Govern and Support

4.1 Cyber Legal Advisor


Basic Job Description

Provides legal advice and recommendations on relevant topics related to cyber security.

Cyber Security Related Tasks

  • Advocate organization’s official position in legal and legislative proceedings;
  • Interpret and apply laws, regulations, policies, standards, or procedures to specific issues;
  • Evaluate the effectiveness of laws, regulations, policies, standards, or procedures;
  • Resolve conflicts in laws, regulations, policies, standards, or procedures;
  • Maintain a working knowledge of constitutional issues which arise in relevant laws, regulations, policies, standards, procedures, or other issuances;
  • Conduct framing of pleadings to properly identify alleged violations of law, regulations, or policies;
  • Conduct research and analysis on various legal matters of the organization using multiple sources;
  • Provide legal analysis and decisions to compliance personnel, management, and privacy officers, among others regarding compliance with cyber security laws, regulations, and policies;
  • Provide advice and guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients;
  • Monitor and assess the potential impact of emerging technologies on laws, regulations, policies, standards, or procedures;
  • Evaluate the impact of changes to laws, regulations, policies, standards, or procedures;
  • Implement new or revised laws, regulations, policies, standards, or procedures; and
  • Prepare legal reports, briefing notes, and other relevant documents.

Commonly Requested Education, Training and Work Experience

  • Post-secondary University Degree in Law and acquired provincial licensure to practice. A Master’s Degree is preferred;
  • Certifications an asset: Computing Technology Industry Association (CompTIA); Certified Information Systems Security Professional (CISSP); and
  • Previous training and experience in law and cyber security is preferred -- 2-5 years of experience for entry-level; 5-10 years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Domestic and international laws, regulations, and ethics as they relate to cyber security and privacy;
  • Information security policies, procedures, and regulations;
  • A working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security and integrity, security requirements, and the functional and technical design of networks and system, and cyber security solutions;
  • Specific impacts of cyber security gaps and breaches;
  • Information gathering principles, policies, and procedures including legal authorities and restrictions;
  • Investigative tools, reporting, and laws and regulations;
  • Business or military operation plans, orders, policies, and rules of engagement; and
  • Privacy disclosure statements based on laws and regulations.

Key Proficiencies

Research and Analytical, Attention to Detail, Problem-solving, Interpersonal, Negotiation, Communication Skills

4.2 Policy Analyst


Basic Job Description

Develops and maintains cyber security policies to support and align with organizational cyber security initiatives and regulatory compliance.

Cyber Security Related Tasks

  • Develop and implement cyber security policies and guidelines;
  • Research and analyze organizational cyber security policies, guidelines, and requirements;
  • Assess policy needs and collaborate with management and staff to develop policies to govern cyber security activities;
  • Review existing and proposed policies and guidelines with management;
  • Prepare and publish cyber security policies;
  • Interpret and apply applicable laws and regulatory documents into cyber security policy;
  • Monitor the application of cyber security policies and guidelines;
  • Establish and maintain communication channels with management and staff on existing and proposed policies and communicate any policy changes;
  • Provide guidance to management and staff; and
  • Ensure cyber security policies and guidelines are reflected in the organization’s mission and goals.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in an applicable field related to cyber security (e.g.; Business Administration, Economics, Law, Political Science, Social Sciences or equivalent); and
  • Previous training and experience in policy analysis/policy development – 1-3 years of experience for entry-level; five years of experience for advanced-level.
  • Individuals employed in this role can have diverse levels of cyber security expertise and may not have any background in the work domain. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Current and emerging technology and cyber security technologies;
  • Technological trends and security risks and their potential impact on cyber security policies;
  • Applicable laws, regulations and guidelines as they relate to cyber security;
  • Leveraging best practices and lessons learned of external organizations and academic institutions with a cyber focus;
  • Identify gaps in cyber security policies; and
  • Develop, draft, and communicate cyber security policies in support of organizational activities.

Key Proficiencies

Research, Analytical, Problem-solving, Interpersonal, Communication skills

4.3 Privacy Officer


Basic Job Description

Develops, implements, and administers all aspects of the organization privacy compliance program, responsible for safeguarding private and confidential information.

