Senior Specialist- Cyber Architecture

OB SUMMARY:To support the execution of the Chief Information Security Officer's (CISO) mandate, cyber vision, and strategy, providing technical and business advice, support and provide Cyber Architecture services to all City divisions, agencies, and corporations.To define, develop and support Cyber Architecture programs and initiatives, engaging with teams across the organization to build alignment on key projects and develop execution roadmaps.To provide subject matter expertise, strategic advice, senior level guidance and operational support for Cyber Architecture area within the Cyber Diplomacy & Governance section.MAJOR RESPONSIBILITIES:Provide subject matter expertise, and operational support in the development, and delivery of various initiatives/key projects within the City's cyber security program.Author and maintain cyber architecture standards definition and good practices implementationSupport the development, publication, and maintenance of cyber security policies, standards, guidelines, and proceduresAuthor and maintain cyber requirement definition for new projects and contracts (RFP and other procurements)Perform threat modeling exercise and security control design analysis, architecture, and design reviews, coordinating with various stakeholders to integrate secure by design principlesBuild and maintain documented target security architectures, roadmaps, blueprints, patterns, and standardsAuthor the Security Architecture Review (SAR); comprehensive security design review to address the security requirements and identify potential risks of a proposed system or scenarioPrepare cyber metrics reports and presentation decks for the Management on a scheduled and ad-hoc basis. Leads the development, deployment and management of the City's cyber architecture of applications, programs and initiatives.Works with clients to design, build, implement and integrate complex and sustainable cyber capabilities.Architects security solutions and frameworks, using cloud-based technologies where feasible.Develops, implements and maintains security standards and procedures, including application and infrastructure hardening guides and best practices for key infrastructure.Participates in the information security governance process.Conducts cyber risk assessments of planned initiatives/projects across the organization and produces reports articulating potential risks.Reviews and implements management's action plans for cyber-related risk assessmentsDevelops and implements detailed plans and recommends cyber security policies/procedures regarding program specific requirements.Supervises, motivates and trains assigned project staff and contract resources, ensuring effective teamwork, high standards of work quality and organizational performance, continuous learning and encourages innovation in others.Supervises the day to day operation of all assigned project staff and contract resources including the scheduling, assigning and reviewing of work. Coordinates vacation and overtime requests. Monitors and assists in evaluating staff performance, hears grievances and recommends disciplinary action when necessary.Provides direction, leadership, guidance and advice to project teams, assigned project staff and contract resources. Oversees and reviews their work.Provides leadership to influence employee engagement to the organization, to the team, and to their role.Conducts research into assigned area ensuring that such research takes into account developments within the field, corporate policies and practices, legislation and initiatives by other levels of government.Provides input into assigned project budgets, ensuring that expenditures are controlled and maintained within approved budget limitations.Provides subject matter expertise and senior level strategic advice on cyber security issues affecting the organization, identifying potential exposures, and conducting reviews to ensure that undesirable effects are detected, mitigated and/or corrected, and providing pragmatic advice to clients to ensure that cyber risks are managed appropriately.Serves as the internal/external point of contact and subject matter expert in their respective function.Determines cyber security requirements of business strategies in order to provide appropriate advice, guidance, and technical solutions.Develops, reviews, and ensures approvals of security strategies within industry-accepted frameworks.Provides leadership in the evaluation, selection and recommendation of technical solutions and professional services. Identifies and evaluates emerging security technologies.Anticipates, analyzes and identifies organizational impacts of emerging requirements; recommends and coordinates innovative solutions using conflict resolution and negotiation skills to successfully manage sensitive and controversial matters.Participates in the development of transformation strategies focused on security, integrating and managing new or existing technology systems to deliver continuous operational improvements and detect, respond, and remediate threats.Resolves cyber risk issues. Escalates significant cyber risk matters to senior management when required.Deals with confidential information affecting the organization and its resources. Prepares and presents reports to management supporting recommendations on changes/improvements in business processes, training and services standards that impact appropriate staffing levels and resource allocation. Makes recommendations based on investigation results which could lead to the discipline or dismissal of staff.Participates in the development, implementation, administration, monitoring and maintenance of security tools collecting confidential information on infrastructure and application weaknesses Maintains up to date knowledge of City's confidential cyber infrastructure.Works with senior management within the division to address active internal/external cyber threats to the City. Attends senior management meetings, makes recommendations to mitigate the threats, and takes appropriate urgent action as needed.Provides a confidential assessment of organizational issues and makes recommendations for next steps, including policy, procedural and structural change.Takes a proactive approach to identify gaps and opportunities for improvement to mitigate risk.Organizes and works with multidisciplinary business and technical teams from across the organization to formulate and execute project plans and tasks according to established project management principles and methodologies.Provides oversight and monitors cyber risk activities performed by project teams. Reviews and supports the implementation of processes and controls by various teams as outlined in the information risk policy and related operating directives, standards and procedures.Provides project coordination and management support, and ensures comprehensive and effective information communication across various functional and project teams.Communicates effectively to stakeholders, clients, project managers, and team members regarding any business and technical decisions and actions that may impact solution delivery, staff performance, business processes, management workflow and technical support of public services.Provides support in the design, implementation, maintenance, and enforcement of policies, procedures, and controls.Plans, prioritizes and coordinates internal and/or external assigned project resources to meet project objectives.Prepares and/or supervises the preparation of various formal contractual documents such as Request For Information/ Proposal/Quotation, Statement of Work, Memorandum of Understanding and Service Level Agreements.Maintains accurate reporting of key risk metrics and associated measurements in alignment with the cyber risk appetite.Prepares regular cyber risk management reports, briefing notes, and presentations as required and leveraging cyber risk subject matter expertise.Builds and maintains strong relationships with internal and external stakeholders. Establishes relationships with strategic partners, collaborating on the advancement of cyber programs.Participates in meetings with executive leadership and strategic partners to review City's cyber security posture.Maintains an up-to-date and in-depth knowledge of cyber security, emerging threats, trends, and associated techniques and technologies as well as key business drivers and opportunities.QUALIFICATIONS/CERTIFICATIONS:Post-secondary degree in Technology or a related discipline.Over 6 years experience in Cyber Architecture.In-depth knowledge of architectural design and implementation methodologies including software, network and infrastructure.Excellent understanding of data centre technologies including network, compute, storage, virtualization, containers and enterprise application stacks.Excellent understanding of the cyber-kill chain model and associated technologies, and detection/mitigation and recovery techniquesExpertise in performing threat modeling exercise and security control design analysisProficient in building and maintaining documented target security architectures, roadmaps, blueprints, patterns, and standardsExtensive experience with common information security management frameworks, such as International Standards Organization (ISO) 27001, National Institute of Standards and Technology (NIST) cybersecurity framework, MITRE ATT&CK, SANS, OWASP and other leading edge security frameworks.Preferred Certifications (any two in the list): CISSP, TOGAF, SABSA, AWS/Azure Architect Certifications.