Cybersecurity Consultant 5987

Description :

The Specialized IT Consultant, Level 3, role requires extensive knowledge and experience with both cyber security and privacy controls to reduce the impact of evolving cyber threats in the Ontario K-12 school board environment. This resource is responsible for, but not limited to:

• Performing cyber security and privacy assessments to identify vulnerable areas of the K-12 school boards including:
• Threat risk assessments
• Cyber security and risk assessments
• Privacy impact assessments
• Developing school board-specific, prioritized action and remediation plans to support K-12 school boards in improving their cyber resilience and risk posture.
• Providing hands-on subject matter expertise and implementation guidance to support enhancements of cyber protection for K-12 school board networks, including improvements recommendations in:
• Cyber security
• Privacy protection for minors
• Providing subject matter expertise and advice in improving cyber protection processes, including supporting the development of cyber security standards for K-12 school boards.
• Providing guidance for mitigation strategies following root cause analysis of security or privacy breaches in the K-12 school board networks.
• Providing subject matter expertise, guidance and support to K-12 school boards cyber security personnel by producing risk logs, and proposing remediation actions.
• Presenting to various stakeholders, as needed.
• Delivering on other duties as assigned.
• Providing status and project status reports on all other deliverables assigned.

This work involves working in close partnership with the K-12 education sector. The resource may need to travel the same day or overnight in Ontario.

Requirements :

Cyber Security and Privacy – 55%

• 10+ years’ experience with cyber security processes and regulations, and standards, preferably for the public sector or broader public sector
• 10+ years’ experience with cyber security and privacy audits and assessments including:
• Threat risk assessments
• Cyber security assessments
• Privacy impact assessments

• 10+ years’ experience producing cyber security and privacy risk logs and preparing risk remediation plans, preferably for the public sector or broader public sector
• 10+ years’ experience applying cyber security industry frameworks such as NIST CSF v1.1, COBIT, CIS Controls v8 and ISO 27001
• Knowledge of the new draft NIST Cyber Security Framework v2.0

• 10+ years of demonstrated experience applying privacy frameworks such as the NIST Privacy Framework, ISO/IEC 27701
• Excellent knowledge and exposure to Internet of Things (IoT) security issues
• Excellent knowledge of Ontario, federal and international privacy laws applicable to the Ontario K-12 sector (such as Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Canadian Privacy Act, General Data Protection Regulation (GDPR) etc.)

Communication Skills and Experience – 25%

Strong communication skills as demonstrated through:

• 10+ years’ experience in effectively presenting to management teams and external stakeholders
• 10+ years’ experience in preparing written materials (e.g., security and privacy reports, status reports, recommendations, briefing notes)

Industry Certifications / Relevant Degrees – 15%

• Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))
• Privacy certification is mandatory (Certified Information Privacy Professional (CIPP))

Public Sector Experience – 5%

• 5+ years’ hands-on experience working with Ontario’s public sector or Ontario’s broader public sector
• Applied experience with Ontario’s cyber security standards. The security standards (GO-ITS 25.X) can be found on the Government of Ontario information technology standards website: https://www.ontario.ca/page/information-technology-standards#section-6.