reviews, such as user access reviews, risk assessments, control objectives monitoring, and vendor assessments. The position will also assist with procedural and policy generation, and be responsible for analyzing, interpreting and developing solutions and strategies to manage the internal and external IT security audits and assessments that they will be partaking in. The job also entails conducting phishing campaigns, and ensuring employee awareness and learning CBT’s are assigned as necessary.
Education
• Bachelor’s degree in Information Technology, Computer Science, related discipline or equivalent combination of education and experience.
Knowledge
• A minimum of 5 years of experience managing IT audits, risk and compliance is required preferably within the public sector or medium to large-sized organization;
• CRISC security certification through ISACA
• Addition Information security certifications (CISA, CISM, CGEIT, CISSP, CCSP or GIAC) are considered an asset
• Experience working with auditors and the evidence collection process;
• Knowledge of regulatory and industry standards such as ISO, NIST, COBIT, GDPR and other security frameworks;
• Understanding of information systems and networks and all areas of Information Security including data protection, incident management, and vulnerability management;
• Knowledge of development and management of business continuity and disaster recovery planning;
• Previous experience with IT systems threat/risk assessments, IT audits and regulatory compliance such as SOX and GDPR would be an asset;
• Experience with cloud security controls and administration would be an asset;
Responsibilities
Compliance and Risk Auditing. (50% of time).
• Assesses risks and internal control dependency on systems by identifying areas of non-compliance and evaluating risks related to key technology processes.
• Co-ordinates timely activities as it relates to internal, external and regulatory audit requests including SOX, SOC1, SOC2;
• Conducts and reviews business impact analysis, implements and coordinates disaster recovery planning and disaster recovery exercises where required;
• Conducts risk assessments and supports the stakeholders in determining the appropriate treatment of identified risks; identify appropriate action plans for risk remediation;
• Inventory, assess significance, assign accountability, and develop appropriate monitoring for the control environment;
• Conducts IT compliance reviews including user access reviews, risk assessments, control objectives monitoring, and vendor assessments;
• Liaises with Information Privacy Assessment Office and identify IT compliance requirements and assist with creation and maintenance and coordinate IT responses to regulatory audits;
• Works with and supports the development of the risk and compliance practice with IT management and the leadership team.
• Assists in the creation and maintenance of the information security risk register, audit requests, and vendor assessments
• Assist in gathering information asset inventory, including identification and valuation, including any strategies and methodologies around loss scenarios
• Leads complex analysis, develops and generates KRIs/KPIs, validates compliance and develops actionable recommendations.
• Stay abreast of current technologies, trends and directions, specifically around industry best practices and standard frameworks.
• Utilizes and maintains a depth of understanding for any applications and tools required for risk execution and reporting needs.
Development, administration, and implementation of IT risk policies, procedures, guidelines and standards (20% of time)
• Supports the stakeholders in understanding and applying IT risks, security best practices and processes framework;
• Performs consultation and development of the IT objectives and requirements of the risk program;
• Partners with IT managers and team members to ensure risk and compliance issues are identified, defined, communicated, and addressed.
• Provides effective mentoring and guidance to other IT personnel and may assist in developing policy, standards and procedures.
• Collaborates in change management communications and processes, with focus on facilitating risk and compliance training for all affected staff.
Information Security (20% of time)
• Conducts information systems controls assessments;
• Documents, tracks and investigates information security events, requests, and incidents;
• Implements and reviews information security policies, guidelines, procedures, training materials, awareness campaigns, internal bulletins and portal contents
Disaster Recovery & Business Continuity (10% of time)
• Business Continuity and Disaster Recovery program administration including conducting impact assessments, disaster recovery plans development and coordinating disaster recovery exercises
Special Requirements
• In accordance with the Corporate Criminal Record Check Policy, the position requires the incumbent to undergo a Criminal Records Check and submit a Canadian Police Clearance Certificate.
• Must maintain ability to travel in a timely manner to other offices, work locations or sites as authorized by the Corporation for business reasons.
• Regional staff strive to enable the strategic priorities of council and the organization through the completion of their work. Staff carry out their work by demonstrating the corporate values.
To view the full job description and requirements, visit our Careers page - Job Opening #29580
Uncover the wonder of the Niagara Region and join a team dedicated to meeting tomorrow’s challenges…..today!
Let us know why you would be an excellent team member by submitting your online application no later than October 6th, 2021 before midnight by visiting our ‘Careers’ page at https://www.niagararegion.ca/government/hr/careers/. We thank all candidates for their interest however, only those candidates selected for an interview will be contacted.