Lead, Cyber Security & Cloud Engineering Location: Toronto-661 University Department: Digital and Cyber Security Engineering and Applications The Role: Accountable for leading and managing the design and implementation of Public Health Ontario’s (PHO) cyber security and cloud systems to ensure the security, confidentiality, integrity, and availability of digital and data assets. To collaborate closely across PHO and within the Digital and Data portfolio to provide thought leadership, orchestration, implementation, and operational support for a robust and resilient cyber security control framework. To provide expertise and advice to management on security strategy, posture and best practices across PHO and with external organizations. Key Responsibilities- Provides leadership and technical expertise to the full lifecycle management of technical security and cyber security controls, including planning, implementing, managing, monitoring, testing, and improving effectiveness. Develops and improves policies, standards, processes and strategies for the identification and prioritization of threat remediation as well as processes and methodologies for metrics and KPIs related to protections, security and compliance. Provides advice and support to the Manager, Director, and CIO level in understanding leading and emerging cyber security concepts. Supports the Manager by providing cyber security and cloud engineering expertise and input to strategic planning. Sets security requirement and influences and guides senior subject matter experts across various business, application, and technology domains and with external partners related to execution of security requirements, vision, best practices, and principles. Provides support to technical assessments and penetration tests. Coaches developers, IT operations and architects about latest security threats and landscape as well as introducing tools and techniques as needed controls for securing PHO’s digital assets, data, and operation. Works closely with Finance, Legal, and Privacy teams to translate security and privacy control requirements into technology solutions and works with management to advise on cyber security incidents and liaises for forensic investigations and sensitive matters affecting PHO. Leads the analysis of proposed solution architectures, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes. Identifies issues and analyzes and recommends options for risk management at appropriate levels within PHO and with external partners. Ensures that digital solutions are robust and protect PHO's digital and data assets against persistent threats. Ensures that the organization’s data and infrastructure are protected by enabling the appropriate security controls. Monitors vendors and other service providers and takes appropriate action to ensure compliance with PHO’s cyber security standards and controls. Ensures PHO’s cloud systems are secure through good practice and effective cyber security capabilities. Implements and monitors security controls in cloud environments. Oversees and provides guidance to the Cloud Engineer and M365 Engineer, ensuring alignment with the overall cyber security and cloud engineering strategies and the implementation and maintenance of robust security controls in their respective areas. Leads and provides guidance to the Cloud Engineer in the design, implementation, and management of secure cloud infrastructure, ensuring compliance with industry best practices and troubleshooting and resolving cloud-related security incidents. Leads and provides guidance to the M365 Engineer to ensure the secure deployment and management of M365 services and the integration and monitoring of security features to ensure their effectiveness. Leads and ensures troubleshooting of security and network problems with an eye toward detecting anomalies and potential security incidents. In conjunction with Digital and Cyber Security operations, responds to security incidents and breaches. Supports the Enterprise Technology & Cyber Security Operations team with threat hunting and analysis of suspicious security events and incidents. Takes a leading role in various PHO security initiatives providing security expertise, facilitating collaboration and furthering PHO's security objectives. Leads the development and maintenance of continuous vulnerability management capabilities, testing and identifying network and system vulnerabilities Implements and champions security automation, including scripts and automation processes to improve control integration, monitoring, and streamline security tasks. Fosters a collaborative environment between staff and other departments to ensure seamless integration of security practices across all digital assets. Communicates effectively with stakeholders to provide updates on security initiatives and address any concerns Participates in all levels of the procurement process. Stays current with the latest tends, threat landscapes, and best practices and recommends innovative technologies to improve security operations allowing for proactive threat detection and improved efficiency across the organization. Stays abreast of provincial, federal, and international security attack tools, Tactics, Techniques, and Procedures (TTPs), and secure operating trends. Be a point of contact for subject matter expertise by developing, maintaining, and evolving relationships with external organizations and communities of practice toward the betterment of cyber security. Manages staff, congruent with PHO internal policies and procedures, professional standards, Collective Agreement requirements and other relevant standards, legislation or regulations, including: providing direction and leadership in the implementation of new techniques and standards; assigning staff and implementing work/vacation schedules, setting clear responsibilities and objectives, evaluating performance, advising on training needs, participating on recruiting/selection of staff, dealing with disciplinary issues and responding to grievances in conjunction with PHO Human Resources management programs. Builds and leads a team of multi-disciplinary staff who support PHO’s activities. Knowledge and Skills- Advanced knowledge of security principles, issues, techniques and implementations across