Senior Specialist Risk Management- Confirmation Program

JOB SUMMARY:

To support the Manager of Cyber Compliance and the Chief Information Security Officer (CISO) in maintaining a City-wide cyber security program that enhances protection across the organization. The role includes conducting comprehensive cyber security compliance assessments across the City’s divisions and its agencies and corporations, identifying potential vulnerabilities, gaps in cyber security posture, and areas of non-compliance. The aim is to strengthen the overall cyber security posture by identifying and assessing cyber risks and providing recommendations across all City-managed entities.

MAJOR RESPONSIBILITIES:

• Conduct cyber security compliance assessments of City’s divisions, agencies & corporations.
• Participate in regular cyber security compliance reviews to assess and improve the City’s cyber security posture.
• Contribute to the development of Cyber Compliance Program, IT & OT methodologies, and processes for improving cyber security assessments.
• Assess IT and OT systems, networks, and applications to identify potential vulnerabilities, risks, and areas of improvement.
• Evaluate security frameworks, policies, and controls against industry standards and regulatory requirements (e.g., NIST, ISA-62443, etc).
• Prepare detailed reports documenting findings, including identified vulnerabilities, risks, and recommendations for mitigation strategies.
• Work closely with business, OT, IT, network security, and other stakeholders to ensure cyber security practices are integrated into systems and projects.
• Assist with preparing compliance documentation including Risk Treatment Plan for reviews.
• Test and validate cyber security controls such as firewalls, encryption, access controls, and intrusion detection/prevention systems (IDS/IPS) for effectiveness.
• Recommend improvements to the cyber security posture based on test results.
• Provide expert guidance on cyber security best practices, risk management, and threat mitigation to internal teams and management.
• Document assessment processes, findings, and remediation steps in clear, concise, and comprehensive reports.

QUALIFICATIONS/CERTIFICATIONS:

• Post-secondary degree or diploma in Engineering or Technology or a related discipline.
• A minimum of 6-8 years hands-on experience with securing IT and OT domains in Government jurisdictions and/or large private sector organizations.
• Strong foundational Operational Technology, IT, and cyber security knowledge.
• Extensive experience with Industrial Control Systems, PLCs, and SCADA Systems.
• Technical expertise in IT/OT integration and convergence.
• Expertise in security protection solutions including firewall, intrusion detection and protection systems, web application firewalls, anti-virus, and security monitoring solutions.
• Cyber Certifications are an asset such as CISSP, CCSP, CISM, ISA, GIAC, GRID.
• Experience with Incident Response planning in IT and preferably OT environments.
• Strong proficiency in MS Office specifically MS Visio, Excel, PowerPoint, Project, SharePoint.

SKILLS:

• Assess, review, and make recommendations to improve secure network architecture and technology roadmaps.
• Prepare reports and presentations for all levels of management and stakeholders.
• Provide input to Cyber Governance artifacts (policies, standards) and practices applicable to OT and IT environments.
• Track cyber risks, suggest recommendations, and maintain Risk Treatment Plan with assignment, due date, etc., for remediation of cyber risks in City environments.
• Other duties/deliverables as assigned for cybersecurity governance and compliance.
• Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership, and vendors).
• A creative, critical, and strategic thinker.
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Excellent problem-solving skills with capability to identify…