Threat, Risk Assessment and Pentest Advisor

Role: Threat, Risk Assessment and Pentest Advisor
Start date: June 12, 2024
End date: March 31, 2025
Duration: 1,567.50 billable hours
Location of Work (Address or City, Province): Halifax, NS
Remote Work be considered? Yes

Description
One of our clients is looking for a Threat, Risk Assessment and Pentest Advisor to work on a major initiative. 

Responsibilities

• Ensure alignment with corporate Cybersecurity best practices and guidelines.
• Plan, coordinate, organize and facilitating workshops to identify and assess threats/vulnerabilities/controls against service assets
• Participate in workshops to elicit, document, and prioritize related tasks and projects
• Review/analyze results from other available and relevant Threat and Risk Assessments (TRAs) or security scans, conducted as part of the TRA deliverable.
• The TRA vendor determines if the specific control found within the ‘GNS TRA NIST Checklist’, relative to the specific control baseline, is satisfactory. If the specific control is not evaluated as satisfactory, then it is carried over and documented as a risk within the TRA template.
• Immediate notification to application owner(s) of any identified critical cybersecurity risk against any digital service as soon as identified while the TRA is in progress.

Knowledge and Experience

• Must have an up-to-date familiarity and experience in NIST Recommended Security Controls for Federal Information Systems and Organizations (800-53 – version 5) in conducting or participating in assessing digital services.
• Must have three or more (3+) years of experience in managing large initiatives, group facilitation, gaining consensus and information gathering and consolidation as well as engaging stakeholders in security assessments.
• Experience in conducting TRA’s for large scale organizations not less than 3000 employees.
• Demonstrate a minimum of 8 years of IT related experience within one or more of
  the following fields:
  • Cybersecurity and Risk Management assessment methodologies.
  • IT Infrastructure/Networks.
  • Identity, Credential and Access Management.
  • Application Design/Development/Testing.
  • Enterprise Architecture.
  • Privacy.
  • Telecommunications.
  • SaaS, IaaS and PaaS Digital Service Delivery Models.
• Experience with ISO/IEC 27001:2013 Information security management systems (ISMS) framework.
• Experience performing intrusion and penetration testing.
• Have strong writing skills to produce accurate and comprehensive documentation.
• The Penetration Tester resource will use industry best-practice methodologies and tools to identify, analyze, evaluate and document Penetration Testing risks to the departmental service/project.
• The resource will review/analyze results from other available and relevant Penetration Tests or security scans conducted as part of the project or as part of a solution provided.
• The resource will identify the specific PNS function responsible for remediation.