Technical Advisor, Cloud and Data Security

Help bring research to life and drive your career forward with the National Research Council of Canada (NRC), Canada's largest research and technology organization.

We are looking for a Technical Advisor, Cloud and Data Security to support our Knowledge, Information and Technology Services. The Technical Advisor, Cloud and Data Security would be someone who shares our core values of Integrity, Excellence, Respect and Creativity.

**The key activities for this position are the following**:

- Establish NRC’s Cloud Cyber Security Strategy;
- Coordinate, deploy, administer, and monitor cloud-based cyber security tools to ensure visibility and protection of NRC Cloud assets;
- Integrate into the Security Operations Centre (SOC) the cyber-security related activities currently undertaken by the Infrastructure Operations team;
- On-board and integrate new NRC cloud projects and NRC IT cloud services into the SOC;
- Participate in migration projects to the Cloud and other activities related to the Government of Canada’s Cloud Adoption Strategy;
- Provide cyber security technical assessments in support of NRC’s Security Assessment and Authorization (SA&A) process;
- Participate in NRC’s Insider Threat and Data Loss Prevention (DLP) program.
- Act as the Cyber Security lead for alignment and integration of cloud-based research initiatives (e.g. HPC, AI) with cyber security services;
- Develop operational cyber security instruments (policies, directives, standards, guidelines, and configuration baselines) tailored to the NRC.
- Establish key performance indicators to evaluate the effectiveness of NRC’s cyber defence strategy and to ensure that the Cyber Defence Team’s objectives are being achieved;
- Achieve and maintain industry standard security certification appropriate for the position.

**Screening Criteria**:
**Education**:
Bachelor degree in Computer Science, Computer Engineering, Information Technology or Information Systems.

**Equivalency**

A college degree in an IT related field combined with Significant experience (at least 5 years) in IT Security may be considered.

For information on certificates and diplomas issued abroad, please see Degree equivalency

**Experience**:

- Significant* experience in the IM/IT field, specifically in roles related to cyber security within a Security Operations Center (SOC) or similar environment;
- Significant* experience in researching, evaluating, and implementing new cloud technologies;
- General experience in event and incident management (preparation; detection and analysis; containment, eradication, and recovery; post-incident activity);
- General experience in implementing adequate technical and organizational safeguards to protect IT assets, information, and the continuity of IT services;
- Experience in writing various types of documentation such as reports, briefing notes, technical guides, and standard operating procedures;
- Experience in managing projects will be considered an asset.
- Significant is defined as at least 3 years of experience.

**Condition of Employment**:
Secret (II)

**Language Requirements**:
Bilingual Imperative BBB/BBB

Information on language requirements and self-assessment tests

**Assessment Criteria**:
**Technical Competencies**:

- Extensive** knowledge of native cloud security and monitoring services for Microsoft Azure and Amazon AWS;
- Significant* knowledge of the general principles of Cyber Security operations;
- Broad knowledge of activities and technologies relevant to cyber security, including endpoint security, patch management, incident management, change management, network monitoring, malware analysis, vulnerability assessments, etc.;
- Broad knowledge of SIEM/XDR technologies, and specifically Microsoft Sentinel, Microsoft 365 Defender and Microsoft Defender for Cloud;
- General knowledge of cyber security related policies, directives, standards and guidelines used in the Government of Canada;
- Knowledge of data loss prevention technologies like Microsoft Purview, Microsoft Defender and McAfee (Trellix) DLP;
- Knowledge of cyber security standards and frameworks from NIST, CSE, ISO, CIS, etc;
- Knowledge of reporting tools such as Power BI Report Builder will be considered an asset;
- Platform specific security certification (e.g. Microsoft, AWS) will be considered an asset;
- Current industry standard security certification (e.g. CISSP, CISM, CCSP, CISA) will be considered an asset.
- Significant is defined as at least 3 years.

**Extensive is defined as at least 5 years.

**Behavioural Competencies**:

- Technology support - Client focus (Level 3)
- Technology support - Communication (Level 3)
- Technology support - Conceptual and analytical ability (Level 3)
- Technology support - Initiative (Level 3)
- Technology support - Teamwork (Level 3)
- Technology support - Results orientation (Level 3)

**Competency Profile(s)**:
**Relocation**:
Relocation assistance will be determined in accordance with the NR