Senior It Security Specialist

Description:

The Senior IT Security Specialist monitors compliance with the university’s IT security policy and applicable laws; and coordinates investigation and reporting of security incidents. Working with the Information Technology Security and Network Services team, the incumbent monitors, assesses, and enhances the IT Security and Network’s appliances and applications, performs network penetration tests, applications’ vulnerability assessment and risk assessment reviews. Provides an IT infrastructure that effectively exploits technology for the benefit of faculty, staff and students. Provides technical support for integration of IT Security, Network and other IT systems by programming scripts in languages such as Python, Bash and PowerShell to interact with APIs with the goal of automating tasks, remediating incidents, enhancing and building tools.

Responsibilities:
Plans and leads the development for IT security systems and other related projects
Plans large and medium size IT-Security systems for use by faculty, staff and students. This may include: meeting with faculty, students and academic and administrative staff to determine detailed requirements; analyzing requirements for securing client and server applications and networked hardware and software.
Leads large and medium size system development projects and acts as a lead hand to supervise CCS staff participating in the design, testing and implementation of IT-Security systems.
Guides the software developers to the creation of secure software, implementing secure programming techniques that are free from vulnerabilities that can be exploited by an attacker.
Assists in the transfer of technology to other parts of CCS and to academic departments, including consulting, training and tutoring faculty, students working for faculty and staff in securing their computing equipment and identifying problems and opportunities for further system optimization.
Monitors and maintains IT security for Toronto Metropolitan University
Analyses how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised. Investigates traces left by complex attacks.
Identifies security vulnerabilities in target systems, networks, and applications in order to help the university improve its security. Identifies which flaws can be exploited to cause business risk. Provides crucial insights into the most pressing issues and suggests how to prioritize security resources.
Provides technical support for integration of IT Security, Network and other IT systems by programming scripts in languages such as Python, Bash and PowerShell to interact with APIs with the goal of automating tasks, remediating incidents, enhancing and building tools.
Maintains currency in IT Security, networking, network operating systems, client-server systems, operating systems, software engineering, programming and scripting, web applications, security standards and best practices.
Monitors and advises on information security issues related to the systems and workflow at TMUto ensure the internal security controls for the campus are appropriate and operating as intended.
Supports day-to-day administration of various firewalls and other security devices and applications.
Conducts campus-wide data classification assessment and security audits and manages remediation plans.
Develops IT security documents, policies, and procedures
Documents systems for staff, faculty and students, including electronic or paper publication of software designs, implementation, network diagrams and user documentation and reports regarding designs and costs. Works with CCS staff and others, as required, to produce academically useful and high-quality documentation.
Develops and publishes Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Collaborates with IT management, the legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.
Creates, oversees and maintains user security awareness. Prepares CCS documentation, including department policies and procedures, campus notifications, Web content, and CCS alerts.
Actively participates in the higher education security community such as Educause and Canheit.