Assistant Ciso
3 weeks ago
Assistant CISO - IT Security Consultant opportunity with The Government of Prince Edward Island
- Permanent full-time
- Pension and health/dental benefits
- Up to $2,500 annual training funds
- Flexible working hours/Hybrid options in PEI
**Department**: Treasury Board Secretariat
**Location**: Charlottetown
**Position**:Full-Time 100% Position (Commencing Immediately)
**Employment Type**:Classified (Permanent) - UPSE
**Hourly Salary Range**: $40.08 - $50.14
**Annual Salary Range**:$78,156 - $97,773
**Pay Level**: 20
**Bi-Weekly Hours**: 75.0 hours bi-weekly
**Posting ID**:163137-0524TBPO
**Closing Date**:Monday, June 24, 2024 4:00 p.m.
**Open to**: Public
The Department of Finance is committed to Equity, Diversity, Inclusion and Accessibility. Our goal is to build a public sector workforce that reflects the diverse communities we serve and to promote welcoming, diverse, inclusive, respectful workplaces that are accessible to all. We welcome all interested individuals including Indigenous People, persons with disabilities, Black, racialized, ethnic and culturally diverse groups, as well as people regardless of their sexual orientation, gender identities, and gender expressions. Those looking for more information are invited to visit our Equity, Diversity, and Inclusion Policy.
Reporting to the Chief Information Security Officer for the Province of PEI, the Security IT Consultant and Assistant CISO is responsible for the delivery of the Government’s Cybersecurity Program. This position is a key liaison between assigned Departments/Crowns supporting Senior Management to proactively address and remediate security vulnerabilities, threats, risks, incidents, and overall cybersecurity needs for the Government.
**Duties will include but are not limited to**:
- Conduct network monitoring and intrusion detection analysis using systems such firewalls, intrusion prevention systems (IPS), security information & event management (SIEM), host based security systems, etc.;
- Supports the information security function across the Government to ensure consistent and high-quality information security management in support of the business goals under the guidance of the CISO;
- Determines the information security approach and operating model in consultation with a department or agency stakeholder to align with Government’s risk management approach and compliance monitoring of non-digital risk areas under the guidance of the CISO;
- Develops and enhances an up-to-date information security management framework based on the following: National Institute of Standards and Technology (NIST) Cybersecurity Framework with recognition and appropriate augmentation from International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, and COBIT/Risk IT;
- Provides a business process re-engineering services and configuration for systems based on security practices and standards understanding specific business needs and assessing acceptable levels of risk;
- Provides input for the IT section of the Government's code of conduct;
- Communicates vision and values of the organization, emphasizing excellence at all levels engaging all staff in the division;
- Prepares capital budget submissions for projects which support the strategic plans;
- Other related duties.
**Minimum Qualifications**:
- Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security;
- Degree in business administration or a technology-related field;
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar Security credentials;
- Demonstrated equivalencies may be considered;
- Considerable experience in a leadership role;
- Considerable relevant experience in the field of information security and/or risk management;
- Knowledge and understanding of relevant legal and regulatory requirements, such as: such as Personal Information Protection and Electronic Documents Act (PIPEDA), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard;
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework;
- Up-to-date knowledge of methodologies and trends in both business and IT;
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment;
- Experience with contract and vendor negotiations;
- Poise and ability to act calmly and competently in high-pressure, high-stress situations;
- High degree of initiative, dependability and ability to work with little supervision while being resilient to change;
- High level of personal integrity, as well as the ability to professionally
