Position: Sr. Information Security Consultant to help develop and implement security solutions that strengthen the organization’s
Our client is looking for a Sr. Information Security Consultant to help develop and implement security solutions that strengthen the organization’s resilience across technology, data, and business processes in the Municipal health space.
Overview:
The consultant will support the design of secure architectures, lead technical assessments, contribute to threat detection and response initiatives, and provide expert guidance on the adoption of best practices and regulatory compliance. The ideal candidate is a security professional with strong technical depth, the ability to collaborate with cross-functional teams, and a track record of translating security requirements into practical, scalable solutions.
The role will also contribute to the development and enhancement of our security service catalog, ensuring each service aligns with enterprise policies, risk management expectations, and legal and regulatory constraints.
Must Have's:
• 10+ years hands-on Information Security experience in roles involving security engineering, security architecture or security operations
• Have at least one of the following industry certifications –Certified Information Systems Security Professional (CISSP), (CISM) (CCSP) (CCIE)
• Experience leading or contributing to enterprise security projects involving technology integration, process enhancement, or control implementation.
• Experience in configuring, deploying, managing,
Endpoint Detection & Response (EDR) platforms (e.g. Microsoft Defender, Sentinel One).
• Experience with Vulnerability Management tooling, lifecycle processes, remediation validation, and reporting (e.g., Qualys, Veracode).
• Experience in Next-Generation Firewall (NGFW) capabilities, including Secure Sockets Layer (SSL)inspection, threat prevention, content filtering, micro-segmentation, application control, and network policy tuning.
• Must be able to travel within Saskatchewan as required to support site visits across multiple locations- not often, most work is Remote
Nice to Have's:
• Experience in Security Information and Event Management (SIEM) use cases, tuning, threathunting integration, and log onboarding (e.g. Splunk, Sentinel, Sumo Logic).
• Experience in Cloud and Hybrid Security technologies, with hands-on understanding of native controls (e.g. Azure Defender).
• Extensive experience in Intrusion Prevention and Detection (IPS/IDS) including deployment, tuning, ruleset management, and vendor-agnostic architectures.
• Working knowledge of regulatory and security frameworks (e.g. ISO , NIST, CIS Controls, PCI-DSS, PIPEDA/FOIP, HIPA/PHI).
• Experience with threat intelligence, security analytics, deep-learning or machine-learning-based detection and SIEM use cases.
• Experience in managing PKI and certificate lifecycle operations, including certificate issuance, renewal automation, revocation, Certificate Revocation List / Online Certificate Status Protocol (CRL/OCSP) configuration, key rotation, and secure management of private keys.
• Experience in implementing and managing enterprise email security controls, including antiphishing protections, malware scanning, data loss prevention (DLP), and enforcement of Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) policies (e.g. Defender for Office – Exchange Online Protection (EOP))
• Demonstrated ability to interpret enterprise architecture artifacts (e.g. network diagrams, cloud reference models, solution architectures) and derive appropriate security controls, while identifying design gaps that require remediation.
• Experience in leading or coordinating security incident response activities, including investigation, containment, root cause analysis, recovery support, and post-incident reporting, with the ability to guide technical teams, engage MSSPs, and communicate impacts to leadership.
• Successfully contributed to the development and enhancement of the enterprise security service catalog, ensuring that services are clearly defined, measurable, and aligned with organizational security policies, enterprise risk management expectations, and applicable legal and regulatory obligations.
Responsi…
