Department: Cyber Security & Digital Solutions
Location: HALIFAX
Type of Employment: Permanent
Union Status: NSGEU - NSPG
Closing Date: 20-Aug-25 (Applications are accepted until 11:59 PM Atlantic Time)

ABOUT US

At CSDS, we prioritize people—both within our team and in the communities we serve. Our mission is to redefine how Nova Scotians engage with government by creating accessible, reliable digital solutions centered around user needs.
In today’s tech-driven world, CSDS empowers government departments with essential digital solutions to meet Nova Scotians’ expectations. As a trusted partner across government, we enable departments to fulfill their mandates with secure, user-friendly services. From healthcare and education to public safety, we collaborate to transform how services are designed and delivered.
We don’t just implement technology; we modernize outdated systems and reimagine processes. Our agile, data-driven approach ensures that digital services are both efficient and adaptable to Nova Scotia’s evolving needs.
Joining CSDS means contributing to work that makes a real difference. From providing vital tech support to healthcare professionals to strengthening cybersecurity and developing scalable digital platforms, you’ll play a key role in building a more inclusive, responsive government for Nova Scotians.
Together, we’re setting new standards for digital public service, delivering resilient solutions that meet today’s needs—and anticipate tomorrow’s challenges

PRIMARY ACCOUNTABILITIES

As the Senior Cyber and Risk Analyst, you will be responsible for:

• Collaborating with delivery teams, vendors, and stakeholders to embed security risk management throughout the delivery lifecycle and promoting a cybersecurity-by-design mindset.
• Building strong relationships across government, healthcare, and education sectors to support shared cybersecurity understanding and maturity.
• Understanding user needs and providing hands-on guidance on the design and implementation of effective cybersecurity controls and secure system architecture.
• Supporting delivery teams in assessing cybersecurity controls, defining cybersecurity requirements and providing training as needed.
• Effectively and efficiently managing cybersecurity risk assessment activities, including monitoring progress, documenting statuses, coordinating follow-up actions, and obtaining necessary approvals.

• Contributing to the development and refinement of cybersecurity policies, standards, and guidelines.Developing and maintaining dashboards and reporting tools using Power BI, PowerApps, SharePoint, and other Microsoft technologies.

QUALIFICATIONS AND EXPERIENCE

To be considered for this opportunity, you hold experience and expertise in the following areas:

• Bachelors Degree in Information Technology plus five (5) years of progressive experience in cybersecurity risk management; or graduation from a recognized Information Technology Program plus five (5) years and six (6) months same experience.
• Proven ability to define cybersecurity requirements using recognized frameworks (e.g. NIST, ISO/IEC 27001, CIS Controls).
• Experience in cloud security practices and controls (Azure, AWS, etc.).
• Experience with Threat Risk Assessments (TRAs), penetration tests, Web Application Vulnerability Scans (WAVS), system-level scans, and custom code scans.
• Familiarity with secure system design and modern delivery practices such as Agile and DevSecOps.
• Hands-on experience managing the cybersecurity risk assessment lifecycle, including tracking, documentation, follow-ups, and approvals.
• Strong written and verbal communication skills; able to translate technical risks for non-technical audiences.
• Experience collaborating with delivery teams, partners, and vendors, and providing guidance on cybersecurity requirements.
• Experience contributing to the security policies, standards, and procedures.
• Proficiency in Microsoft 365 tools including Power BI, PowerApps, SharePoint and related tools.

In addition, you have the following experience and skills:

• Information Security professional designations such as CISSP, CISM, CISA, Security+.
• Experience using the NIST SP 800-53 cybersecurity framework.
• Experience performing Cybersecurity Threat Risk Assessments (TRAs).
• User-centered, innovative and product management approaches to ensuring the secure delivery of services.

We will assess the above qualifications and competencies using one or more of the following tools: written examination, standardized tests, oral presentations, interview(s), and reference checks.

• Collaborating with delivery teams, vendors, and stakeholders to embed security risk management throughout the delivery lifecycle and promoting a cybersecurity-by-design mindset.
• Building strong relationships across government, healthcare, and education sectors to support shared cybersecurity understanding and maturity.
• Understanding user needs and providing hands-on guidance on the design and implementation of effective cybersecurity controls and secure system architecture.
• Supporting delivery teams in assessing cybersecurity controls, defining cybersecurity requirements and providing training as needed.
• Effectively and efficiently managing cybersecurity risk assessment activities, including monitoring progress, documenting statuses, coordinating follow-up actions, and obtaining necessary approvals.
• Contributing to the development and refinement of cybersecurity policies, standards, and guidelines.Developing and maintaining dashboards and reporting tools using Power BI, PowerApps, SharePoint, and other Microsoft technologies