Atlantic Lottery (AL) is seeking a NIST Specialist located in Moncton, NB.
Work Location: Office or Hybrid (2 days/week in Moncton office)
As the National Institute of Standards and Technology (NIST) Specialist, you will be a member of the Cybersecurity team and will play a pivotal role in ensuring Atlantic Lottery's adherence to NIST Cybersecurity Framework (CSF) V2 guidelines and best practices. You will be responsible for ensuring the successful implementation of NIST CSF V2 guidelines and security controls. Strong collaboration is expected as you will be required to work closely with a variety of teams in the field of IT, Business, Key Stakeholders, and internal & external Security Experts to safeguard our systems and data in alignment with NIST CSF V2 Framework.
Salary Band: A reasonable estimate of the pay range for this role is between $75,000 to $90,000 at the time of this posting. Individual pay is determined by factors such as job-related skills, market conditions, relevant experience, education, training and internal equity.
Posting Closes: September 29, 2024
NIST Compliance Assessment:
- Oversee the development, implementation, and maintenance of the organization's cybersecurity control framework (NIST CSF).
- Evaluate existing processes, policies, and technical controls against NIST guidelines.
- Perform root-cause analysis of underperforming metrics. Identify gaps and recommend corrective actions to achieve compliance.
- Ensure that the control framework is leveraged to systematically identify and prioritize cybersecurity activities based on risk exposure and potential impact.
Security Controls Assessment:
- Continuously assess and monitor the effectiveness of existing controls, identify potential vulnerabilities and recommend improvements.
- Apply a risk-based approach to determine the appropriate level of security controls for different assets and systems.
- Assist in gap analysis and recommend appropriate security measures.
Advisory Role:
- Act as an advisor to Teams across the organization. Provide guidance on NIST compliance, readiness, and scoping.
- Advise and lead cross-functional teams to ensure that security controls align with business goals and regulatory requirements.
- Collaborate closely with cross departmental teams, vendors and suppliers, to integrate security measures seamlessly into their existing processes and technologies.
Security Plan Development:
- Collaborate with Cybersecurity team to select, tailor, and supplement security controls based on organizational guidelines.
- Responsible for ensuring the completeness and accuracy of remediation projects/initiatives and associated information.
- Document decisions in the NIST maturity plan, providing clear rationale for each choice.
Risk Management:
- Develop risk mitigation strategies and communicate findings to stakeholders.
- Conduct regular risk assessments based on NIST frameworks (e.g., NIST SP 800-53).
- Work with risk management teams to translate cybersecurity risks into the broader enterprise risk context.
- Analyze threats, vulnerabilities, and potential impacts.
Security Documentation:
- Ensure accurate and up-to-date documentation related to NIST compliance efforts, cybersecurity controls, processes, and incident responses are created and maintained.
- Validate and prepare regular reports for management detailing the status of the cybersecurity control framework, emerging threats, recommended actions, and progress in addressing identified risks.
Security Awareness and Training:
- Educate employees on NIST principles and best practices.
- Foster a NIST framework conscious culture within the organization.
Education and Experience:
- Bachelor's degree in computer science, Information Security, or a related field.
- (Preferred) NIST implementation experience (e.g., NIST Cybersecurity Framework V2, NIST SP800-53, NIST SP 800-161 (Cybersecurity Supply Chain Risk Management (C-SCRM).
- 5+ years' experience in IT technology, operations in a large company with a minimum 5 years in a cybersecurity control framework delivery role.
- Strong knowledge and understanding of IT/cyber risk management concepts.
- Information Security Certification (i.e., CISSP or others) is an asset.
- In-depth knowledge of cybersecurity control frameworks (NIST, ISO, etc.).
- In-depth knowledge of emerging cybersecurity threats, attack vectors, and mitigation strategies.
- Experience working within multidisciplinary and collaborative environments.
Professional Skills:
- Advanced proficiency in NIST CSF V2 guidelines, frameworks, and controls;
- Ability to assess complex security and business scenarios and propose effective solutions;
- Strong communication skills to collaborate with technical and non-technical stakeholders;
- Exceptional analytical, organizational and communication skills;
- Self-motivated and independent worker;
- Possess investigative nature and be self-motivated;
- Results-oriented with proactive and methodical approach to problem solving;
- Able to multi-task and work under pressure against tight deadlines and changing priorities;
- Must be a team player with ability to work closely with diverse groups and working styles;
- Ability to establish and maintain effective business relationships;
- Flexibility and willingness to work extended hours, when required.
Assets:
- Experience with PCI-DSS controls.
AL Benefits:
- Extended health coverage that includes medical, dental, and vision.
- Basic life insurance and disability.
- Defined Benefit Pension Plan.
- Three weeks of vacation annually (pro-rated) and 13 paid statutory holidays. Plus, we have a vacation purchasing program.
- Flexible Workplace Arrangements (Hybrid or Office)
- Wellness Support: Wellness programs focused on physical and nutritional health (and more), 3 paid personal care days and a 24/7 Employee & Family Assistance Program.
- Two volunteer days per year.
- Career advancement opportunities.
Recruitment Process: The last couple of years has accelerated change across our workplace, including our hiring practices! As a result, throughout your application process, you may be asked to connect with us virtually, and may not be required to meet in-person. All interviews are conducted in English, our working language, unless otherwise stated.
Internal Employees: Internal Employees interested in this opportunity must be in "good standing," which includes meeting expectations on their last performance review. Performance improvement plans, disciplinary action, attendance, mandatory training, and other performance related items will also be taken into consideration when determining the applicant's "good standing" status.
Eligibility to Work in Canada: As applicable, candidates must have acquired all required work permits/visas and other authorizations and otherwise be eligible to work in Canada at the time any offer of employment is made by AL. It is the sole responsibility of the candidate to obtain all required work permits/visas and other authorizations.
We are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodations), please let us know and we will work with you to meet your needs.
We thank all applicants for their interest, however, only those selected for an interview will be contacted. Please note that the successful candidate will be subject to reference and criminal/educational background checks prior to employment.
