Job Descriptions

Other Titles

• IT Security Systems Administrator
• Cybersecurity systems technician

Note: This role is most commonly found in large or medium-sized organizations.

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

Develops, creates, integrates, tests, and maintains information system security throughout the systems life cycle, and reports on information system performance in providing confidentiality, integrity, and availability and recommends corrective action to address deficiencies.

Duties and responsibilities

• Collaborate with key stakeholders to establish an effective cybersecurity risk management program.
• Ensure compliance with the changing laws and applicable regulations
• Define and review an organization’s information systems, and ensure security requirements recognize appropriate disaster recovery plans and business continuity functions, including any failover or backup requirements for system restoration
• Analyze existing security systems and make recommendations for changes or improvements
• Prepare cost estimates and constraints, and identify integration issues or risks to organization
• Research and develop a system security context, and define security assurance requirements based on industry standards and cyber security policies and practices
• Ensure the acquired or developed systems are consistent with an organization’s cyber security policies and practices
• Develop and conduct information system testing and validation procedures and report on functionality and resiliency
• Plan and support vulnerability testing and security reviews on information systems or networks to identify gaps, and examine controls and measures required to protect the confidentiality and integrity of information under different operating conditions
• Conduct trial runs of information systems to ensure security levels and procedures are correct and develop a security risk management plan;
• Support development of disaster recovery and continuity of operations plans for information systems under development
• Prepare technical reports that document system development process and subsequent revisions
• Document and address security throughout a system life cycle;
• Update and upgrade information systems as needed to correct errors, and to improve performance and interfaces
• Prepare reports on information systems patches or releases that would leave networks or systems vulnerable
• Develop countermeasures and risk mitigation strategies against potential exploitations of vulnerabilities in networks or systems
• Perform risk analysis whenever a system undergoes a change
• Develop, deliver, and oversee related cybersecurity training material and educational efforts related to role

Tools and Technology

• Strategic and business plans
• Threat and risk assessments
• Vulnerability management processes and vulnerability assessments
• Incident management processes and procedures
• Security event and incident management systems and/or incident reporting systems and networks,
• Cybersecurity risk management processes & policies
• Privacy and security legislation
• Organizational security infrastructure and reporting systems

Competencies

Basic application of the following KSAs:

• Integrated/organizational security concepts, principles and practice (software, system, data, physical and personnel) 
• Risk management policies, requirements, and practices;
• Business continuity and disaster response planning;
• Preventative technical, operational and management controls available and organizational responsibilities for those controls
• Sector/context relevant threats, business needs and technical infrastructure
• Project management
• Costing models and cost benefit analysis
• Cryptography and cryptographic key management concepts;
• Identity and access management
• Vulnerability management and penetration testing planning and processes
• Data security conceptions and functions, analysis methodologies, testing, and protocols
• Secure coding and configuration techniques
• Cybersecurity program management, measures and monitoring

Advanced application of the following KSAs:

• Industry standards and organizationally accepted system analysis principles and methods
• System design tools, methods, and techniques
• Computer architecture, data structures, and algorithms
• System life cycle management principles, including software security and usability
• System testing and evaluation methodologies and processes;
• System, application and data security threats, risks and vulnerabilities;
• Designing countermeasures to identified security risks;
• Configuring and using software-based computer protection tools
• Considerations for designing and hardware and software solutions
• Incident management and system recovery

Direct reports (if appropriate)

• To be completed by the user of this job description as appropriate

Qualifications

Education. Post-secondary education in a cyber or IT related field (e.g., Computer Science, IT systems administration, Computer Engineering or equivalent training and experience). 

Supporting training can include cybersecurity systems development tools, techniques and practices as well as Security throughout the system development lifecycle

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. This is an entry level role in cybersecurity that leverages previous IT and systems experience, following cybersecurity technical training, this work can lead to increased responsibilities in cybersecurity infrastructure roles and technical expertise.

Previous training and experience in system development.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.