IT Security Specialist

Job Summary

Under the supervision of the Manager, Technology Services.  The IT Security Specialist takes a strategic role in the delivery of Infrastructure support services, preparation of strategic infrastructure proposals, project management, and in providing advanced technical infrastructure guidance to both IDRC and non-IDRC staff.  In order to deliver on these tasks the IT Security Specialist will be required at times to lead other team members in the successful delivery of these tasks.
The role of the position is to provide a balanced IT security solutions which ensure the confidentiality, integrity and availability of the organisation’s information.  This is accomplished through the design of new security solutions while also identifying areas of risk to the organisation and developing & executing mitigation strategies. Additionally, the position contributes to the ongoing support of systems, including responding to user requests sent to the Service Desk and providing feedback when required to the systems product strategists. Possess the ability to effectively respond to incidents that may impact the ability to deliver IT services.

Primary Duties or Responsibilities

IT Security

  • Provides subject matter expertise and guidance on IT Security to project managers, business clients and senior management.
  • Prepares and delivers security presentations, briefing reports and quarterly updates to key stakeholders including senior management.
  • Manages the IT Security incident management process by leading or conducting security investigations into problematic activities, provides written reports of said investigations and provides on-going communication with senior management.
  • Conducts or manages vulnerability assessments, threat and risk assesments (TRA) and penetration testing of IDRC systems.  With the results, provides recommendations and implements changes to ensure the protection of the various systems.
  • Manages the security posture of end point security devices, network devices and servers. This includes the:
    • Review, approval, test and manage the implementation of various security solutions;
    • Monitoring and reporting on the effectiveness of the solutions and make necessary adjustments to maintain an established level of security;
    • Reviewing the various logs and recommending actions to mitigate risks;
    • Proactive mitigation of any potential IT security risk; and
    • Reporting of the effectiveness of the various security controls in place
  • Recommends, schedules (where appropriate), and applies fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.
  • Provides direction, recommendations, and creates/modifies IT Security policy, procedures, standards and guidelines.
  • Participates in and leads the IT business continuity and disaster team by creating, planning, testing, and executing to ensure the integrity of IT systems both at Headquarters and the Regional Offices.

Strategic Planning and Product Strategy

  • Actively seeks opportunities for developing and implementing new or/and innovative infrastructure initiatives throughout the Centre.  Presents the opportunities to the Manager TS, helps prioritize those opportunities and when required helps negotiate the resources and timeline for these initiatives. Opportunities are determined by working closely and collaborating at a senior level with various stakeholders throughout the Centre.
  • As a senior member of the TS, takes the lead role in advanced problem analysis and resolution.  In many cases this means leading specialized TS teams, and interacting with other teams both within IMTD and outside.  In order for a proper resolution of issues a high level of communications skills and tact are required.
  • Participates at a senior project manager level with other technical staff and project managers to analyze infrastructure issues and proposals, develop strategies, project plans, and recommend priorities for the proposals.  Ensures documentation of such proposals is complete, well written and suitable for the audience which will be evaluating the proposals. 
  • Participates in joint infrastructure/application development sessions by meetings with other analysts to identify, analyze, and document business requirements of clients and end-users.
  • As IT Security Specialist works collaboratively with the various service teams (IMTD staff in Ottawa, and the Regional Offices working on a specific service or family of services) to provide input into the change management functions, presents and follows up on those changes as member of the Change Advisory Board.
  • Participates in cross functional discussion or working groups (especially with the Applications Services, Business Relationship and Information Services, other Centre divisions, user groups, regional technical contacts, and contracted technicians), to provide client solutions and support.
  • Presents, either independently or in conjunction with the appropriate user constituency, new infrastructure proposals based on the functional baseline analysis of requirements, citing project scope, design rationale, and linkages with established systems, to ensure overall IDRC infrastructure system integration. As such, any presentations required for a senior management audience should be stated clearly and concisely in non-technical terminology
     

Research and Project Planning

  • Through research and notifications, maintains an awareness of system patches, enhancements and new features, security vulnerabilities and associated technologies which can be used to protect the information systems and associated infrastructure.
  • Participates, at a senior level, in IT enhancement initiatives and projects as a team member or a team leader by undertaking research, investigations, evaluations and testing of new or enhanced technologies in order to improve the corporate IT infrastructure. This may be done individually or by leading a small team of infrastructure analysts.
  • Assists and mentors other project managers and technical teams, or acts as a senior project manager in the development of recommendations, standards, procedures, and documentation and implementation strategies for the enhancements or introduction of new technologies to the infrastructure components in all IDRC offices.  May also be called upon to assist in the staging of the recommended technologies into the production environment.
     

