Address
Form of work
Salary Date Posted: 12/19/2023
Req ID:35425
Faculty/Division: Faculty of Arts & Science
Department: Information and Instructional Technology
Campus: St. George (Downtown Toronto)
Description:
About Us:
The Faculty of Arts & Science is the heart of Canada’s leading university and one of the world's most comprehensive and diverse academic divisions. The strength of Arts & Science derives from our combined teaching and research excellence in the humanities, sciences and social sciences across 29 departments, seven colleges and 46 interdisciplinary centres, institutes and programs.
We can only realize our mission with the dedication and excellence of engaged staff and faculty. The faculty's diversity of opportunities and perspectives reflects the local and global landscape and the need for curiosity, innovative thinking, and collaboration. At Arts & Science, we take pride in our legacy of innovation and discovery that has changed how we think about the world.
The Faculty’s divisional IT team, Information & Instructional Technology (IIT) and local, departmental IT teams are a crucial source of support for faculty teaching, research and administrative operations. IIT works closely and collaboratively with institutional teams as well as local IT teams to champion and support technology initiatives as well as provide some key division wide IT services. In addition, IIT supports the technology needs for numerous departments, centres, schools and institutes including day to day computing, infrastructure fulfillment (systems, networking and data centre), public web services and application development. We are a well-respected, service-oriented team that aims to deliver timely support and quality work, imperative for the smooth operation of our faculty.
Your Opportunity:
Reporting to the Director, Information & Instructional Technology and with input, as required, from a dotted-line reporting relationship to the Chief Information Security Officer (CISO) of the University, the Manager, Information Security provides program management, strategic leadership and initiative management for the faculty’s Information Security and IT Risk Programs. The Information Security Manager will be responsible for developing new division-wide security and risk programs and working collaboratively to help drive, implement, document and support the security of the faculty’s technology. The Manager supports both divisional and departmental IT teams to ensure that technology delivery is aligned with institutional guidelines, priorities, and direction.
This is an inaugural role which will help unify and motivate teams as well as explore and address the best and most effective approaches to driving a productive and focused risk and security culture. More specifically, the Manager provides strategic and tactical planning as well as technical project management which includes the evaluation, design, development, implementation, reporting, and overall management of numerous initiatives; some initiatives may be technically hands-on.
Working in alignment with other profile holding IT leaders, the Manager will be capable of overseeing technically savvy team members, managing team priorities and productivity and covering all aspects of business, HR and operational needs including financial management, budgets, procurement, contracts and intake. The Manager will draw from institutional, industry and peer best practices and maintain up-to-date knowledge of technology and advances and directions in IT security and IT risk, continually evaluating the performance of the faculty as well as analyzing gaps and vulnerabilities, effectively solving security and privacy risk issues and recommending and/or initiating projects to augment and improve services delivered.
As a member of the faculty’s management team, the Manager establishes and sustains strong relationships with all levels of the faculty’s community, including executive leadership, project teams, support teams, clients, stakeholders, as well as teams across the University of Toronto.
The Manager will work collaboratively with local faculty IT teams to evolve a mindset, model and work structure that ultimately enables divisional and departmental security and risk progression with a clear view of the faculty’s security and risk posture.
As an internal consultant, the Manager reviews proposals from departments using in-depth technical and subject matter expertise and partners with teams to recommend and deliver security solutions.
The Manager will lead information security incident response at a divisional level in coordination with faculty leadership and Information Technology Services - Information Security leadership. The Manager supports investigations, gathering forensic IT and security data and evidence and working with remediation teams, partners with relevant University departments as required and helps support unit and faculty business continuity activities.
Required Qualifications:
EDUCATION:
-University degree in Computer Science, Engineering, or an equivalent combination of education and experience.
-A Graduate Degree and certifications in information security and management, such as CISSP, CISM, CISA, PMP, CRISC or other relevant certifications, are an asset.
EXPERIENCE:
Information Security
-At least eight (8) years of experience working in the IT industry, with a focus on information security.
-Technical experience with the development and management of formal IT risk programs (i.e. technically driven risk reduction) considered a strong asset.
-Proven experience in planning, organizing, and developing IT security and facility security system technologies.
-Expert level understanding of Information Security technologies and concepts, including information security and defense solutions.
-Experience developing and adopting information security standards and guidelines.
-Extensive experience using network and security analysis tools, with a focus on intrusion detection and prevention – host and network, active and passive.
-Experience managing information security incident response and investigations.
-Demonstrated aptitude for security/or major incident management; ability to quickly analyze and interpret forensic information and evidence.
-Excellent understanding of defense in depth strategies and implementation across the entire ecosystem (endpoints, servers, appliances, cloud, and network architecture, etc.) with strong ability to assess risks and controls of computing systems and operations.
-Experience auditing systems for compliance (PCI-DSS, PA-DSS, etc.).
-Experience managing vendor solutions and contractors, including cloud technologies as well as related security and risk assessments.
-Experience with operational access management and identity access management systems and solutions; IAM roll-out experience is considered a strong asset.
Digital Infrastructure
-Strong understanding of IT Architecture concepts and security methodologies, with expertise in management of IT infrastructure, supporting business critical applications.
-Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including financial, human resources and email.
-Experience with systems design and development from business requirements analysis through to day-to-day management.
-Strong understanding of change and configuration management processes.
-Experience with deployment of policies, management of resource, and security controls within cloud-based platforms (Azure, Microsoft Entra ID, etc. …).
Team and People Management
-Minimum five (5) years of experience in a team lead or senior/supervisory role.
-Formal IT relationship management and product management experience would be considered a strong asset.
-Experience leading and mentoring high performing teams, with a track record of driving results through process evaluation, design, and development.
-Experience working with a broad range of stakeholders and IT SMEs. Experience leading change and driving results through process evaluation, design, and development.
SKILLS:
-Strong and proven managerial, relationship management and leadership skills.
-Strong communication skills, both verbal and written.
-Excellent project management and problem-solving skills.
-Ability to master new technology quickly.
-Experience negotiating purchase agreements and contracts.
-Excellent instruction and presentation skills.
-Able to describe a variety of complex technical concepts or policies to users and senior leadership at all technical experience levels and to deliver security awareness and education content to faculty, staff, and graduate students.
OTHER:
-Broad knowledge of industry innovations and state-of-the-art technology in both computing and networking arenas, and in-depth knowledge of information security.
-LEAN and/or Six Sigma certifications or experience considered a strong asset.
-Familiarity with IT Service Management and ITIL principles and execution including systems like Service Now considered a strong asset.
-Familiarity with database administration and operation are considered an asset.
-Expedience and ability to provide support outside of normal working hours, as needed.
-Ability to work under pressure of high volume and expectations, while meeting multiple deadlines for multiple projects.
-Strong service orientation coupled with ability to recognize and assess the operational significance of a problem, control/mitigate the risk and set priorities accordingly.
-Demonstrated ability to exercise sound judgment, tact, and diplomacy at all times.
-Ability to effectively
