Sr. Security Consultant

Toronto or Kingston, ON M2M4K5

Posted: 06/11/2018 Category: Security Specialist Job Number: 12953

Position: Security Consultant/Architect 

Duration: 13  months(contract)

Location: Toronto or Kingston




Deliver an information technology (IT) solution that addresses the business challenges facing the current system.

Provide security design, implementation and operational support for system  security technologies and processes. As a member of the project team, this person will provide defense-in-depth security support throughout the life of the engagement.

-Work with solution leads and stakeholders to identify and manage information security standards, privacy legislation, compliance and business risks

-Recommend platform security controls for internet-facing, cloud-hosted application compliant with relevant Government of Ontario Information Technology Standards

- Recommend incident management practices to ensure that all security incidents and privacy breaches are identified, that remediation plans are developed and implemented, and that regular reports are made to senior management

- Provide support to implement security technologies effectively such as firewalls, intrusion prevention systems, log correlation, data encryption and audit management systems

- Provide support to carry out security vulnerability assessments and penetration testing - Define policies and procedures to address and remediate risks

- Identify security and privacy risks associated with proposed changes to the delivery of health solutions, or to the collection, use, and disclosure of health information

- Manage information security and privacy risks using continuous improvement methodologies;

- Support projects to ensure compliance with security and privacy best practices, such as Government of Ontario Information Technology Standards (GO ITS), ISO 27000 series, Personal Health Information Privacy Act (PHIPA), Freedom of Information and Protection of Privacy Act (FIPPA), and the 10 privacy principles of Personal Information Protection and Electronic Documents Act (PIPEDA)

- Manage the security architecture to ensure appropriate security controls are built in during development or deployment of technology and business solutions - Work with stakeholders to provide security and privacy awareness, and ensure knowledge is transferred to all groups, including technical support, application support and business users

- Implement and maintain a security and privacy audit management program/framework

- Manage and/or conduct risk assessments as required based on using industry proven methodologies

- Contribute specific security design requirements for each iteration

- Recommend/demonstrate secure coding techniques

- Propose viable approaches to address results of vulnerability assessment and penetration test weaknesses

- Detect/prevent common programming issues that cause vulnerabilities (for examples see Open Web Application Security Project (OWASP) Top 10

- Performing detailed threat modelling and perform rigorous objective/independent reviews

- Document a set of security requirements (e.g. in the form of a template or a predefined list) that will be common to iterative development projects

- Providing advice on how to avoid common programming issues that cause vulnerabilities (for examples Open Web Application Security Project (OWASP) Top 10 and CWE/SANS 25).

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.