Address
Form of work
Salary Date Posted: 04/01/2024
Req ID: 36729
Faculty/Division: OISE
Department: Education Commons
Campus: St. George (Downtown Toronto)
Position Number: #
Description:
About us:
OISE is recognized as a global leader in graduate programs in teaching and learning, continuing teacher education, and education research. As one of the largest and most research-intensive faculties of education in North America, OISE is an integral part of the University of Toronto - Canada’s most dynamic and comprehensive institution of higher learning.
OISE is committed to enhancing the social, economic, political and cultural well-being of individuals and communities locally, nationally and globally through leadership in teaching, research and advocacy. A unique place to work, learn and grow, OISE addresses current and emerging challenges with the scale, academic excellence and collaborativeenergy that few institutions in the world can claim.
The Education Commons will provide, in collaboration with major research and development initiatives where appropriate, the iterative design, implementation and evaluation of technological environments and information space in which the academic and research programs of OISE are carried out.
Your opportunity:
Under the direction of the Director, Education Commons and in close collaboration with members of the team, the incumbent will be responsible for implementing the risk management framework by planning, coordinating, conducting and undertaking risk assessment activities across the OISE infrastructure, including applications, networks, databases, servers and other endpoints.
This role will collaborate closely with the University community and stakeholders to assess new products and project risks and recommend appropriate risk mitigation strategies. This role will act as a resource for advising on adopting Information Security controls arising out of the risk assessments performed across a wide range of technologies and ensuring such controls address the ever-evolving threat landscape impacting the usage of such technologies.
This role is also responsible for data asset inventory at OISE. Responsibilities include: designing, creating, deploying and maintaining OISE's data architecture. Reviewing data designs, data models and recommending frameworks and Data roadmaps.
In addition, the incumbent is responsible for leading project teams. This includes providing staff with training and providing technical guidance. The incumbent acts as a technical resource to a group of specialists, and to the faculty for complex technical problems.
Your responsibilities will include:
-Analyzing projects or business practices to identify potential privacy and security risks through conducting Threat Risk Assessment (TRA) and Privacy Risk Assessment (PRA)
-Advising clients and technical subject matter experts on best practice for documenting system requirements
-Researching, analyzing and recommending potential changes to system features
-Developing project schedules including milestones, critical path, timelines, deliverables and reporting
-Analyzing the security and integrity of highly complex system problems and/or implications of any new or changed procedure or technology
-Facilitating educational workshops and seminars
-Reconciling business requirements with information architecture needs for highly complex system integration
-Writing complex specifications based on system requirements
Essential Qualifications:
-Bachelor's Degree in Computer Science, Computer or Software Engineering, or acceptable combination of equivalent education and experience.
-Minimum five years of recent and relevant information security experience in a heterogeneous environment, with a broad range of platforms and technologies.
-Demonstrated progressive experience in leading or contributing to the creation, implementation, and maintenance of information security risk management programs.
-In-depth knowledge and experience with information security controls applicable for web applications, cloud, IoT/OT, mobile applications, network and servers.
-Experience with implementing security tools and technologies such as firewall, IDS/IPS, SIEM, EDR, or similar technologies, used to protect on-premises or cloud infrastructure.
-Experience performing security assessments of infrastructure (cloud and on-premise), applications, websites, and end-user computing environments.
-Experience working with Information Security and Risk Management frameworks such as ISO27001, ISO27005, OWASP, CSA, CIS, NIST CSF and NIST 800-30.
-Experience working with legal and regulatory requirements such as PCI-DSS, PIPEDA, PHIPA, GDPR, etc.
-Experience with data modeling, data access and Data storage techniques.
-Extensive experience working with clients, stakeholders and IT resources to gather and translate requirements into efficient data structures.
-Experience with Agile development methodologies.
-Proficient with data extraction and transformation frameworks.
-Experience with designing and deploying compelling dashboards using business intelligence tools (e.g. Tableau).
-Demonstrated effective oral and written communication skills including both technical and business writing, and documentation. Ability to communicate effectively with technical and non-technical clients and to build and foster a relationship with a variety of diverse stakeholders.
-Excellent presentation skills with the ability to facilitate staff training sessions, client workshops, and meetings.
-Ability to think strategically about change and new solutions.
-Excellent analytical, project management and problem solving skills.
-Strong organizational and time management skills to permit simultaneous action on many tasks, many of which will demand timely completion.
-Strong negotiation and influence skills, well versed as a change agent and in stakeholder relationship management.
-Demonstrated ability to adapt to shifting priorities, demands and timelines. Agile, with demonstrated ability to quickly learn, understand and apply new technologies.
Assets (Nonessential):
-CISSP, CISA, CRISC and other security certifications are a strong asset.
-Technical certifications related to project management, process improvement, and business analysis (e.g., PMP, ITIL, CBAP, CSPO) are an asset.
To be successful in this role you will be:
-Accountable
-Assertive
-Communicator
-Goal oriented
-Organized
-Team player
Closing Date: 04/10/2024, 11:59PM ET
Employee Group: USW
Appointment Type: Budget - Continuing
Schedule: Full-Time
Pay Scale Group & Hiring Zone:
USW Pay Band 16 -- $99,548 with an annual step progression to a maximum of $127,305. Pay scale and job class assignment is subject to determination pursuant to the Job Evaluation/Pay Equity Maintenance Protocol.
Job Category: Information Technology (IT)
Recruiter: Jennifer Tucker
Lived Experience Statement
Candidates who are members of Indigenous, Black, racialized and 2SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged , and their lived experience shall be taken into consideration as applicable to the posted position.