Cyber Security Related Tasks

  • Interpret and apply laws, regulations, policies, standards, or procedures to specific privacy issues;
  • Conduct periodic impact assessments and ongoing compliance monitoring activities to identify compliance gaps and/or areas of risk to ensure privacy concerns, requirements and responsibilities are addressed;
  • Establish and maintain a mechanism to track access to information within the purview of the organization and as required by law to allow qualified personnel to review or receive such information;
  • Establish and implement an internal privacy audit program, and prepare audit reports that identify technical and procedural findings, and privacy violations, and recommend remedial solutions;
  • Provide advice and guidance on laws, regulations, policies, standards, or procedures to management, personnel, or key departments;
  • Ensure compliance with privacy and cyber security laws, regulations, and policies, and consistent application of sanctions for failure to comply with stated measures for all personnel in the organization;
  • Initiate, facilitate and promote activities to foster privacy awareness within the organization that include the collection, use and sharing of information;
  • Monitor advancements in privacy enhancing technology and ensure the use of technologies complies with privacy and cyber security requirements, including the collection, use and disclosure of information;
  • Review the organization’s network security plans and projects to ensure that they are consistent with privacy and cyber security goals and policies;
  • Collaborate with legal counsel and management to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and relevant materials are compliant with legal practices and requirements;
  • Report security breaches to management and appropriate authorities; and
  • Develop, deliver, and oversee privacy training material and awareness activities.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in an applicable field related to cyber security (e.g.; Business Administration, Law, Political Science, Social Sciences or equivalent);
  • Certifications as asset: International Association of Privacy Professionals (IAPP); and
  • Previous training and experience in policy analysis – 2-3 years of experience for entry-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Domestic and international laws, regulations, policies, and procedures;
  • Information security policies, procedures, and regulations;
  • A working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security and integrity, security requirements, and the functional and technical design of networks and system, and cyber security solutions;
  • Specific impacts of cyber security gaps and breaches;
  • Monitor advancements in privacy laws and policies;
  • Privacy impact assessments; and
  • Privacy disclosure statements based on laws and regulations.

Key Proficiencies

Analytical, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

4.4 Risk Analyst


Basic Job Description

  • Assesses and manages information security and cyber security risks and ensures risks and controls are assessed accurately, objectively and independently;
  • Conducts research, analyzes information, prepares reports and plans to resolve organizational problems related to cyber security to acceptable levels.

Cyber Security Related Tasks

  • Investigate and report on risks and exceptions on a regular basis to management, and formulate action plans to remediate them;
  • Conduct research and develop models to analyze, explain and forecast patterns and trends, and devise methods for collection and analysis of data;
  • Determine cyber security risk profiles for various cyber security projects and strategies;
  • Assess the risk for implementing cyber security tools and technology within the organization;
  • Develop and maintain risk and impact assessments for various projects and strategies;
  • Maintain and report the organizational risk register with management on a periodic basis;
  • Define, develop and manage policies, procedures and guidelines on cyber security requirements;
  • Ensure compliance with cyber security policies, laws, regulations, and practices;
  • Develop or contribute to reviews of implemented projects and strategies to identify potential risks; and
  • Integrate cyber security with other organizational risk management activities.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Information Security, Information Management, IT Risk Management, or equivalent);
  • Certifications an asset: Certified in Risk and Information Systems Control (CRISC); and
  • Previous training and experience in risk management or cyber security is preferred – 2-5 years of experience for entry-level; 5-10 years of experience for advanced-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Information and data analysis techniques;
  • Risk management processes, responsibilities and authorities;
  • Risk identification, risk documentation, risk analysis, risk reduction and risk reporting;
  • Business continuity and disaster response planning;
  • Cost/benefit analysis;
  • A working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security and integrity and security requirements; and
  • Applicable laws, regulations and guidelines as they relate to cyber security.

Key Proficiencies

Analytical, Problem-solving, Organizational, Time Management, Interpersonal, Communication skills

4.5 Strategic Planner


Basic Job Description

Develops and maintains cyber security plans and strategies to support and align with organizational cyber security initiatives and regulatory compliance.

