View all jobs
RQ05555 - Specialized IT Consultant - Senior
Toronto, ONThe Specialized IT Consultant, role requires extensive knowledge and experience with both cyber security and privacy controls to reduce the impact of evolving cyber threats in the Ontario K-12 school board environment. This resource is responsible for, but not limited to:
Cyber Security and Privacy
Communication Skills and Experience –
Strong communication skills as demonstrated through:
Industry Certifications / Relevant Degrees –
Must-have:
Cyber Security and Privacy
· 10+ years’ experience with cyber security and privacy audits and assessments including:
o Threat risk assessments
o Cyber security assessments
· 10+ years’ experience producing cyber security and privacy risk logs and preparing risk remediation plans, preferably for the public sector or broader public sector
· 10+ years’ experience applying cyber security industry frameworks such as NIST CSF v1.1, COBIT, CIS Controls v8 and ISO 27001Industry Certifications / Relevant Degrees
· Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))
Nice-to-have:
Cyber Security and Privacy
· 10+ years’ experience with cyber security and privacy audits and assessments including:
o Privacy impact assessments
Industry Certifications / Relevant Degrees
· Privacy certification is preferred (Certified Information Privacy Professional (CIPP))
- Performing cyber security and privacy assessments to identify vulnerable areas of the K-12 school boards including:
- Threat risk assessments
- Cyber security and risk assessments
- Privacy impact assessments
- Developing school board-specific, prioritized action and remediation plans to support K-12 school boards in improving their cyber resilience and risk posture.
- Providing hands-on subject matter expertise and implementation guidance to support enhancements of cyber protection for K-12 school board networks, including improvements recommendations in:
- Cyber security
- Privacy protection for minors
- Providing subject matter expertise and advice in improving cyber protection processes, including supporting the development of cyber security standards for K-12 school boards.
- Providing guidance for mitigation strategies following root cause analysis of security or privacy breaches in the K-12 school board networks.
- Providing subject matter expertise, guidance and support to K-12 school boards cyber security personnel by producing risk logs, and proposing remediation actions.
- Presenting to various stakeholders, as needed.
- Delivering on other duties as assigned.
- Providing status and project status reports on all other deliverables assigned.
Cyber Security and Privacy
- 10+ years’ experience with cyber security processes and regulations, and standards, preferably for the public sector or broader public sector
- 10+ years’ experience with cyber security and privacy audits and assessments including:
- Threat risk assessments
- Cyber security assessments
- Privacy impact assessments
- 10+ years’ experience producing cyber security and privacy risk logs and preparing risk remediation plans, preferably for the public sector or broader public sector
- 10+ years’ experience applying cyber security industry frameworks such as NIST CSF v1.1, COBIT, CIS Controls v8 and ISO 27001
- Knowledge of the new draft NIST Cyber Security Framework v2.0
- 10+ years of demonstrated experience applying privacy frameworks such as the NIST Privacy Framework, ISO/IEC 27701
- Excellent knowledge and exposure to Internet of Things (IoT) security issues
- Excellent knowledge of Ontario, federal and international privacy laws applicable to the Ontario K-12 sector (such as Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Canadian Privacy Act, General Data Protection Regulation (GDPR) etc.)
Communication Skills and Experience –
Strong communication skills as demonstrated through:
- 10+ years’ experience in effectively presenting to management teams and external stakeholders
- 10+ years’ experience in preparing written materials (e.g., security and privacy reports, status reports, recommendations, briefing notes)
Industry Certifications / Relevant Degrees –
- Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))
- Privacy certification is mandatory (Certified Information Privacy Professional (CIPP))
Must-have:
Cyber Security and Privacy
· 10+ years’ experience with cyber security and privacy audits and assessments including:
o Threat risk assessments
o Cyber security assessments
· 10+ years’ experience producing cyber security and privacy risk logs and preparing risk remediation plans, preferably for the public sector or broader public sector
· 10+ years’ experience applying cyber security industry frameworks such as NIST CSF v1.1, COBIT, CIS Controls v8 and ISO 27001Industry Certifications / Relevant Degrees
· Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))
Nice-to-have:
Cyber Security and Privacy
· 10+ years’ experience with cyber security and privacy audits and assessments including:
o Privacy impact assessments
Industry Certifications / Relevant Degrees
· Privacy certification is preferred (Certified Information Privacy Professional (CIPP))