The Senior Specialist, Privacy & Cyber Security provides technical leadership and expertise in evolving the AER’s Information Security capability with a focus on defining, implementing, and assessing a Privacy and Cyber Security controls framework appropriate to the organization’s Information Security requirements The Senior Specialist, Privacy & Cyber Security provides a broad range of subject matter expertise, controls and compliance management, and advice as part of a team of Information Security professionals that define, implement and deliver on Information Security objectives that have organizational wide impacts.
Lead the evolution of the Privacy & Cyber Security controls framework that minimizes privacy and cyber security risks to the AER and its stakeholders. This includes working with related disciplines (e.g. FOIP, Records Management, Corporate Security, BCP, Risk Management) to ensure that the privacy and cyber security policy and controls framework are consistent with the overall business and information security strategy.
Provide guidance and expertise on applying the FOIP Act, evaluating and responding to privacy complaints, FOIP requests, OIPC requests and delivery of Privacy Impact Assessments.
Deliver Privacy and Cyber Security Advisory Services to ensure new technology, services, applications, and third parties have appropriate security controls embedded within the design and that architectural & design risks are appropriately assessed and managed.
Participate in the periodic evaluation of security controls to assure their effectiveness (e.g. internal/external penetration testing, manual control assessment, breach and attack simulation exercises, etc.).
Coordinate the development of action plans for deficiencies or gaps identified during risk assessments, audits, vulnerability assessment, control testing, etc., and follow up on their implementation with various internal stakeholders.
Excellent verbal and written skills
Strong strategic planning and operational plan development skills
Ability to tackle varied and undefined problems through in-depth analysis and investigation of underlying issues
Ability to influence across organizational boundaries
7+ years of relevant experience demonstrating progressive skill development and responsibility with a minimum of 4 years’ experience as FOIP Coordinator, or Delegated Decision Maker (FOIP) for an Alberta public body.
Minimum of 5 years’ experience in at least 3 of the following domains: Security Architecture; Security Testing & Assessment; Security risk management; Threat assessments; Information governance; IT Risk & Compliance Management.
Licenses or Certifications:
Certified Information Systems Security Professional (CISSP) and/or Cobit 5 Certification (e.g. CISA, CRISC) are required.
Certified Information Privacy Technologist (CIPT) or similar Certification is required
Closing Date: midnight on February 14, 2021.