security platforms. Advanced knowledge of cyber intelligence analytical methodologies, tools and techniques. Strong understanding of Cloud environment security monitoring components. Strong ability to work on and prioritize multiple, concurrent projects while meeting aggressive deadlines in a fast-paced environment. Strong problem-solving and analytical skills to proactively identify and resolve complex security-related problems and to navigate and resolve diverse technical challenges. Project management skills. Experience in healthcare, scientific, government organizations desirable Broad knowledge of legislative boundaries and privacy regulations unique to Ontario and Canada. Awareness and understanding of complex geographical, multi-lingual and multi-equity considerations specific to Ontario. Strong comprehension of patient safety considerations when working with digital systems. Applied knowledge of Ontario Public Sector procurement legislation, policies, and practices. Education and Experience- Undergraduate degree in computer science, engineering, IT; or equivalent experience. Minimum 10 years' experience in progressive technology roles. Minimum 5 years' experience in roles with Cyber Security and Information Security job responsibilities (e.g., architecture, incident response, vulnerability management, etc.). Minimum of 5 years of cloud infrastructure experience, preferably Azure and/or AWS. Proven experience working with technical safeguards such as: Web Application Firewalls, extensible Detection & Response (XDR), Next Generation Firewalls, Security Information Event Management (SIEM), and other modern technical controls. Relevant industry certifications, or working towards, (e.g., CISSP, CISA) strongly desired. Attributes and Competencies- Leadership and consultation skills to provide expertise, direction and advice on cyber security strategies, policies, and programs. Influencing skills to drive the adoption of security solutions, ensuring scalability, operational efficiency, and compliance with security standards. Collaboration skills to provide cyber security and cloud engineering expertise and input to strategic planning. Verbal and written communication and presentation skills, often as the senior authoritative expert on cyber security, to promote or influence PHO decision making with colleagues across the organization. Presentation skills to communicate complex technical information or concepts to a variety of executives and stakeholders at varying levels with the ability to describe technical concepts to non-technical audiences. Collaboration skills to develop collaborative business relationships with external contacts, critical to the work of PHO. Proactively identifies and/or anticipates opportunities and initiatives for optimum, quality services/programs for the department. Partners with government (e.g. Ontario Government Cyber Security Division), agencies (e.g. Ontario Health), Canadian Centre for Cyber Security (CCCS), and other external groups to ensure a strong network of shared cyber support and knowledge. Builds networks both across PHO and externally to negotiate and resolve conflicts that have a critical impact on both the department’s goals and strategic direction and mandate of PHO. Promotes and leads the operational implementation of new Cyber Security strategies, directions, and practices. Accountable for advising management with current and relevant expertise during cyber security incidents. Attention to detail, ongoing strong professional acumen, and maintained expert level knowledge. Coaches all leadership levels with respect to cyber security technical controls and guides management during incident response. Coaches developers, IT operations and architects about latest security threats and landscape as well as introducing tools and techniques as needed controls for securing PHO’s digital assets, data, and operation. Provides cyber security subject matter expertise across PHO, including leadership of various senior level committees. Duration: Permanent Hours of Work: Full time, 36.25 hours per week Compensation Group: Team Leader Posting Date: 05-12-2025 Closing Date: 05-27-2025 Please note: applications will be received no later than 11:59pm on the date preceding the closing date as indicated on the Job Requisition. Note: Internal candidates will be considered first. While we thank all applicants for their interest, only those selected to move forward in the recruitment process will be contacted. Any information obtained during the course of recruitment will be used for employment recruitment purposes only, and not for any other purpose. PHO is committed to ensuring equity in employment. Our goal is to create a diverse, inclusive workforce that reflects the communities we serve and to ensure our services and communications are accessible to all individuals. Any candidate who requires a job posting in an alternative format may email a request to HR_Inquiries@oahpp.ca. Once an applicant has been selected for an interview, they can inform PHO about any accommodations they may require at any stage of the interview process. Public Health Ontario (PHO) is an agency of the Government of Ontario dedicated to protecting and promoting the health of all Ontarians and reducing inequities in health. We link public health practitioners, front-line health workers and researchers to the best scientific intelligence and knowledge from around the world. With our partners in government, public health and health care, we provide the scientific evidence and expert guidance that shapes policies and practices for a healthier Ontario. PHO has locations across Ontario, including 11 laboratory sites. We’re committed to ensuring equity in employment. Our goal is to create a diverse, inclusive workforce that reflects the communities we serve and to ensure our services and communications are accessible to all individuals. Any candidate who requires a job posting in an alternative format may email a request to HR_Inquiries@oahpp.ca. For more information, visit publichealthontario.ca. Didn’t find a job that matched your profile? We are always looking to grow our talent pool of public health professionals. Introduce yourself and our recruitment team will have access to your profile for future job opportunities.