Cyber Security Related Tasks

  • Design and implement cyber security strategies and programs that outline and align with organization goals and activities;
  • Research and analyze organizational cyber security practices and procedures that define specific business direction and constraints;
  • Assess organizational needs and collaborate with management and staff to develop strategic plans to promote cyber security;
  • Review, conduct, or contribute to audits of organizational cyber security programs and projects;
  • Draft and publish cyber security plans and practices;
  • Interpret and apply applicable laws and regulatory documents into cyber security strategies and objectives;
  • Monitor the application of cyber security plans; and
  • Establish and maintain communication channels with management, staff, and users on existing and proposed strategic plans and communicate any changes.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in an applicable field related to cyber security (e.g.; Business Administration, Economics, Political Science, Social Sciences or equivalent); and
  • Previous training and experience in security or strategic planning and development – 1-3 years of experience for entry-level; five years of experience for advanced-level.
  • Individuals employed in this role can have diverse levels of cyber security expertise and may not have any background in the work domain. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Current and emerging technology and cyber security technologies;
  • Technological trends and security risks and their potential impact on cyber security practices;
  • Applicable laws, regulations and guidelines as they relate to cyber security;
  • Leveraging best practices and lessons learned of external organizations with a cyber focus;
  • Identify gaps in cyber security practices and programs;
  • Using risk or threat assessments in preparing strategic plans; and
  • Develop, draft, and communicate cyber security practices in support of organizational goals and activities.

Key Proficiencies

Research, Analytical, Problem-solving, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

4.6 Business Analyst


Basic Job Description

Performs an extensive range of complex technical and/or professional work, such as assesses and improves an organization’s processes and systems, and analyzes its business model.

Cyber Security Related Tasks

  • Report on key metrics related to information quality and security, cyber security issues, etc.;
  •  
  • Define, develop and manage policies, controls, standards, and processes for creation of regular operational security metrics for continuous improvement;
  • Ensure compliance with cyber security policies, laws, regulations, and practices;
  • Develop or contribute to business cases, including assessing costs and risks for implementing effective cyber security solutions;
  • Collaborate with stakeholders to deliver strategic initiatives throughout the system life cycle;
  • Advise and report on security requirements and risk management process activities, including performing impact assessments as part of disaster recovery and contingency plans;
  • Ensure proper risk management is performed at the program and project levels.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Business Administration, Commerce, Economics, Technology Management, IT Risk Management, or equivalent); and
  • Previous training and experience in cyber security is preferred.
  • Individuals employed in this role can have diverse levels of cyber security expertise and may not have any background in the work domain. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Information and data analysis techniques;
  • A working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security and integrity, security requirements, and the functional and technical design of networks and system, and cyber security solutions;
  • Risk management processes, responsibilities and authorities;
  • Cost/benefit analysis, revenue and cost forecasting, etc.;
  • System life cycle management principles, including software security and usability; and
  • Develop risk or impact assessments, business cases, and risk management documents.

Key Proficiencies

Research, Analytical, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

4.6 Business Analyst


Basic Job Description

Performs an extensive range of complex technical and/or professional work, such as assesses and improves an organization’s processes and systems, and analyzes its business model.

Cyber Security Related Tasks

  • Report on key metrics related to information quality and security, cyber security issues, etc.;
  •  
  • Define, develop and manage policies, controls, standards, and processes for creation of regular operational security metrics for continuous improvement;
  • Ensure compliance with cyber security policies, laws, regulations, and practices;
  • Develop or contribute to business cases, including assessing costs and risks for implementing effective cyber security solutions;
  • Collaborate with stakeholders to deliver strategic initiatives throughout the system life cycle;
  • Advise and report on security requirements and risk management process activities, including performing impact assessments as part of disaster recovery and contingency plans;
  • Ensure proper risk management is performed at the program and project levels.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Business Administration, Commerce, Economics, Technology Management, IT Risk Management, or equivalent); and
  • Previous training and experience in cyber security is preferred.
  • Individuals employed in this role can have diverse levels of cyber security expertise and may not have any background in the work domain. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Information and data analysis techniques;
  • A working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security and integrity, security requirements, and the functional and technical design of networks and system, and cyber security solutions;
  • Risk management processes, responsibilities and authorities;
  • Cost/benefit analysis, revenue and cost forecasting, etc.;
  • System life cycle management principles, including software security and usability; and
  • Develop risk or impact assessments, business cases, and risk management documents.

Key Proficiencies

Research, Analytical, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

4.7 Communications


Basic Job Description

Develops and implements communication strategies and resources in support of an organization’s cyber security goals and objectives.

