Job Title- Security Architect – Senior

Period:  14 months

Start Date – 2022-01-20

End Date – 2023-03-31

Location – Toronto

Working Hrs.: 7.25 Hrs. / day

Note: Due to COVID-19 restrictions the consultant will be working remotely until restrictions are lifted.

Experience and Skill Set Requirements

Technical Skills

·      10+ years of experience defining security architecture and enterprise systems and environments, including but not limited to Identity and Access Management systems, security operations, etc.

·      10+ years of experience developing, implementing and supporting I&IT solutions utilizing information security and privacy risk management practices consistent with the ISO/IEC 27000 group of standards, including strategic planning, benefits-driven approaches, implementation plans and quality evaluations.

·      Experience implementing and managing information security and privacy best practices, including but not restricted to, risks to the security of data and risks to the privacy of personal information

·      Experience leading end-to-end technical risk assessments, including selecting risk methodologies, identifying security and privacy compliance gaps, priorities, dependencies and redundancies, and recommending appropriate remediation

·      Expert experience in Agile/iterative development and security methods for DevOPS DevOps CI/CD pipeline and contemporary toolsets such as Angular, Node.js, Docker, Kubernetes, Jenkins, Maven, ELK stack, JWT Tokens, Swarm, Anchore, ZAP

·      Ability to review source code (Java, JavaScript) and identify potential security weaknesses.

40 points

Security Experience

·      Experience in providing support to operate security technologies effectively such as firewalls, intrusion prevention systems, log correlation, SAN Security, data encryption and audit management systems

·      Experience conducting security design reviews and recommending appropriate controls; Recommend the use of cryptography as appropriate to ensure confidentiality, integrity and availability of data

·      Experience in conducting vulnerability assessments and penetration testing

·      Experience in implementing and maintaining a security and privacy audit management system

·      Experience with Cyber security incident response processes

·            Demonstrated leadership in application security testing (e.g. using static and dynamic analysis, designing, and using automated testing tools)

40 points

Management and Communication Skills

·            Strong leadership and people management skills and experience

·            Effective facilitation skills: ability to build rapport with stakeholders and drive negotiations to a successful outcome

·            Proven track record for building strong working relationships Strong interpersonal, and verbal and written communication skills

·            Excellent customer service skills, including tact and diplomacy to ensure client needs are managed effectively

·            Excellent analytical, problem-solving and decision-making skills Ability to apply strong listening skills to facilitate issue resolution

·            A motivated, flexible, creative team player with perseverance, excellent multi-tasking abilities and a proven track record for meeting strict deadlines

15 points

Public Sector Experience

·            An understanding of the Ontario Healthcare Reporting Standards (OHRS)

·            2+ years of experience working in the healthcare industry, specifically in maintaining and supporting systems such as Electronic Medical Records (EMRs), Hospital Information Systems (HISs), Clinical Assessment tools, and Ontario Healthcare Reporting Standards (OHRS) compliant Financial and Human Resource Management Systems

·            Knowledge of personal health information protection legislative requirements and how they apply to developing and maintaining healthcare systems containing personal health information

·            Knowledge of personal health information protection legislation (e.g. PHIPA, FIPPA), the information risk factors in healthcare and how they apply to managing security and privacy risks in healthcare systems containing personal health information

5 points

Description

The Security Architect is required to participate in the OPS technology roadmap and investment plan to align the cluster’s security road maps. The resource will also be required to consult with the OPS Technology Roadmap and Investment Plan (TRIP) to ensure that projects and programs are well supported.

The Security Architect is required to:

• establish sound security architectures for I&IT Solutions and implement security technologies effectively including firewalls, intrusion prevention systems, log correlation, data encryption and audit management systems

•   carry out security vulnerability assessments and penetration testing 

• define policies and procedures to address and remediate risks 

• identify security and privacy risks associated with proposed changes to support the delivery of health solutions, or to the collection, use, and disclosure of health information

• manage information security and privacy risks using continuous improvement methodologies.

• provide HSC with security expertise, including security designs and implementation of security technologies in support of HSC IAA Strategy

• mitigate the Ministry’s risks by bridging current gaps in IAA Policy compliance/requirement for over 100 mission and business critical High-Assurance applications currently managed by the Ministry of Health with Low-Assurance credentials work with solution leads and stakeholders to identify and manage information security standards, privacy legislation, compliance, and business risks

• support projects to carry out security vulnerability assessments, Threat Risk Assessment (TRA), Privacy impact assessment (PIA) and penetration testing

• review and proactively work with projects to manage risk identified by TRA, PIA and the penetration test

• recommend platform security controls for internet-facing, cloud-hosted applications compliant with relevant Government of Ontario Information Technology Standards

• develop security strategy plans and roadmaps based on sound enterprise architecture practices. 

• lead, facilitates and aligns with the OPS Technology Roadmap and Investment plan (TRIP) 

• evaluate new services, vendors, applications and security tools, among other items, from a technical perspective, and translate the risk characteristics of these activities and functions into enterprise risk terms that can be communicated to projects, programs & business stakeholders in the organization

• develop and maintain security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations

• validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable (Id Verification, Online-Id proofing etc.) 

• support projects to ensure compliance with security and privacy best practices, such as Government of Ontario Information Technology Standards (GO ITS), ISO 27000 series, Personal Health Information Privacy Act (PHIPA), Freedom of Information and Protection of Privacy Act (FIPPA), and the 10 privacy principles of personal Information Protection and Electronic Documents Act (PIPEDA)

• manage security architecture to ensure appropriate security controls are built in during development or deployment of technology and business solutions

• work with stakeholders to provide security and privacy awareness, and ensure knowledge is transferred to all groups, including technical support, application support and business users

• implement and maintain a security and privacy audit management framework

• manage and/or conduct risk assessments as required based on industry proven methodologies

• lead/contribute specific security architecture/design requirements for each iteration

IAA Strategy and Roadmap Development 

• IAA Strategy overview and Roadmap

• IDP Stakeholder Integration/Paths

• Tech Platform Options and Recommendations

• High Level Architecture Recommendations

• Delegation, definition and guidance to applications/projects

• HSC IAA Strategy Approval

IAA Strategy Implementation 

• HSC IAA Service Conceptual Architecture

• Platform/Product Selection

• GoCloud service definition

• PoT development

• HSC IAA Logical ArchitectureHSC IAA Broker Service Proof of Technology (PoT)

IAA Strategy Implementation 

• Production HSC IAA Broker Service available for applications to consume via GoCloud

• Integration guides for migrating existing applications to new high-assurance credentials via HSC IAA service

IAA Strategy Implementation – 

Start Onboarding health applications to HSC IAA service

If you are available, please send your resume to deepti.gill@2iresourcing.ca OR refer someone interested.