Cyber Security Governance and Compliance Advisor

Help bring research to life and drive your career forward with the National Research Council of Canada (NRC), Canada's largest research and technology organization.

We are looking for a Cyber Security Governance and Compliance Advisor to support our Knowledge, Information and Technology Services. Focusing on Cyber Security Governance and Compliance, this individual will be responsible for supporting adherence to regulatory requirements and information security standards. They will ensure policies and processes are properly designed and controls are operating effectively to meet regulatory and security requirements.

**The key activities for this position are the following**:

- Provide cyber security technical assessments in support of NRC’s Security Assessment and Authorization (SA&A) process;
- Manage the Identity, Credential, and Access Management (ICAM) cyber security processes and understand the requirements of ICAM within a research and technology organisation (RTO);
- Perform regular reviews of access rights, security tool agent health, and system configurations throughout the NRC environment. Challenge privileged access and enforce hardening directives to ensure that least privilege principles and approved configuration baselines are followed;
- Ensure that cyber security is onboarded into NRC activities and projects by providing advisory services to the Enterprise Architecture group and NRC employees;
- Lead and coordinate CDT’s cyber incident readiness exercises in order to test NRC’s ability to respond to cyber incidents. Represent the Cyber Defence Team in tabletop exercises lead by the NRC Incident Command Team;
- Develop and maintain standard operating procedures (SOPs) in the project implementation of NRC’s Security Operation Center;
- Establish key performance indicators to evaluate the effectiveness of NRC’s cyber defence strategy and to ensure that the Cyber Defence Team’s objectives are being achieved;
- Ensure compliance with GoC and industry recognized frameworks in order to improve NRC’s cyber security posture by coordinating cyber security maturity self-assessments and participating in continuous improvement initiatives;
- Deliver cyber security awareness sessions and other specialised training to NRC employees as part of NRC’s Security Awareness, Training, and Education (SATE) program;
- Achieve and maintain industry standard security certification appropriate for the position.

**Screening Criteria**:
**Education**:
Bachelor degree in Computer Science, Computer Engineering, Information Technology or Information Systems.

**Equivalency**

A college degree in an IT related field combined with Significant experience (at least 5 years) in IT Security may be considered.

For information on certificates and diplomas issued abroad, please see Degree equivalency

**Experience**:

- Significant experience in the IM/IT field, specifically in roles related to cyber security within a Security Operations Center (SOC) or similar environment;
- Significant experience in writing various types of documentation such as reports, briefing notes, technical guides, and standard operating procedures;
- Significant experience working with cyber security related policies, directives, standards and guidelines used in the Government of Canada;
- Significant experience working with industry best practices related to system hardening, cyber security controls, and baseline configurations;
- Experience in delivering presentations, briefings, or training sessions in both official languages, to small and large audiences;
- General experience in implementing adequate technical and organizational safeguards to protect IT assets, information, and the continuity of IT services;
- Experience in managing projects will be considered an asset.

**Condition of Employment**:
Secret (II)

**Language Requirements**:
Bilingual Imperative BBB/BBB

Information on language requirements and self-assessment tests

**Assessment Criteria**:
**Technical Competencies**:

- Extensive knowledge of the general principles of Cyber Security operations;
- Broad knowledge of cyber security related policies, directives, standards and guidelines used in the Government of Canada;
- Broad knowledge of cyber security standards and frameworks from NIST, CSE, ISO, CIS, etc;
- Demonstrated ability to deliver presentations and write policy and technical documents;
- Strong knowledge of identity and access management technologies;
- General knowledge of activities and technologies relevant to cyber security, including endpoint security, patch management, incident management, change management, network monitoring, malware analysis, vulnerability assessments, data loss prevention technologies etc.;
- Strong knowledge of query and scripting tools such as Microsoft PowerShell and Kusto as well as reporting tools such as Power BI Report Builder will be considered an asset;
- Platform specific security certification (e.g. Microsoft, AWS) will