Cyber Security Related Tasks

  • Develop and implement cyber security communication products; including translating organization policies into clear outgoing cyber security messages;
  • Review incoming communications for the organization as it relates to cyber security;
  • Provide guidance on cost/benefit analysis process by establishing and administering policies, processes, and procedures;
  • Communicate the value of cyber security through all levels of the organization;
  • Provide cyber security and risk management guidance for development of business continuity operations, strategic plans, and procedures;
  • Ensure that cyber security action plans are reviewed, validated, and implemented as required;
  • Develop or contribute to business cases, including conducting cost/benefit analysis and risk analysis for implementing effective cyber security communication products;
  • Recognize a possible cyber security incident and take appropriate measures to report the incident;
  • Provide guidance on issuing key messages during routine and crisis cyber security events; and
  • Conduct and coordinate media events to bring awareness to effective cyber security solutions.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a related field (e.g., Business Administration, Commerce, Communications, Public Relations, IT Risk Management, or equivalent); and
  • Previous training and experience in Communications or cyber security is preferred – 1-4 years of experience for entry-level. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Maintain a working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security and integrity, security requirements, and the functional and technical design of cyber security solutions;
  • Risk management processes, responsibilities and authorities;
  •  
  • Communications security terminology, guidelines, and procedures;
  • Cost/benefit analysis, risk analysis, etc.;
  • Resource management principles and techniques; and
  • Develop business cases and risk management documents.

Key Proficiencies

Research, Analytical, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

4.8 Disaster Recovery Planner


Basic Job Description

Develops, tests, implements, and manages emergency responses, recovery and resumption processes, procedures and/or plans, as needed, to recover and protect an organization’s IT infrastructure, (e.g., networks, systems, controls) in the event of a disaster.

Cyber Security Related Tasks

  • Establish, maintain and test disaster recovery and contingency plans for potential disaster and operation interruption scenarios;
  • Develop disaster recovery and contingency budgets;
  • Interpret national and provincial laws and regulations, and ensure compliance of contingency and disaster recovery plans;
  • Develop and maintain risk and impact assessments of disasters on organization functions and information systems;
  • Develop and administer disaster recovery and contingency plan training; and
  • Coordinate crisis communications.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Business Administration, Commerce, Economics, IT Risk Management or equivalent);
  • Certifications an asset: EC-Council certifications; and
  • Individuals typically employed in this role have extensive experience in either security or IT incident response coordination or management. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Risk management processes, responsibilities and authorities;
  • Risk identification, risk documentation, risk analysis, risk reduction and risk reporting;
  • Business continuity and disaster response planning;
  • Cost/benefit analysis, revenue and cost forecasting, etc.;
  • Maintain a working knowledge of cyber security principles and elements; and
  • Applicable laws, regulations and guidelines as they relate to cyber security.

Key Proficiencies

Business Acumen, Problem-solving, Organizational, Time Management, Attention to Detail, Interpersonal, Communication skills

4.8 Disaster Recovery Planner


Basic Job Description

Researches, analyzes, and acquires inventory and services for the organization.

Cyber Security Related Tasks

  • Research and analyze technical and cyber security solutions available on the market that best meet the organization’s needs;
  • Assess and document any cyber security risks throughout the procurement life cycle;
  • Ensure compliance with purchasing guidelines and with cyber security policies, regulations, and procedures of the organization;
  • Ensure compliance with security requirements of organization networks and systems;
  • Coordinate with cyber security experts to regularly monitor systems and to update organization policies and procedures;
  • Develop and maintain risk assessments and related reports on vendors and procured products and services, based on reliability and credibility;
  • Coordinate with the finance department, the organization and the vendor to negotiate terms or agreement and conditions; and
  • Research and analyze market trends based on sales and performance data, forecast future opportunities, and make procurement recommendations to management.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g.; Business Administration, Economics or equivalent); and
  • Previous training and experience in cyber security is preferred.
  • Individuals employed in this role can have diverse levels of cyber security expertise. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Cost/benefit analysis and forecasting, etc.;
  • Maintain a working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security requirements, and the functional and technical design of networks and system, and cyber security solutions;
  • Applicable laws, regulations and guidelines as they relate to cyber security;
  • System life cycle management principles, including software security and usability; and
  • Develop risk assessments.

Key Proficiencies

Analytical, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

4.9 Procurement Analyst


Basic Job Description

Researches, analyzes, and acquires inventory and services for the organization.

