Information Security Program Manager

Date Posted: 12/13/2023
Req ID:35383
Faculty/Division: Faculty of Applied Science & Engineering
Department: Faculty Information Technology Office
Campus: St. George (Downtown Toronto)
ABOUT US
The Faculty of Applied Science & Engineering is a world-renowned community of researchers and students dedicated to solving some of the world's most pressing challenges through collaborative and multidisciplinary research and experiential education. Through rigorous technical training, and unparalleled extracurricular and professional experience opportunities, we prepare the next generation of engineering leaders and changemakers to unlock the future's boundless potential.
The Faculty's Information Technology Office provides the vision and leadership for the development and implementation of technological information systems, processes, and associated technology to support Faculty of Applied Science and Engineering academic mission and administrative operations. The Faculty Information Technology Office is comprised of a team of highly motivated IT professionals who work collaboratively with colleagues in administrative units and academic departments across the Faculty to provide timely, quality service and innovative technological solutions.
YOUR OPPORTUNITY
Faculty of Applied Science and Engineering is distributed and complex, serving the needs of teaching, research and administration in academic units and institutes. Divisional and departmental IT teams are responsible for ensuring that technology is delivered and stewarded with security and risk focus and in alignment with institutional guidelines and direction.
Reporting to the Director, Information Technology and with input, as required, from a dotted line reporting relationship to the Chief Information Security Officer (CISO) of the University, the Information Security Program Manager provides strategic leadership and tactical planning, evaluation, design, development, implementation, and overall management and support of the Faculty’s Information Security and Risk Management Program.
The Manager is responsible for working with Information Technology staff and resources at the Faculty of Applied Science and Engineering and across the University to efficiently and effectively address the management, control, and protection of Digital Assets in support of Faculty’s education and research mission. The Manager is also responsible for conducting and facilitating risk and privacy assessments, overseeing maintenance of the data asset inventory, leading incident response and investigations, and ensuring on-going cybersecurity outreach. Work is done in the context of existing policy, guidelines and applicable legislation in a fluid, consultative environment.
The Manager works with academic departments and units across the Faculty with the aim of minimizing the risk of compromise to all Faculty’s IT services and resources, analyzing gaps and vulnerabilities, effectively solving security and privacy risk issues, integrating new systems with current systems, and initiating projects to augment and improve service delivery.
The Manager oversees the monitoring of cyber threats and works to ensure systems, servers and computing solutions administered by the Faculty and academic units are secure, available, and that appropriate disaster recovery and business continuity plans are in place and regularly tested.
The Manager collaborates with departmental and faculty-wide groups (ISTEP, Engineering Computing Facility, Engineering Career Center, Office of the Registrar, Recruitment, etc. …) to ensure that all projects containing confidential and restricted information follow the Information Security standards and best practices for Identity and Access Management, Information Disclosure, Information Integrity, Business Continuity and Protection of Privacy.
As the key senior project team member for major security initiatives and solutions, the Manager provides expertise at all stages of each project, from design to delivery, ensuring current, high-quality innovative and advanced solutions are being applied in accordance with service best practices, and evaluating appropriateness for final use to effectively achieve and optimize the security of services to the Faculty.
The Manager establishes and manages strong relationships with all levels of the FASE community including executive leadership, project teams, clients, stakeholders, and academic departments across the Faculty and the University of Toronto to promote cybersecurity awareness. Work is done in collaboration with institutional partners including other academic Divisions, IT&S, FIPP office and others.
As a member of the FASE management team, the incumbent tables proposals to augment and/or improve services delivered and participates in reviewing proposals from others. The incumbent’s in-depth technical expertise and teamwork approach to organizational issues are called upon not only in day-to-day developments but also in tactical and strategic planning efforts.
The Manager oversees a team of technically savvy individuals in the infrastructure unit and manages IT enterprise projects with a strong business-oriented focus. The Manager allocates project related human resources and work force planning, directing staff efforts and assigning project priorities. The Manager is responsible for financial and contract management and prepares and manages project budgets. The Manager is also responsible for the initiation and successful negotiation of a wide variety of contracts covering hardware, software, consulting and professional services, and is responsible for the management of budget expenditures and recoveries and for completing projects in a timely, accurate and cost-effective manner.
While the Manager’s primary responsibilities are centered around Information Security and IT Risk Management, the Manager will also deploy similar mechanisms and approaches to champion and progress models, templates and documentation for IT availability, business continuity, disaster recovery planning and audits.
The Information Security Program Manager serves on University committees, and has frequent contact with academic departments, instructors, and the research enterprise, to advise on security and privacy considerations, global threat landscape, nation state actors and cybercrime.
QUALIFICATIONS
EDUCATION:
University degree in Computer Science, Engineering, or an equivalent combination of education and experience. A Graduate Degree and certifications in Information Security and management, such as CISSP, CISM, CISA, PMP, CRISC or other relevant certifications, are an asset.
EXPERIENCE:
Information Security
style="margin-bottom:7.0px;margin-top:7.0px"-
-At least eight (8) years of experience working in the IT industry, with a focus on Information Security.
-Proven experience in planning, organizing, and developing IT security and facility security system technologies. Expert level understanding of Information Security technologies and concepts, including Information Security and defense solutions.
-Experience developing and adopting Information Security standards and guidelines.
-Extensive experience using network and security analysis tools, with a focus on intrusion detection and prevention – host and network, active and passive.
-Experience managing Information Security incident response and investigations; demonstrated aptitude for security/or major incident management; ability to quickly analyze and interpret forensic information and evidence.
-Excellent understanding of defense in depth strategies and implementation across the entire ecosystem (endpoints, servers, appliances, cloud, and network architecture, etc.) with strong ability to assess risks and controls of computing systems and operations.
-Experience auditing systems for compliance (PCI-DSS, PA-DSS, etc.).
Digital Infrastructure
style="margin-bottom:7.0px;margin-top:7.0px"-
-Strong understanding of IT Architecture concepts and security methodologies, with expertise in management of IT infrastructure, supporting business critical applications.
-Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including financial, human resources and email.
-Experience with systems design and development from business requirements analysis through to day-to-day management.
-Strong understanding of change and configuration management processes.
-Experience with deployment of policies, management of resource, and security controls within cloud-based platforms (Azure, Microsoft Entra ID, etc. …).
People Management
style="margin-bottom:7.0px;margin-top:7.0px"-
-At least five (5) years of experience in a team lead or senior/supervisory role.
-Experience leading and mentoring high performing teams, with a track record of driving results through process evaluation, design, and development.
-Experience working with a broad range of stakeholders and IT SMEs. Experience leading change and driving results through process evaluation, design, and development.
SKILLS:
style="margin-bottom:7.0px;margin-top:7.0px"-
-Strong and proven managerial, relationship management and leadership skills.
-Strong communication skills, both verbal and written.
-Excellent project management and problem-solving skills.
-Ability to master new technology quickly.
-Experience negotiating purchase agreements and contracts.
-Excellent instruction and presentation skills.
-Able to describe a variety of complex technical concepts or policies to users and senior leadership at all technical experience levels and to deliver security awareness and education content to faculty, staff, and graduate students.
OTHER:
style="margin-bottom