Job Summary:

The IT & Cyber Security specialist is responsible for securing, supporting and coordinating the organization’s information technology infrastructure, cyber security operations, data security, systems administration, information protection practices, and technology risk management functions. The position provides technical leadership in the planning, implementation, monitoring, and maintenance of the organization’s digital systems and cyber security framework.

The role participates in organizational technology planning and exercises independent judgment in matters relating to cyber security operations, systems integrity, user access management, digital risk mitigation, technology procurement recommendations, and implementation of security protocols and operational standards.

The position supports organizational continuity, privacy protection, secure information management, regulatory compliance, and cyber resilience across all organizational systems and locations.

This position is excluded from the bargaining unit due to its confidential, strategic, policy-development, and operational oversight responsibilities relating to organizational technology systems, cyber security governance, information access controls, and confidential organizational information

Reports To: Information Systems Manager

Duties and Responsibilities

• Data Integrity
  • Maintain all data points within all systems across the organization.
  • Restrict and allow access to critical and confidential data within all systems across the organization.
  • Implement and monitor security controls to prevent unauthorized access, modification or corruption of confidential organizational data.
  • Create and maintain Conditional Access policies to restrict user access to confidential information.
  • Ensure that confidential information is safely stored, encrypted, and protected from unauthorized access by users or applications.
• Cyber Security Operations & Risk Management
  • Develop and implement comprehensive cybersecurity policies, standards, and operational protocols to protect organizational data and digital assets.
  • Conduct regular risk assessments, vulnerability scans, and system audits to identify potential security gaps and recommend remediation strategies.
  • Lead the development of business continuity and disaster recovery plans, specifically focusing on data integrity and system availability during security incidents.
  • Ensure organizational compliance with federal and provincial privacy laws (such as BC PIPA or FIPPA) and international security frameworks.
• Security Infrastructure & Operations
  • Design, configure, and administer advanced security safeguards, including the current Sophos security infrastructure for the network perimeter, LAN, servers, and workstations.
  • Manage Enterprise Identity and Access Management (IAM) protocols, including Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Role-Based Access Control to ensure the principle of least privilege.
  • Implement and maintain encryption standards for data at rest and data in transit across all organizational platforms and communication channels.
• Threat Intelligence & Incident Response
  • Monitor system logs and network traffic using Sophos Central, MS Entra logs, and interfaces for all the different network devices to detect, analyze, and respond to unauthorized access or malicious activity.
  • Lead incident response activities, including the investigation, containment, and eradication of security threats, followed by detailed post-incident forensic reporting.
  • Research and stay current on emerging cyber threats, vulnerabilities, and industry trends to proactively harden the organization’s security posture.
  • Coordinate with external cybersecurity partners, to perform regular external network penetration tests, and vulnerability assessments.
  • Access organizational data in relation to threats, ensuring integrity of data.
• Technical Leadership & Security Awareness
  • Provide technical guidance on the security implications of new hardware, software, and cloud integrations during the procurement and planning phases.
  • Develop and deliver cybersecurity awareness training for staff, focusing on phishing defense, social engineering, and secure data handling practices.
  • Oversee secure lifecycle management for all IT assets, ensuring that security patching and firmware updates are prioritized to mitigate known exploits.
• Decision-Making & Accountability
  • The position works with the Information Systems Manager to develop, implement and maintain:
    • cyber security operations.
    • information protection practices.
    • Information access and security.
    • systems administration.
    • access management.
    • operational technology risk.
    • infrastructure reliability.
    • technology continuity.
    • confidential information management.
    • implementation of organizational security controls.
    • prioritization of cyber security responses and remediation activities.
  • The position works with limited oversight, exercising a significant amount of independent decision making in relation to the management and use of critical and confidential organizational data and information.
• The position has access to all critical and confidential organizational, personnel, operational, technological, and security-related information and participates in matters involving organizational security governance and risk management related to this information

Qualifications, Education and Experience:

• Bachelor’s degree in:
  • Information Technology;
  • Computer Science;
  • Cyber Security;
  • Data Science;
  • Information Systems;
  • Network Administration;
  • Digital Forensics;
  • or a related field.