Cyber Security Related Tasks

  • Research and analyze technical and cyber security solutions available on the market that best meet the organization’s needs;
  • Assess and document any cyber security risks throughout the procurement life cycle;
  • Ensure compliance with purchasing guidelines and with cyber security policies, regulations, and procedures of the organization;
  • Ensure compliance with security requirements of organization networks and systems;
  • Coordinate with cyber security experts to regularly monitor systems and to update organization policies and procedures;
  • Develop and maintain risk assessments and related reports on vendors and procured products and services, based on reliability and credibility;
  • Coordinate with the finance department, the organization and the vendor to negotiate terms or agreement and conditions; and
  • Research and analyze market trends based on sales and performance data, forecast future opportunities, and make procurement recommendations to management.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g.; Business Administration, Economics or equivalent); and
  • Previous training and experience in cyber security is preferred.
  • Individuals employed in this role can have diverse levels of cyber security expertise. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Cost/benefit analysis and forecasting, etc.;
  • Maintain a working knowledge of cyber security principles and elements;
  • Technical knowledge to understand data security requirements, and the functional and technical design of networks and system, and cyber security solutions;
  • Applicable laws, regulations and guidelines as they relate to cyber security;
  • System life cycle management principles, including software security and usability; and
  • Develop risk assessments.

Key Proficiencies

Analytical, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

4.10 Chief Information Security Officer


Basic Job Description

Establishes, maintains and oversees organization-wide cyber security operations and programs, procedures and policies, systems and assets, and budget and resources, ensuring the protection of information assets.

Cyber Security Related Tasks

  • Direct and approve the design of cyber security risk management programs and systems;
  • Lead and align cyber security priorities with strategic plans;
  • Identify, acquire and oversee management of financial, technical and personnel resources required to support cyber security objectives;
  • Advise senior management on cyber security programs, policies, processes, standards, and procedures;
  • Oversee implementation strategies and requirements to ensure procedures and guidelines comply with cyber security policies;
  • Ensure disaster recovery plans, business continuity operations, and procedures are implemented and tested;
  • Review and approve cyber security policies, controls and incident response planning;
  • Initiate, facilitate and promote awareness of cyber security issues within the organization and ensure cyber security priorities are reflected in the organization’s vision and goals;
  • Review investigations after cyber incidents, including impact analysis and recommendations for avoiding similar vulnerabilities;
  • Oversee protective or corrective measures when a cyber incident or vulnerability is discovered;
  • Maintain a current understanding of the cyber threat landscape for the organization context;
  • Ensure compliance with cyber security policies, laws, regulations, and procedures;
  • Schedule periodic security audits and reviews;
  • Oversee identity and access management;
  • Prepare financial forecasts for cyber security operations and proper maintenance coverage for information and security assets; and
  • Provide leadership, training opportunities and guidance to personnel.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Business Administration, Computer Science, IT Management, Information Security, or equivalent). A Master’s in Business Administration or a Master’s in Cyber Security is an asset;
  • Certifications an asset: Global Information Assurance Certification (GIAC); Computing Technology Industry Association (CompTIA); Certified Information Systems Security Professional (CISSP); and
  • Previous training and experience in IT security infrastructure, requirements analysis or program management is preferred – 10+ years of relevant IT experience with at least 5+ years of that experience in management. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Technical knowledge of networks, computer architecture, data structures, and algorithms;
  • Cryptography and cryptographic key management concepts;
  • Maintain a working knowledge of cyber security and privacy principles and elements;
  • Network access, identity, and access management;
  • System life cycle management principles, including software security and usability;
  • Business analysis techniques;
  • Information and data analysis techniques;
  • Risk management processes, responsibilities and authorities;
  • Cost/benefit analysis, revenue and cost forecasting, risk analysis, etc.;
  • Resource management principles and techniques; and
  • Applicable laws, regulations, policies and ethics as they relate to cyber security; and
  • Technological trends and security risks and their potential impact on cyber security policies.

Key Proficiencies

Research, Analytical, Problem-solving, Organization, Time Management, Interpersonal, Communication skills

4.11 Cyber Security Manager


Basic Job Description

Manages detection, prevention, response, and recovery of cyber incidents and threats; ensures computer networks and systems are well protected against cyber-attacks, intrusions, and various types of data breaches.

