IT Security Specialist
Term, one year with possibility of extension or of becoming regular
City, Province, Country:
Ottawa, Ontario, Canada
Number of Positions:
April 18, 2012
May 2, 2012
(annual): The Bank offers a competitive total compensation package with starting salaries, based on qualifications, generally ranging between $65,379 and $76,917* (job grade 16). *Where the Bank requires specialized skills, it may offer higher starting salaries to exceptional candidates.
Canada's central bank is the nation's pre-eminent macroeconomic policy institution. No other employer in the country offers you the unique opportunity to work at the very centre of Canada's economy, in an organization with significant impact on the economic and financial well-being of all Canadians. No matter what your area of expertise, you'll enjoy an open culture and a superior work environment that will challenge, energize, and motivate you to excel. (More info)
The IT Security Specialist utilizes current technology disciplines for information security to ensure confidentiality, integrity and availability of the Banks information assets. This position uses changing regulatory, threat and technology landscapes to continually develop or maintain security policies and standards to attain compliance throughout the Bank. This role provides consulting services Bank-wide and to the technology teams through security awareness efforts. As a member of the information security group within ITS, the incumbent serves as a mentor on the execution of duties, as an information security professional and in the transfer of knowledge to other staff members. The IT Security Specialist provides security and analytic support focused on evolution of technology to meet future requirements and to ensure that work processes are followed effectively. The work requires the development of new approaches, standards, methods and tools, as well as participation in the design, installation, development, modification, maintenance and enhancement of business applications. The incumbent collaborates with clients and colleagues to identify user requirements, assesses available technologies and recommends solution options.
participate in security design and monitoring of operating system and application security, and recommend technical solutions to achieve business needs work with clients and ITS colleagues to determine user requirements and prepare detailed specifications for the design and development of security infrastructures such as identity management, web access management, vulnerability management and Public Key Infrastructure (PKI) design and develop business application systems and ensure compliance with standards and established methodologies and practices participate in implementation activities, e.g., assist in setting up servers for the Internet from a networking aspect (firewall, load balancing, switch, Domain Name System (DNS), security perspective) provide support for the Banks vulnerability management framework, and participate in the analysis, reporting and remediation of vulnerabilities provide support, including on-call, shift and/or weekend work as required, for systems within area of expertise; monitor performance of systems and service agreements to ensure that ongoing service delivery standards are met develop plans to safeguard against accidental or unauthorized modification, destruction or disclosure and to meet emergency data processing needs research and evaluate recommendations for current security products perform third-party service provider risk assessments to ensure that data in outsourced arrangements are secure work autonomously to resolve complex as well as common/routine security problems in a multi-functional setting, assessing and communicating issues of technological impact on the functional/corporate level assist in the resolution of security-related issues as appropriate to the individual level of technical experience document security and emergency measures, policies, procedures and tests develop security awareness campaign geared toward IT and Bank staff work with industry organizations, business partners and technology teams to develop compliance validation methods where appropriate assist in planning, organizing and controlling the activities around security assessments and remediation and in the development of overall project plans and timetables participate in the implementation and review of audit trail logs and reporting mechanisms, vulnerability assessments and penetration tests collaborate with architecture, development, quality assurance and operations teams in defining and executing security controls provide guidance and support to more junior colleagues for common/routine problems train users and promote security awareness to ensure system security and to improve server and network efficiency
university degree in computer science or engineering, or five years of relevant experience in IT a minimum of five years of work experience in the field of information and technology security, with a concentration on information security and IT audit experience at the enterprise level, plus relevant certification (CISSP, GIAC) English and French essential linguistic requirement: minimum starting level functional in second official language (training will be provided to help the selected candidate reach the required level of fully functional) demonstrated skills in gathering and documenting business and functional requirements toward the implementation of security controls and technologies demonstrated experience in the following areas: o standard information and technology security concepts around risks and vulnerabilities (e.g., product weaknesses, process deficiencies, denial of service attacks, viruses) and appropriate countermeasureso vulnerability assessment and penetration testing tools, techniques, remediation and reporting o PKI operational support (e.g., Microsoft, Entrust, PGP)o identity management and authentication/authenticator support (e.g., managing/supporting identity creation and management, evaluating and supporting authenticators)o network and operating system security features (e.g., Windows, Linux, Solaris, Cisco)o network security technologies (e.g., secure remote access, web access management, authentication mechanisms, IPSEC VPN, server hardening) familiarity with risk assessment, Internet security, cryptography, and tools and techniques used to provide security controls and monitoring sound knowledge of network infrastructures, including firewalls, VPNs, intrusion detection systems, penetration testing and vulnerability assessment strategies, file and session encryption and cryptography methods, web application and device security security awareness training, incident response team experience, and policy management and contract exposure
fully functional in second official language
If you are a qualified candidate, please submit a detailed resumι and a covering letter by 2 May 2012. We will also ask you to complete a mandatory questionnaire during the application process. Condition of employment: Candidates must be eligible for secret status clearance. Condition of employment: Candidates must be available for on-call, overtime or variable work schedule based on operational requirements. There will be no relocation assistance provided for this recruitment action. We are committed to employment equity and we encourage applications from qualified men and women, including Aboriginal peoples, persons with disabilities, and members of visible minorities. Only the candidates selected for an interview will be contacted.
Sorry, this job is no longer available.
Copyright © Bank of Canada