Manager Cyber Security Risk

Job ID:                            COT-2022-09          

Job Title:                      Manager Cyber Security Risk

Division:                       Office of the Chief Information Security Officer

Reports To:                 Director Business Application Resilience

Salary Range:          $140,000 to $176,439

Work Location:        55 John Street, Toronto

Job Type:                     Full Time, Temporary, 36 months

Shift Information:  Monday to Friday, 35 hours work week

JOB SUMMARY:

The Office of the Chief Information Security Officer (CISO) is looking for a Manager to provide senior level guidance to the Director Business Application Resilience as well as the Chief Information Security Officer to establish and maintain a City-wide cyber program that adequately protects the City.

In this temporary full-time role you will manage the design, integration and implementation of cyber solutions that support the organization and the CISO’s strategic objectives. You will administer the unit’s operating budget process, monitoring spending and revenues and directing the unit’s cyber information technology program services, communications, human resources planning and decisions, quality assurance and staff training.

While overseeing a team of staff, as a Manager Concept 2 Key you will collaborate with other segments of the organization to manage City-wide cyber initiatives and provide leadership in the design, test, deployment and sustainment of Cyber Security controls for Business Applications.

MAJOR RESPONSIBILITIES:

• Contributes to the overall successful development and execution of the cyber program to adequately protect the City.
• Interprets units’ goals, develops and establishes broad scale, longer-term objectives, goals, or projects (e.g., affecting a business, division, several divisions or the organization).
• Provides senior level advice, expertise, and consultation to all levels of internal and external stakeholders on cyber matters including assessing risks, monitoring risks, identifying potential gaps, and providing cyber solutions to mitigate risks and protect the City.
• Drives forward the cyber mandate with internal, external, regulatory stakeholders to execute a cyber strategy.
• Develops, recommends and evaluates the units’ strategic planning activities as well as divisional integrated planning initiatives.
• Develops business strategies, operational plans and provides for contingencies.
• Applies established strategies to effectively manage changes into the recognized ways of operating and implements when appropriate.
• Manages, defines, communicates and leads cyber initiatives within the unit. Oversees the delivery of all initiatives within the respective portfolio.
• Develops and implements detailed plans and recommends policies regarding program specific requirements.

QUALIFICATIONS/CERTIFICATIONS:

1. Post-secondary education in Business or Technology, or the approved equivalent combination of education and/or experience.
2. Extensive senior level experience in Information Security with excellent leadership and stakeholder management skills and ability to work on transformative programs with strict deadlines.
3. Extensive experience in cloud computing based services architecture, technical design and implementations including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) delivery models.
4. Preferred Certifications (any in the list): CISSP, CRISC, ISSAP, CISM, CISA, CCSK, TOGAF certified Architect, CCSP, Azure SEA, AWS CS
5. Extensive experience in migrating applications to the cloud, especially remediation/migration of legacy applications for cloud deployment.
6. Strong business acumen with budgeting experience.
7. Experience with the audit process and performing risk-based audits.
8. Knowledge of:
   1. The overall Public/Private cloud landscape and experience with assisting clients to understand the myriad of options available which includes preparing business case to define an appropriate roadmap for their business and ultimately helping the clients in executing their roadmap.
   2. Understanding of the current state of the art for infrastructure automation, continuous integration/deployment, networking, and cloud-based delivery models.
   3. Security industry standards and best practices such as ISO 27001 and NIST standards. Security risks, threats, and vulnerabilities and the judgment to assess and articulate risk effectively.
   4. Audit and compliance standards.
   5. Business impact of security tools, technologies and policies
9. Strong analytical, decision-making, problem solving and multitasking skills.
10. Ability to work with the broader IT organization and business management to align priorities and plans with key business objectives.
11. Demonstrated capacity to lead under pressure, make decisions in ambiguous situations and drive cross functional collaboration in a short period of time.
12. Demonstrated influence and persuasion skills, ability to present to senior levels.
13. Excellent communication and active listening skills with an aptitude for extracting and synthesizing complex information.
14. Exceptional written and oral communication skills.
15. Ability to “think on your feet”, eing ready to react to cyber-related incidents quickly.
16. Must be able to travel to all City of Toronto’s office locations and outside city/country for conferences if required.

SKILLS:

• Ability to work in transformative programs.
• Excellent leadership and organizational skills and the ability to work effectively with all level of stakeholders.
• Motivated self-starter demonstrating integrity, initiative and innovation qualities.
• Strong analytical ability where problems are typically unusual and difficult.
• Strong analytical skills and ability to prioritise and multitask.
• Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
• Ability to make quick decision.
• Strong business acumen with budgeting experience.
• Excellent understanding of audit and compliance standards.
• Experience with the audit process and performing risk-based audits.
• Ability to work with the broader IT organization and business management to align priorities and plans with key business objectives.
• Demonstrated capacity to lead under pressure, make decisions in ambiguous situations and drive cross functional collaboration in a short period of time.
• Demonstrated influence and persuasion skills, able to present to senior levels.
• Strong understanding of the business impact of security tools, technologies and policies.
• Ability to handle ambiguity and make decisions and recommendations with limited data
• Ability to prioritize and effectively manage competing priorities and projects.
• Ability to manage multiple initiatives while adhering to strict deadlines.
• Excellent communication and active listening skills with an aptitude for extracting and synthesizing complex information.
• Exceptional written and oral communication skills.
• Transferable skills, like communication and decision-making, are equally important.
• Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.

ADDITIONAL COMMENTS/INFORMATION:

A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.

*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

ACCOMODATION

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.

If this role is of interest to you, please submit your resume to recruiting@ipss.ca