AddressDescription
The Cybersecurity Awareness - Program Consultant in this role will serve as a subject matter expert and an advisor in security awareness program Working collaboratively with stakeholders and vendors in planning, preparing, and performing tasks and activities for the program
Accountabilities
- Participate in the courseware development process and ensure appropriate contents, quality, and timely delivery of the courses
- Raise situational awareness though reinforcement of education and foster a culture of behavior change towards secure handling of information systems and data
- Conduct simulated phishing exercises on a regular basis and take follow-up actions for managing clickers and repeat clickers
- Communicate security training and awareness related issues corporate wide by leveraging all types of communication channels
- Report results and metrics/measurements as related to the awareness program
- Assess effectiveness of the existing security awareness program and make recommendations for continuous improvements
- Assist in supporting other tasks and activities required by the team and Cybersecurity Awareness Program
- Identify potential cyber security risks and incidents by performing vulnerability assessments, coordinating with internal teams and stakeholders, and monitoring external events and security logs to help prepare for possible contingencies.
- Determine remediation options and recommend solutions by analyzing security test results, confirming the impact of security risks and validating baseline security configurations for operating systems, applications, networking tools, and telecommunications equipment to adequately mitigate cyber security risk for the .
- Provide support during and after critical systems experience breaches, outages, errors, or unexpected activities by creating security operations documents such as incident reports and collaborating with incident response leads and subject matter experts to consistently implement security incident response plans.
- Assist business groups as required, in defining and/or delivering security requirements, security design, security testing, and implementation support as well as in transitioning new security systems and devices from project to operations so that cybersecurity is strengthened throughout the organization.
- Provide guidance on the execution of cyber security related action items in IT projects by conducting compliance impact assessments and collaborating with project managers to ensure that projects apply cybersecurity best practices and comply with cybersecurity regulations and policy.
- Assist with creating and maintaining standards and guidelines by developing, tuning, and implementing threat detection analytics and reviewing existing security controls, event data, and other data sources to find opportunities to continuously improve security effectiveness and capability.
- Collaborate with CIP Policy Subject Matter Experts (SMEs), cybersecurity and safety teams, emergency management team, service providers, and security administrators to complete compliance sustainment activities including the preparation of detailed reports and the collection of audits supporting documents to monitor and assure the development, revision, and update of CIP compliance policies, processes, and procedures.
- (7) years of working experience in Information Technology with at least five (5) years in cyber security or equivalent.
- Bachelor's degree or technical diploma in Computer Science, Information Security, or equivalent
- Able to obtain a security clearance for a Security Sensitive Position classification
- Certificate in at least one of the following areas, an asset
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Penetration Tester (GPEN)
- Expert technical knowledge and working experience in the following areas:
- IT Processes
- Internet Policy Enforcement
- Network architecture
- Active Directory
- Log management
- Vulnerability scanning
- Penetration testing
- Auditing
- Configuration management
- Asset management
- Continuous monitoring
- Web Content Filtering
- Encryption and strong authentication
- • Security Technologies
- Intrusion Prevention/Detection (Network, Host, Wireless)
- Wireless Intrusion Prevention (WIDS)
- Security Information Event Management (SIEM) VPN
- Next Generation Firewall (NGFW) and Web Application Firewall (WAF)
- Database Activity Monitoring (DAM)
- Public Key Infrastructure (PKI)
- Data Loss Prevention (DLP)
- Identity and Access Management (IAM) solutions
- Industry standards
- ISO 270001/2
- National Institute of Standards and Technology (NIST)
- British Columbia's Freedom of Information and Protection of Privacy Act (BC FIPPA)
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
- Control Objectives for Information and Related Technologies (COBIT)
- Excellent communication skills for professional environment, written and spoken
- Candidates need to be in the lower mainland as they will be working out of the office
We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, please contact us at recruit@ianmartin.com
We encourage all qualified candidates to apply; however, only those selected for an interview will be contacted.
#WES