IT Service Delivery

  • When required, provides in-depth technical support for the operations of the corporate information systems servers, network infrastructure (Headquarters and the Regional Offices), system appliances, housed applications and operating systems software to ensure system availability, reliability and performance. Also to ensure a high quality of service and cross training of skills provides mentoring of such activities to more junior infrastructure members.
  • Monitors system performance and security (Headquarters and the Regional Offices), evaluates resource levels and when necessary takes action to alleviate any issues. Depending on the criticality of the problem reports, the problem and the action are taken to the Manager, TS.
  • Provides technical support to regional office staff and contractors in planning, diagnostics, troubleshooting and analysing issues associated with information systems, connectivity, security, backup or system hardware within the Regional Offices.
  • Develops and maintains standards, protocols, guidelines and procedures that govern infrastructure security, operations and management.

Communications

  • Researches and prepares in-depth notes, IT Security reports, project plans, status reports, technical documentation, industry briefing notes and proposals to be used by various technical and non-technical staff and management.  Assists the product strategists in the preparation of briefing notes, technology summaries and analysis reports ensuring they are technically correct and written for the appropriate audience.
  • Participates in collaborative technical discussions with IDRC management, IMTD management, and business representatives to ensure user needs and security requirements are met. Solicits input on user needs, conducts business analysis, recommend changes to meet service levels. Represents IMT in technical discussions with other government organizations, technical conferences and vendor meetings. Prepares and presents presentations, training to users and IMTD staff as required
  • Represents the TS and IMTD in working groups, discussions and forums with business application owners and stakeholders to provide insight on technological implications, support concerns, prioritization of work and availability of resources.  Must be able to communicate effectively and work with tact.
  • Travels to the regional office sites, partner locations and IT conferences to provide technical deployment support, exchange and discuss IT information.
     

Resource Management

  • Contributes to or creates the statement of work and deliverables of consultants and contractors engaged to assist in the implementation and maintenance of infrastructure components by monitoring work to ensure deliverables are met and recommending the approval/sign-off of work items and time schedules to the Manager of the TS.
  • Supervises the execution of project plans, testing procedures, project review documents, procurement documents, prototypes, proposals, statistics, reports and standards regarding all aspects of a project.
  • Works with the Manager of TS on the estimation of infrastructure component costs and projections for budgeting purposes and identifies potential impacts and opportunities.
  • Directs, guides and mentors more junior members of the TS team in order to increase their knowledge, expertise and capacity.

Supervision

Indirect Supervision:

  • Leads, on a regular basis, project teams of information technology specialists. This includes recommending project objectives and priorities, identifying staffing requirements, assigning work to project members and monitoring the quality and timeliness of the work; delegates responsibilities; and develops and coordinates project proposals to obtain management approval and funding.  (Ongoing)
  • Private sector consultants and part-time contracted infrastructure support.  (Occasionally)

Job Scope

The IT Security Specialist ensures the availability, stability, security and integrity and the effective use of the Centre’s various information systems, associated operating systems, networks and devices.  The IT Security Specialist monitors the systems closely, report problems and respond to issues of performance, stability, availability, security and support for Headquarters and Regional Office users.   The incumbent participates in IT projects, either as a member of the team or as a project manager, relating to enhancements to the Corporate Information Systems infrastructure components and systems, to better meet the needs of the users.  The incumbent provides regular reports to the Manager of TS on system performance/security and availability and as required, recommends enhancements or corrective maintenance. The incumbent conducts research on technologies and tools that might enhance service delivery and where appropriate, makes recommendations to management.

The IT Security Specialist provides leadership to team members and functional direction to consultants and contractors. The incumbent plans, prioritizes, assigns and schedules work for team members and establishes IT security standards, procedures and documentation for providing IT related support services within the Centre and ensures the implementation and adherence to these.
 

Although the incumbent is not expected to be an expert on all of the supported technologies, the incumbent does require knowledge on a wide variety of technologies (both hardware and software) and must have in-depth expertise in IT Security as well on at least two of the key areas (LAN Administration, Networking, Database Management, Server Operating Systems, ITCSM), in that respect, requires regular updating of skills either through reading or coaching and, in some instances, through formal training.