Cyber Security Advisor

Role: Cyber Security Advisor
Start date: June 3, 2024
End date: December 31, 2026
Location of Work (Address or City, Province): Halifax, NS
Remote Work be considered? Yes – Remote OK – may be required on site for 1 week every 2 months
Description: Practicing and implementing cyber security principles based on industry best practices and the risk management framework.

Responsibilities

• Implementation activities include meeting with internal/external stakeholders and clients, conducting workshops, developing document deliverables and preparing/distributing communication material.
• Acquiring technology tools (software, hardware and/or services) by evaluating business needs, assessing available alternatives, and recommending the preferred approach. They will inform and advise the procurement process, including documenting business/technical requirements, preparing Request for Information/Proposal (RFI/RFP) documents, RFP responses and making final selection.
• Creating or updating documentation based on identified cyber security risks and controls and disseminating it.
• Lead and participate in multi-disciplined teams with accountability for scope, communications, and control procedures.
• Translate the business impacts of cyber security requirements to a range of stakeholders in multiple digital service areas and help with the understanding of the cyber security risk.
• Act as an internal consultant to provide expert advice, coaching and mentoring on up-to-date cyber security and risk management methodologies and tools to the program team, business partners, and the vendors.
• Create cyber security documentation, define cyber security key performance indicators, and report on them.
• Create training and awareness elements that periodically educate pertinent internal and external stakeholders on the relevant cyber security risk management standards and processes.
• Monitor the key goals and metrics around cyber security risk management.
• Determine how deviations or problems will be identified, tracked, and reported for remediation by:
• Reporting governance/risk management issues to leadership team, Cyber Security and Enterprise Risk (CSER) division at CSDS, as well as the steering committee or advisory board.
• Monitoring of risk mitigation goals and metrics against targets and review progress with key internal and external stakeholders.
• Identify and collect relevant data to enable effective cyber security-related risk identification, analysis and reporting by:
  • Developing and implementing cyber security control monitoring measures to ensure risks are managed to the appropriate level of acceptable residual risk.
  • Analyze risks and develop a substantiated view on actual cyber security risk, in support of risk decisions by:
  • Conducting risk assessments, including managing the oversight of and/or performing technical risk assessments; managing information asset and application risk assessments; conducting risk reviews for new applications; and managing third-party risk assessments.
  • Coordinating information security and risk management project related work with NSH, IWK, CSDS, vendors, and other stakeholders.
  • Coordinating audit-related tasks such as ensuring the readiness for audit testing and facilitating the timely resolution of any audit findings.
  • Communicate information on the current state of cyber security-related exposures and opportunities in a timely manner to all required stakeholders for appropriate response by:
• Reviewing risk assessments and analyzing the effectiveness of cyber security control activities and reporting on them -with actionable recommendations - to the senior leadership.

Mandatory Skills and Experience

• Completion of a University Degree or equivalent education, training, and experience in a relevant discipline such as Computer Science, Computer Engineering, or Information Security.
• 5+ years of experience in cyber security in health sector with a focus on technical security architecture.
• Minimum 3 years' experience in cyber security architecture.
• Experience as a Cyber Security Lead on major projects.
• Working knowledge and experience of cyber security framework and industry standards, such as NIST CSF, NIST 800- 53, CIS, ISO27000 and Payment Card Industry regulations (PCI DSS).
• Advanced knowledge and technical security expertise around IT networks and infrastructure, applications, servers, end points, loT/OT, cloud infrastructure and services etc.
• Experience working within and across remote teams, inter- and intra-organizationally.
• Proven ability to deliver on-time.

Desirable Skills and Experience

• Certifications such as CISSP, CISA, CISM, TOGAF, SABSA, ITIL, ISO27001 /2 or equivalent designation(s) is considered an asset.
• Preference given to candidates with the above qualifications with experience in a Nova Scotia or Canadian context.