Cyber Security Related Tasks

  • Monitor and assess all aspects of cyber security activities and infrastructure and address any issues;
  • Provide expert strategy, threat, and technical advice, guidance, and support on irregular/malicious activities and potential threats to network resources;
  • Define, develop, implement, maintain, and review cyber security policies and procedures;
  • Ensure compliance with cyber security policies, regulations, and procedures of the organization,
  • Implement security measures, controls, and protocols to protect digital files and information systems against cyber incidents or threats;
  • Maintain awareness of key trends and reporting, and understand how they impact responses to cyber incidents, or threats;
  • Lead the underlying operations and procedures that support the organization’s activities;
  • Establish and maintain communication channels with stakeholders on cyber security;
  • Develop, deliver, and oversee training material and educational efforts; and
  • Identify and address cyber security workforce planning and management issues.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Computer Engineering, Computer science, Information Technology or equivalent). A Master’s degree is an asset;
  • Certifications an asset: Global Information Assurance Certification (GIAC); Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); and
  • Previous training and experience in network security is preferred – 5-10 years of experience. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Technical knowledge of networks, computer architecture, data structures, and algorithms;
  • C, C++, Java, Python, and similar computer programming languages;
  • Cryptography and cryptographic key management concepts;
  • A working knowledge of cyber security and privacy principles and methods (e.g., firewalls, encryption, virtual private network devices);
  • Authentication, authorization, and access control methods, mechanisms;
  • Controls related to the use, processing, storage and transmission of data;
  • Network access, identity, and access management;
  • Network protocols and packet analysis tools;
  • Operating systems and system administrations hardening techniques;
  • Intrusion detection system (IDS)/Intrusion prevention system (IPS), penetration and vulnerability testing;
  • System testing and evaluation methodologies and processes;
  • Data loss prevention (DLP), anti-virus and anti-malicious software;
  • Incident response and handling methodologies;
  • Current and emerging technology and cyber security technologies;
  • Risk management policies, requirements, and practices;
  • Resource management principles and techniques;
  • Develop threat assessments, audit reports, risk management documents; and
  • Applicable laws, regulations, policies and ethics as they relate to cyber security.
  • Key Proficiencies

Key Proficiencies

Analytical, Problem-solving, Organizational, Time Management, Interpersonal, Communication skills

4.12 Information Systems Security Manager


Basic Job Description

Manages information system security throughout the systems life cycle, and reports on information system performance in providing confidentiality, integrity, and availability.

Cyber Security Related Tasks

  • Monitor and assess all aspects of information systems security development and address any issues;
  • Assess technological trends and risks, and determine potential impact to system development;
  • Develop mechanisms to monitor and measure risk, compliance, and information assurance efforts;
  • Develop, conduct, and maintain security reviews and vulnerability and impact assessments, and direct responses to network or system intrusions;
  • Provide guidance for development of disaster recovery plans, business continuity operations, and procedures;
  • Review costs, design concepts, and any changes;
  • Review, implement, update, and document cyber security policies, standards, and procedures for organization;
  • Ensure compliance with cyber security policies, regulations, and procedures of the organization;
  • Resolve conflicts in laws, regulations, policies, or procedures;
  • Ensure compliance with security requirements of organization networks and systems;
  • Coordinate with information systems security experts to regularly monitor systems and controls, and to update organization policies and procedures;
  • Lead the underlying operations and procedures that support the organization’s activities;
  • Establish and maintain communication channels with stakeholders on information systems security;
  • Develop, deliver, and oversee training material and educational efforts; and
  • Identify and address cyber security workforce planning and management issues.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Computer Science, Mathematics, Network Technology, Computer Engineering or equivalent);
  • Certifications an asset: Certified Secure Software Lifecycle Professional (CSSLP); and
  • Previous training and experience in system development and security or system management is preferred. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Technical knowledge of networks, computer components, system protocols, cyber security-enabled software;
  • Principles in information security, engineering, networking, mathematics;
  • Cryptography and cryptographic key management concepts;
  • Concepts in operating systems, microprocessors, network access, identify, and access management, penetration testing;
  • Data security conceptions and functions;
  • Data security analysis methodologies, testing and protocols;
  • System design tools, methods, and techniques;
  • Secure coding and configuration techniques;
  • System life cycle management principles, including software security and usability;
  • System testing and evaluation methodologies and processes;
  • Conducting vulnerability scans and recognizing vulnerabilities in security systems;
  • Networking protocols and design processes;
  • System, application and data security threats, risks and vulnerabilities;
  • Designing countermeasures to identified security risks;
  • Risk management policies, requirements, and practices;
  • Business continuity and disaster response planning;
  • Cost/benefit analysis;
  • A working knowledge of cyber security principles and elements;
  • Industry standards and organizationally accepted analysis principles and methods; and
  • Develop and conduct risk or impact assessments, business cases, and risk management documents.