Preferred Certifications

• Preference may be given to candidates with one or more of the following:
• ITIL Fundamentals v4
• Security for MS SharePoint
• MS Dynamics and Office 365 suite
• Azure
• Power Platform
• MS Power Automate
• PowerShell Scripting & Automation
• Data Integration
• System Process Mapping
• Network+ or equivalent infrastructure certifications

Experience

• Minimum two (2) years of recent related experience in information technology, cyber security operations, systems administration, network administration, infrastructure support, or information security environments.
• Experience supporting cloud platforms, enterprise systems, security monitoring tools, endpoint protection platforms, or network infrastructure is preferred.
• Equivalent combinations of education, training, certifications, and experience may be considered.

Additional Knowledge, Skills & Abilities

• Knowledge of cyber security principles, threat mitigation practices, and information protection standards.
• Knowledge of network infrastructure, systems administration, cloud technologies, and enterprise technology environments.
• Ability to assess technology risks and recommend operational safeguards.
• Ability to maintain confidentiality and manage sensitive organizational information.
• Ability to coordinate multiple priorities in a dynamic operational environment.
• Ability to prepare technical documentation, reports, and operational procedures.
• Ability to communicate technical concepts effectively to non-technical users.
• Ability to exercise sound judgment and discretion in technology and security-related matters.
• Strong analytical, troubleshooting, and problem-solving skills

Core Competencies:

Indigenous Relations Behavioural Competencies:

• Cultural Agility is the ability to work respectfully, knowledgeably, and effectively with Indigenous people. It is noticing and readily adapting to cultural uniqueness in order to create a sense of safety for all. It is openness to unfamiliar experiences, transforming feelings of nervousness or anxiety into curiosity and appreciation. It is examining one's own culture and worldview, and to notice their commonalities, and distinctions with Indigenous cultures, and worldviews. It is recognition of the ways that personal and professional values may conflict or align with those of Indigenous people. It is the capacity to relate to or allow for differing cultural perspectives and being willing to experience a personal shift in perspective. Effectively to other people from diverse backgrounds with diverse views.

Behavioural Competencies

• Teamwork and Co-operation is the ability to work co-operatively with diverse teams, work groups, and across the organization to achieve group and organizational goals. It includes the desire and ability to understand and respond effectively to other people from diverse backgrounds with diverse views.

• Planning, Organizing and Coordinating involves proactively planning, establishing priorities, and allocating resources. It is expressed by developing and implementing increasingly complex plans. It also involves monitoring and adjusting work to accomplish goals and deliver to the organization's mandate.

• Service Orientation implies a desire to identify and serve customers/clients, who may include the public, co-workers, other branches/divisions, other ministries/agencies, other government organizations, and non-government organizations. It means focusing one’s efforts on discovering and meeting the needs of the customer/client.

• Results Orientation is a concern for surpassing a standard of excellence. The standard may be one’s own past performance (striving for improvement); an objective measure (results orientation); challenging goals one has set; or even improving or surpassing what has already been done (continuous improvement).

• Seeking and Using Feedback involves recognizing that improving performance and authenticity can occur through a reciprocal relationship. This requires an acknowledgement that here is an opportunity for mutual learning and development and levels the field in what is brought to supervision. Reciprocal learning can require active listening and modeling personal change in order to foster trust.

• Decisive Insight combines the ability to draw on one’s own experience, knowledge and training and effectively problem-solve increasingly difficult and complex situations. It involves breaking down problems, tracing implications and recognizing patterns and connections that are not obviously related. It translates into identifying underlying issues and making the best decisions at the most appropriate time. At higher levels, the parameters upon which to base the decision become increasingly complex and ambiguous and call upon novel ways to think through issues

• Reflective Practice is the ability to critically assess how one’s values, beliefs, ethics and culture influence decisions and relationships. An ability to demonstrate exemplary behaviour and curiosity regarding the perspectives of others, results in appropriate boundaries and insightful practice.

• Responsive Learning is facilitated through multiple approaches to encourage a deepening and expanding of skill sets with a view to continuing to build expertise that result in improved individual and organization outcomes.

Rate of pay: Annually $63,700 (An hourly rate of $35.00)

Start date: As soon as possible

Please apply for this position from our website at the following link https://www.metisfamilyservices.ca/mfs/join-us/employment/

This position is an excluded position.

Metis Family Services thanks all applicants for their interest in this career opportunity; however, only those considered for the position will be contacted.