Manager, IT Security & Risk Full-time Job

CLOSING DATE:  September 19, 2024

 

AREA OF RESPONSIBILITY:

 

Reporting to the Senior Manager, Core Infrastructure, this role is responsible for development, management, and execution of a comprehensive I.T. security program, and leading the team of information security professionals to protect the integrity and security of the Corporation’s computing and network infrastructure and environment.  This subject matter expert collaborates with senior business and technology staff and external agencies to create and implement an IT governance and risk management policies and standards; audit and monitor IT enterprise risks and practices for compliance and manage discovery and recovery situations. This resource is expected to operate on a senior level and may be required to perform high profile and highly confidential investigations and report findings to senior management, Council, Legal division, Courts or other regulatory bodies. This resource is also responsible for performing annual PCI (Payment Card Industry) compliance reviews and internal audits and advise senior management on matters of cyber security in terms of business continuity and reputational risk. The resource will be participating in multiple governance forums on behalf of IT management as well as external industry regulatory and peer forums.

 

1. Manage corporate information security program. Research, develop and lead the implementation of the Corporation’s I.T. security program. Recommend a suitable set of controls, including policies, processes, procedures, organizational structures as well as software and hardware functions. In conjunction with other business management processes, establish and maintain regular monitoring, review and improvement processes to ensure that specific security and business objectives of the Corporation are met. Initiate plans and programs to maintain information security awareness. Ensure proactive risk management through the implementation of information security controls coordinated across the organization.

1. Staff management. Provide direction and guidance to union and non-union technical staff (security systems specialists, and security administrators) and outside consultants who are administering technology solutions such as firewall servers, intrusion detection systems, information security policy enforcement systems, etc. Establish performance objectives and work assignments, and motivate staff through coaching and guidance. Provide technical I.T. expertise to assist in task accomplishment. Responsible for adherence to Human Resources and Health & Safety policies. Provide performance feedback. Assess staff needs and make recommendations for training & professional development or recruiting

1. Operational excellence. Ensure support documentation is current, accurate and useful. Recommend appropriate hardware/software upgrades and changes. Continually monitor internal and external environment and maintain industry knowledge and peer connections in order to foresee trends and avert risks that may impact the integrity of the environment. Respond to emerging security issues and recommend best solutions. Prepare and monitor the operating and capital budget for own area, and contribute to the overall departmental budgeting process. 

1. Information security incident management. Ensure that information security incidents are addressed in a timely and professional manner. Undertake highly confidential forensic investigations based on real or perceived threats to the organization.  Analyze data from multiple information sources and formulate a conclusion based on evidence.  Notify appropriate individual (eg: Director of HR) of findings, and follow up as may be required. 

1. Compliance Monitoring. Advise on the best way to meet compliance requirements while allowing operation of departments and excellent service delivery. Monitor all activity associated with the corporate I.T. Usage Policy compliance and report regularly to senior management. Identify all relevant statutory, regulatory and contractual requirements in regards to information security and develop strategy to ensure compliance. 

1. Technical expertise. Participates on project teams to provide direction in regards to security architecture and measures to protect the Corporate computing environment. Influences vendor relationships by providing assessments and sign-off to ensure new and peripheral computer systems meet the City’s standards of security and protection of public interest. Participate and lead initiatives that support governance, risk and quality controls.  Oversee the Privacy Impact Assessment process for all Technology applications and system prior commissioning.  Conduct specific reviews and audit to ensure compliance of project outcomes, processes, policies and standards to architectural design and risk controls.  Evaluate performance of project goals to objectives and desired value and provide independent opinion and advise on same for future projects. 

1. IT Risk Management. Oversee the design, development and implementation of City of Brampton IT Enterprise risk management policies, standards and controls.  Oversee the design, development and implementation of the City’s IT disaster recovery including business impact assessment and implementation of contingency planning, situation analysis and recovery.  Scanning and monitoring processes and systems by internal or external entities to determine and assess threats for all environments.  Monitor and assure compliance to policies, standards and legislative regulations.  Conduct high profile and confidential investigation and discoveries authorized by the appropriate level of management or authoritative bodies. Report findings for corrective or preventative measure to senior management, Council, legal, court or other regulatory bodies. 

1. IT Quality Management and Continuous Improvement. Consult and advise senior management on matters related to implementation of IT quality controls per industry and regulatory standards such as the Ontario Privacy Commission, COBIT, ISO, ITIL and more.  Work with IT management to integrated processes and services with broader business objectives and develop related Service Level Agreement(s) for new technologies.  Conduct benchmarking and research to keep the City abreast with changes to regulations, IT governance, risk controls and best practices; advise to improve and enhance policies and performance of standards.  Participate in internal and external industry forums to showcase and promote the City’s good government practices and share learning of same with the organization. 

1. IT Governance. Collaborate and work with IT and business Management to develop IT policies and standards to comply with regulatory requirements, City’s by-laws, Risk management and best practices to safe guard the City from liabilities and keep policy current with the proliferation and changes in technology. Work with internal and external Audit to produce, communicate and coordinate IT audit reports and activities.  Advise management and Council on breaches, critical issues or liabilities in relationship to IT compliance.  Conduct periodic reviews of IT applications and systems to assess compliance and conformity.  Participate in relevant committees or forums to provide subject matter expert opinion on matters related to IT governance and risk. 

1. Relationship Management. Build and maintain internal and external relationship with all levels of management and agencies. Participate in cross-functional teams to maintain and awareness of service levels for internal clients 

SELECTION CRITERIA:

 

EDUCATION:

• University degree or diploma in Computer Sciences or equivalent.
• Combination of industry-recognized certifications such as CISSP, CEH,ISO 27001,ITIL, Project Management, MCITP, CCNA, CCNP are considered an asset

REQUIRED EXPERIENCE:

• 10 or more years of progressively more responsible experience in Network and Information Processing Systems Infrastructure security management.
• Knowledge of operating systems, web applications, and database security solutions
• Minimum 3-5 years of supervisory or team leadership experience.

 

      OTHER SKILLS AND ASSETS:

• Municipal and/or unionized environment experience an asset
• Experience with Project Management methodology
• Practical knowledge of ITIL and ISO127001 practices
• Post secondary degree or diploma in Information Technology related disciplines, Master is an asset;
• 10 years and in depth knowledge and experience in Information Technology industry with emphasis on IT Governance, Risk Management, investigation, audit and security, municipal knowledge is an asset;
• Must Have certification by ISACA in related to IT Security or Risk Management
• Project Management Certification is an asset
• Enterprise Architecture Certification is an asset
• Proven track record of IT audit or risk management, references will be required
• Exceptional analytical, problem solving, project management, organization and communication skills;
• Strong business and political acumen;
• Advanced level of use of technology to perform role;
• Strong leadership qualities

 **Various tests and/or exams may be administered as part of the selection criteria.

 

Interview:  Our recruitment process may be completed with video conference technology.

Brampton is a Canadian city in Ontarios Greater Toronto Area. Its Peel Art Gallery, Museum and Archives is housed in 19th-century and contemporary buildings. In the center of downtown is the Rose Theatre, a major performing arts venue. In front, Garden Square hosts big-screen movies and live events. Green spaces include Gage Park with its floral gardens. To the north sits Historic Bovaird House, a Victorian home.