Job Descriptions

Note: This role is most commonly found in large or medium-sized organizations.  

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

Develops algorithms, ciphers, and security systems to encrypt information/Analyzes and decodes secret messages and coding systems.

Duties and responsibilities

• Collaborate with key stakeholders to establish an effective cybersecurity risk management program
• Ensure compliance with the changing laws and applicable regulations
• Develop systems for protection of important/sensitive information from interception, copying, modification and/or deletion
• Evaluate, analyze and target weaknesses and vulnerabilities in security systems and algorithms
• Develop statistical and mathematical models to analyze data and troubleshoot security problems
• Develop and test computational models for reliability and accuracy
• Identify, research and test new cryptology theories and applications
• Decode cryptic messages and coding systems for the organization
• Develop and update methods for efficient handling of cryptic processes
• Prepare technical reports that document security processes or vulnerabilities
• Provide guidance to management and personnel on cryptical or mathematical methods and applications
• Support countermeasures and risk mitigation strategies against potential exploitations of vulnerabilities related to cryptographic systems and, algorithms
• Provide insights and guidance related to quantum safety and quantum resistant strategies
• Support incident management and post-analysis in the event of a compromise to encryption/cryptographic processes or systems.
• Develop, deliver, and oversee related cybersecurity training material and educational efforts related to role
• Guide and support encryption specialists as required

Tools and Technology

• Threat and risk assessments
• Vulnerability management processes and vulnerability assessments
• Incident management processes and procedures (crypto/encryption related)
• Cybersecurity risk management processes & policies
• Privacy and security legislation
• Cryptographic algorithms, ciphers and systems
• Key management policies and plans
• Organizational security infrastructure and reporting systems

Competencies

Underpinning this occupation are those competencies demonstrated for an executive level which include those identified within the US NICE Cybersecurity Workforce Framework.

Basic application of the following KSAs:

• Integrated/organizational security concepts, principles and practice (software, system, data, physical and personnel) 
• Preventative technical, operational and management controls available and organizational responsibilities for those controls
• Sector/context relevant threats, business needs and technical infrastructure
• Information and data requirements including sensitivity, integrity and life-cycle
• Applicable computer programming languages
• Cybersecurity program management, measures and monitoring

Advanced application of the following KSAs:

• Advanced threats and crypto breaking /decryption capabilities
• Applicable laws, legal codes, regulations, policies and ethics as they relate to cyber security; and
• Computer architecture, data structures, and algorithms
• Linear/matrix algebra and/or discrete mathematics
• Probability theory, information theory, complexity theory and number theory
• Cryptography and cryptographic key management concepts;
• Principles of symmetric cryptography (e.g., symmetric encryption, hash functions, message authentication codes, etc.)
• Principles of asymmetric cryptography (asymmetric encryption, key exchange, digital signatures, etc.)
• Incident response requirements for cryptographic compromise
• Technical report writing

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education. Post-secondary university degree in Computer Engineering, Computer Science, or Mathematics. A Master’s of Science or Doctorate is preferred.

As required to support organizational technical context (e.g. local tools, processes and procedures)

A highly specialized cybersecurity activity, this role is filled by experienced and educated professionals who are interested in this field. Opportunities exist for increased specialization and advanced research and studies in the field. 

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. In addition to academic credentials, entry level roles normally requires 3-5 years’ experience in an IT/systems domain with familiarity of encryption and key management activities.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.