Senior IT Risk and Security Consultant to perform an assessment of infrastructure, processes, controls, policies, and security of the IT department and deliver a report on findings, gaps and recommendations for mitigating risk to the organization.
Our public sector client is seeking a Senior IT Risk and Security Consultant to perform an assessment of infrastructure, processes, controls, policies, and security of the IT department and deliver a report on findings, gaps and recommendations for mitigating risk to the organization.
Info : Our client employs approximately 80 staff members based at four fibre connected office locations within the Basin.
Offices are in Castlegar ( 60 staff), Cranbrook ( 10 staff), Nakusp ( 5 staff) and Golden ( 5 staff). The Castlegar office houses the primary datacentre with a disaster recovery site in located approximately km away in Cranbrook.
The Trust also has management oversight of three hydroelectric facilities; Arrow Lakes Hydro (ALH) and Brilliant Expansion (BRX) located near Castlegar, and Waneta Expansion (WAX) located near Trail, British Columbia.
The hydro facilities function as satellite offices for staff that manage the facilities.
3.5 month contract (depending on start time), deliverables due to client by end of February . Travel to different places in the interior of BC is required.
Must Have Skills :
- Previous experience performing an assessment of infrastructure, processes, policies and security to mitigate security risks for clients within BC
- Experience with providing IT assessments in alignment with the BC Governments Security Framework(s)
Assess current state of information technology :
- Understand overall business strategy, business needs and its various departments priorities / activities.
- Assess IT network architecture, infrastructure, operations, data controls and management, policies, procedures, processes and ongoing maintenance, which includes physical and cloud environments.
- The assessment will consider key personnel dependency and organizational risk and IT personnel access to staff information and organizational risk.
- The assessment will include all IT systems within Trust control except for those of the wholly owned subsidiary
- Hydro facility assessments will not be included for jointly owned hydro facilities, but infrastructure on the corporate network at each of the facilities will be assessed.
Evaluate :
- Alignment with the Provincial government Defensible Security Framework.
- Controls and policies and whether they are adequate to effectively mitigate risks and are appropriate to Trust’s context, assets and operations.
This includes physical, financial, business
- and system controls, including external and internal access to information.
- The security, privacy and resiliency of the technologies used to achieve the Trust’s strategy and meet the Trust’s business needs and their vulnerabilities.
- Resourcing, for overall efficiency and effectiveness.
- Trust’s compliance with significant policies, laws and regulations.
- Any gaps, risks, vulnerabilities related to the above, including internal key person dependencies.