Security Specialist - Threat Risk Assessment
Our client is a high-profile Public Sector organization located in downtown Toronto. They are seeking the services of a Threat Risk Assessment Consultant / Security Consultant to conduct assessments on several systems. This role will last between 3-12 months (depending on specific experiences and related proficiency).
1. Have you recently authored at least two comprehensive Threat Risk Assessment Reports (TRA)?
2. Do you possess at least two, commonly recognized security-related certifications (e.g. CISSP, CRISC, CISA or similar)?
Targeted Qualifications and Experience:
· Currently a holder of two (2) or more security industry specific certifications such as, but not limited to, CISSP, CRISC, CISA
· Knowledge of Formal Threat Risk Assessment (TRA) approaches such as Harmonized Threat and Risk Assessment (HTRA) methodology
· Experience in delivering written TRA reports;
· Knowledge of identifying assets and risks relating to work management systems, cloud computing, IT/Business processes;
· Demonstrated experience conducting TRAs on complex projects in the public sector;
· Minimum of six years of experience in the information security and/or risk management field;
· Extensive experience applying information security policies, best practices, standards and security controls within an environment such as COBIT, ISO27001;
· Minimum of two years' experience identifying assets and valuation, preparing statement of sensitivity, creating threat assessment tables, vulnerability assessment tables, assessing residual risk and providing recommendations relating to TRA;
· Demonstrated ability to engage stakeholders, consult and manage issues;
· Superior written and oral communication skills with technical and business audiences;
· Timely with deadlines, team player and organized as well as able to conduct information gathering sessions and interviews with stakeholders;
· Demonstrated understanding of technical and non-technical vulnerabilities
· Knowledge of Information Technology concepts and processes (Such as Cloud, SaaS) that impact the protection of personal information, including (but not limited to) internet tools, system interfaces, information security, information architecture and data flows.
· Well-developed research, analytical and problem-solving skills;
· Understanding of vulnerability assessments and penetration testing lifecycle;
· Understanding of Risk remediation and risk treatment.
If you are qualified and interested in this high-profile assignment, that will likely be referenced on your resume for years to come, please send your resume today!