Information Security Program Manager (UTSC)

Date Posted: 01/13/2021
Req ID: 2542
Faculty/Division: UofT Scarborough
Department: UTSC:Info & Instructional Tech Services
Campus: University of Toronto Scarborough (UTSC)

ABOUT US:
The University of Toronto Scarborough is a place of energy, enthusiasm and passion. Our commitment to inclusive excellence attracts the brightest learners, scholars and employees from around the globe. Our success has been made possible by the opportunity given to us by our Indigenous hosts to operate on their territory, and we cherish our continuing partnerships with these communities. The University of Toronto Scarborough is an exciting campus with unlimited potential. Join us on our journey.

POSITION SUMMARY:
Reporting to the Director, but operating with substantial autonomy under very general guidelines, and with input, as required, from a dotted line reporting relationship to the Chief Information Security Officer (CISO) of the University, the Information Security Program Manager provides strategic leadership and management for the campus Information Security Program which includes but is not limited to security of the datacenters, campus perimeter, and campus enterprise systems, as well as managing risk and privacy assessments, incident response and investigation, and outreach and awareness. The Manager provides strategic and tactical planning, design, development, implementation, and overall management and support of the campus Information Security Program. The incumbent will take personal ownership of the protection of campus cybersecurity infrastructure, and improvement of security posture and culture, minimizing risk of compromise to all Information Technology services.

The Manager maintains an up-to-date knowledge of industry security practices, continually evaluating the performance of the campus Information Security Program against recognized standards. The incumbent will analyze gaps and vulnerabilities, solve security and privacy risk issues, and initiate projects to augment and improve information security services. The Manager develops and implements new security standards and best practices related to the use and operation of digital assets, and strategies by which those standards are implemented.

As the key senior stakeholder and principal Information Security SME for major security initiatives and solutions, the incumbent leads and provides expertise at all stages of each cybersecurity project, from design to delivery. The incumbent ensures delivery of innovative enterprise security solutions in accordance with industry standards, and evaluates fit against security, privacy and business goals of I&ITS and their clients. As a member of the I&ITS leadership team, the Manager establishes and manages strong relationships with all levels of the UTSC community including executive leadership, project teams, support teams, clients, stakeholders, and with IT departments across the University of Toronto. Working as an internal consultant, the incumbent reviews proposals from other departments using in-depth technical and subject matter expertise and partners with other project teams to recommend and deliver security solutions.

The Manager leads information security incident response for systems and services whose access control mechanisms have been compromised or circumvented, both within and from outside of the University, coordinating and facilitating high-level access to affected systems (enterprise, local, cloud, etc.). The incumbent directs threat and event monitoring practices over campus systems, and provides direction on authorization and privileged access frameworks. In concert with technical SMEs and consultants, the incumbent leads investigations, gathering forensic IT and security data and evidence in instances of employee related breaches and misconduct, and of potential IT related criminal activity partnering with relevant campus departments, such as Campus Police, central ITS, external auditors, and/or work in consultation with Human Resources and Labour Relations as required.

The Manager oversees one direct report and manages projects and initiatives with a focus on business and information security outcomes. The Manager allocates project related human resources and work force planning, managing project resources and tracking against deliverables and priorities. The Manager is responsible for financial and contract management, preparing and tracking subscriptions, licensing, and project budgets. The incumbent is responsible for the initiation and successful negotiation of a wide variety of contracts and procurement processes covering hardware, software, consulting and professional services, and is responsible for the management of budget expenditures and recoveries and for completing projects in a timely, accurate and cost-effective manner.

The Information Security Program Manager serves on University committees, and has frequent contact with academic departments, instructors, and the research enterprise, to advise on security and privacy considerations, global threat landscape, nation state actors and cybercrime.

QUALIFICATIONS REQUIRED:
University degree in Computer Science, Engineering, or an equivalent combination of education and experience. A Graduate Degree and certifications in information security and management, such as CISSP, CISA, ISO Audit, PMP, CRISC or other relevant certifications, are an asset.

EXPERIENCE:
• Eight (8) years’ experience working in the IT industry, with five (5) years’ experience in a team lead or senior/supervisory role in an IT and/or organizational security operation.
• Five plus (5+) years working with Information Security as a prime focus of activity. Proven experience in planning, organizing, and developing IT security and facility security system technologies.
• Experience working with a broad range of stakeholders and IT SMEs.
• Experience in planning and executing security policies and standards development.
• Excellent knowledge of technology environments, including information security and defense solutions.
• Substantial exposure to enterprise systems, both on-prem and cloud, including ERP, HR, and communications platforms.
• Experience with systems design and development from business requirements analysis through to day-to-day management.
• Strong understanding of IT Architecture concepts and security methodologies.
• Experience developing, adopting, and deploying information security standards and guidelines.
• Expert level understanding of Information Security technologies and concepts.
• Excellent understanding of defense in depth strategies and implementation across the entire ecosystem (endpoints, servers, appliances, cloud and network architecture, etc.).
• Applicants are also expected to show evidence of a commitment to equity, diversity,inclusion, and the promotion of a respectful and collegial learning and working environment.

SKILLS:
• Strong managerial and leadership skills.
• Strong communication skills, both verbal and written.
• Excellent project management and problem-solving skills.
• Ability to quickly analyze and interpret forensic information and evidence.
• Ability to master new technology quickly.
• Strong understanding of change and configuration management processes.

OTHER:
• Broad knowledge of industry innovations and state-of-the-art technology in both computing and networking arenas, and in-depth knowledge of information security.
• Strong organizational and interpersonal skills. Familiarity with financial requirements of project management is an asset.
• Familiarity with database administration and operations.
• Exposure to e-commerce and other net-centric business models highly desirable.

Note: A copy of the full job description is available upon request from the UTSC HR Office.

Closing Date: 01/26/2021,11:59PM EDT
Employee Group: Salaried
Appointment Type: Budget - Continuing
Schedule: Full-Time
Pay Scale Group & Hiring Zone: PM 5 -- Hiring Zone: $103,334 - $120,556 -- Broadband Salary Range: $103,334 - $172,224
Job Category: Information Technology (IT)

.buttontext00b26598368a4abe a{ border: 1px solid transparent; } .buttontext00b26598368a4abe a:focus{ border: 1px dashed #25355a !important; outline: none !important; }

All qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority.

Diversity Statement
The University of Toronto is strongly committed to diversity within its community and especially welcomes applications from racialized persons / persons of colour, women, Indigenous / Aboriginal People of North America, persons with disabilities, LGBTQ2S+ persons, and others who may contribute to the further diversification of ideas.

As part of your application, you will be asked to complete a brief Diversity Survey. This survey is voluntary. Any information directly related to you is confidential and cannot be accessed by search committees or human resources staff. Results will be aggregated for institutional planning purposes. For more information, please see http://uoft.me/UP.

Accessibility Statement
The University strives to be an equitable and inclusive community, and proactively seeks to increase diversity among its community members. Our values regarding equity and diversity are linked with our unwavering commitment to excellence in the pursuit of our academic mission.

The University is committed to the principles of the Accessibility for Ontarians with Disabilities Act (AODA). As such, we strive to make our recruitment, assessment and selection processes as accessible as possible and provide accommodations as required for applicants with disabilities.

If you require any accommodations at any point during the application and hiring process, please contact uoft.careers@utoronto.ca.
All qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority.

Job Segment: Information Technology, IT Manager, Program Manager, Information Security, Technology, Management, Security