Key Proficiencies

Research, Analytical, Problem-solving, Organization, Time Management, Interpersonal, Communication skills

4.13 Project Manager


Basic Job Description

Manages information technology projects throughout their life cycle.

Cyber Security Related Tasks

  • Monitor and assess all aspects of cyber security projects and address any issues;
  • Assess technological trends and risks, and determine potential impact to projects;
  • Develop mechanisms to monitor and measure risk, compliance, and assurance efforts;
  • Provide cyber security and risk management guidance for development of business continuity operations, strategic plans, and procedures;
  • Review project costs, design concepts, and any changes;
  • Review, implement, update, and document cyber security policies, standards, and procedures;
  • Resolve conflicts in laws, regulations, policies, or procedures;
  • Review or conduct audits of security projects or reports, identifying any significant issues, initiating corrective action and ensuring that outstanding issues are followed up;
  • Lead the underlying operations and procedures that support the organization’s activities;
  • Establish and maintain communication channels with stakeholders on cyber security operational procedures that support the organization’s activities;
  • Prepare and publish risk management documents;
  • Develop, deliver, and oversee training material and educational efforts; and
  • Identify and address cyber security workforce planning and management issues.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g., Computer Science, Computer Engineer, Information Technology, Management Information Systems, System Engineer, or equivalent);
  • Certifications an asset: Project Management Professional (PMP); and
  • Previous training and experience in IT security infrastructure or project management is preferred. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Business analysis techniques;
  • Maintain a working knowledge of cyber security principles and elements;
  • Technical knowledge of computer and network systems, embedded security, and platforms;
  • Current and emerging technology and cyber security technologies;
  • Risk management policies, requirements, and practices;
  • Resource management principles and techniques;
  • System life cycle management principles, including software security and usability; and
  • Develop risk assessments, audit reports, risk management documents.

Key Proficiencies

Research, Analytical, Problem-solving, Organizational, Time Management, Interpersonal, Communications skills

4.14 Supply Chain Manager


Basic Job Description

Manages cyber security flaws and vulnerabilities in an organization’s supply chain operations, and to provide advice and guidance to help reduce these supply chain risks.

Cyber Security Related Tasks

  • Create processes and methods to gather supply chain information;
  • Define, develop, review, and maintain policies, standards, and processes for identifying, assessing, and mitigating supply chain risks;
  • Develop and maintain risk and threat assessments and related reports on vendors and procured products or services, based on risk or threat level;
  • Assess and document cyber security risks and vulnerabilities throughout the procurement life cycle;
  • Develop, maintain, and refine risk mitigation approaches and procedures;
  • Analyze cyber security solutions available on the market that best meet organizational needs;
  • Ensure compliance with cyber security policies, regulations, and procedures of the organization;
  • Ensure compliance with security requirements of organization networks and systems; and
  • Coordinate with cyber security experts to regularly monitor systems and controls, and to update organization policies and procedures;
  • Lead the underlying operations and procedures that support the organization’s activities;
  • Establish and maintain communication channels with stakeholders on supply chain;
  • Develop, deliver, and oversee training material and educational efforts; and
  • Identify and address cyber security workforce planning and management issue.

Commonly Requested Education, Training and Work Experience

  • Post-secondary education in a cyber or IT related field (e.g.; Business Administration, Computer Science, Computer Engineering or equivalent); and
  • Previous training and experience in cyber security preferred. Requested experience will depend on the organizational need.

Primary Training Requirements – Learning Outcomes

  • Information and data analysis techniques;
  • A working knowledge of cyber security and privacy principles and methods (e.g., firewalls, encryption, virtual private network devices);
  • Technical knowledge to understand data security and integrity, security requirements, and the functional and technical design of networks and system, and cyber security solutions;
  • Risk management processes, responsibilities and authorities;
  • System life cycle management principles, including software security and usability;
  • Current national supply chain processes;
  • Configuration management related to cyber security;
  • Applicable laws, regulations and guidelines as they relate to cyber security; and
  • Develop risk and threat assessments.

Key Proficiencies

Analytical, Problem-solving, Attention to Detail, Organizational, Time Management, Interpersonal, Communication skills

Date modified: