In this role, your responsibilities will include:

• Security Risk Management: Manages the process of gathering, analyzing, and assessing the current and future threat landscape. Conducts information security risk assessments across the organization at suitable intervals. Ensures key risks are understood, communicated, and tracked on the risk register. Analyzes the financial, reputational, and legal impacts to the University when information security risks occur and provides guidance and recommendations on how to best mitigates these risks.

• Compliance Management: Manages the process of ensuring information technology projects, initiatives, and external vendor contracts are compliant with the established information security policies, standards, and procedures of the University. Collaborates closely with stakeholders to ensure security is factored into the evaluation, selection, installation, and configuration of hardware, software, and applications. Conducts periodic reviews of vendor environments to ensure information security controls continue to remain compliant with established contracts.

• Monitoring and Reporting: Responsible for monitoring and reporting on various information security risk and compliancy metrics. Provides regular updates to key stakeholders and executive leadership offering a realistic overview of risks and threats throughout the organization.

• Policies and Standards: Create and keep up to date new and existing information security policies and procedures to ensure operating efficiency and regulatory compliance. Coordinates the development and implementation of technical controls and configurations to align with security policies and legal, regulatory, and audit requirements. Responsible for ensuring policies and procedures are enforced in a consistent manner across the University.

• Education and Awareness: Act as a subject matter expert in order to provide support, education, and training to staff with the goal of building risk awareness within the University. Actively participating by providing inputs and content towards the University’s information security awareness program.

• Operations and Maintenance: Provide advisory support to operational teams in strengthening the University’s overall information security posture. Periodically review audit trails, system logs, and other monitoring data sources to ensure they are in compliance with policies, standards and audit requirements. Evaluate and documents requests for exceptions to policies, ensuring sufficient mitigating controls are in place. Ensure that internal and external audits are supported in development of an annual strategic audit plan. Continually review the operational components of the security incident management processes to ensure they comply with the established incident response plan. Formally documents risk assessment results and provide regular updates to management.

What you will bring:

• University degree in Computer Science or Information Technology or a related field or an equivalent combination of education and experience.

• Minimum of seven (7) years of information security, IT audit and/or IT Risk Management experience.

• Expert understanding of NIST and ISO Risk Management Frameworks, ITSG-33, NIST CSF, ISO 27002, COBIT, SOC 2, and other relevant frameworks.

• Experience with security assessments (AI, Cloud, SaaS, etc.).

• Experience with risk discovery and assessment, as well as appropriate mitigation and controls.

• Good knowledge of the latest trends in information security and risk management, e.g. evolving technologies, cyber risk mitigation, etc.

• Experience of auditing IT environments, either through an internal or external audit role.

• Broad knowledge of IT architecture and underpinning technologies including but not limited to: identity and access management, cloud hosting providers, database administration.

• Experience designing and supporting large-scale, end-to-end information security systems in a complex, both on-premises and cloud hosted, multi-platform environment.

• Knowledge of security technologies such as various monitoring and log aggregation platforms, penetration testing frameworks, operating systems, vulnerability scanners, and endpoint security solutions.

• Leadership skills, ability to coach and mentor other IT professionals.

• In-depth analytical skills for complex problem solving – identification, diagnosis, resolution.

• Knowledge of the University’s information technology and security policies, procedures and standards would be considered an asset.

• Experience in project management and meeting strict deadlines.

• Good communication skills to interact with team members, support personnel, and provide technical guidance and expertise to clients and management.

• CISSP or CRISC or other information security certifications is an asset.

• Ability to work a flexible schedule including occasional weekends and evenings.

• Bilingual: French and English (spoken and written).

#LI-Hybrid #LI-DP1