Date Posted: 09/08/2025
Req ID: 44188
Faculty/Division: Ofc of the Chief Information Officer
Department: Information Security
Campus: St. George (Downtown Toronto)
Description:
Reporting to the Chief Information Security Officer (CISO) of the University and a dotted line to the Director of the Citizen Lab, based at the Munk School of Global Affairs & Public Policy, but operating with substantial autonomy under very general guidelines, and with input, as required, the Information Security Program Manager provides strategic leadership and management for developing and implementing Information Security Programs which includes but is not limited to the security of the Citizen Lab primarily, as well as data centers, campus perimeter, and campus enterprise systems, as well as managing risk and privacy assessments, incident response and investigation, and outreach and awareness. The Manager provides strategic and tactical planning, evaluation, design, development, implementation, and overall management and support of the University’s Information Security Program, with the goal to protect and improve the University’s cybersecurity infrastructure, posture and culture to minimize risk of compromise to all Information Technology Services (ITS services to the campus, and in managing security controls required, in the support of teaching, learning and research, and services to University staff, faculty and students.
Working with the Citizen Lab, the Manager maintains an up-to-date knowledge of advances and directions in IT security continually evaluating the performance of the Citizen Lab’s own Information Security Program, analyzing gaps and vulnerabilities, effectively solving security and privacy risk issues, integrating new systems with current systems, and initiating projects to augment and improve services delivered. The Manager develops and implements protocols for security of communications during disruptions and establishes new security standards and best practices related to the use and operation of digital assets, and strategies by which those standards are implemented to be used in the Lab and across the University.
As the key senior project team member for major security infrastructure and solutions, the incumbent leads and provides expertise at all stages of each cybersecurity project, from design to delivery, ensuring current, high-quality innovative and advanced solutions are being applied in accordance with service best practices, and evaluating appropriateness for final use to effectively achieve and optimize the security goals of ITS services to the University and Citizen Lab community, and privacy requirements. The Manager establishes and manages strong relationships with all levels of the University and the Citizen Lab community including executive leadership, project teams, support teams, clients, stakeholders, and with IT departments across the University of Toronto. Working as an internal consultant, the incumbent reviews proposals from other departments using in-depth technical and subject matter expertise and partners with other project teams to recommend and deliver security solutions.
With high level authorization to the University’s computer systems (including M365) and the Citizen Lab’s computer systems (MDM, Google Workspace), the Manager leads information security incident response for systems and services whose access control mechanisms have been compromised or circumvented, both within and from outside of the University. The incumbent oversees the monitoring of cyber threats to lab and campus systems and the auditing of Citizen Lab systems administrators and others with privileged IDs for all Citizen Lab systems and servers, working to ensure that the Citizen Lab community has secure, uncompromised access. The incumbent undertakes investigations, gathering forensic IT and security data and evidence in instances of employee related breaches and misconduct, and of potential IT related criminal activity (i.e. bomb threats using ghost email accounts) partnering with relevant departments, such as Campus Police, central ITS, external auditors, and/or work in consultation with Human Resources and Labour Relations as required.
The Information Security Program Manager manages projects with a strong business-oriented focus. The Manager allocates project related human resources and work force planning, directing staff efforts and assigning project priorities. The Manager is responsible for financial and contract management and prepares and manages project budgets. The incumbent is responsible for the initiation and successful negotiation of a wide variety of contracts and procurement processes covering hardware, software, consulting and professional services, and is responsible for the management of budget expenditures and recoveries and for completing projects in a timely, accurate and cost-effective manner.
The Information Security Program Manager serves on University committees, and has frequent contact with academic departments, instructors, and the research enterprise, to advise on security and privacy considerations, global threat landscape, nation state actors and cybercrime.
Qualifications:
EDUCATION:
University degree in Computer Science, Engineering, or an equivalent combination of education and experience. A Graduate Degree and certifications and specialization in information security and management, such as CISSP, CISA, ISO Audit, PMP, CRISC or other relevant certifications, are an asset.
EXPERIENCE:
- Eight (8) years experience working in the IT industry, with five (5) years experience in a team lead or senior/supervisory role in an IT and/or organizational security operation.
- Five plus (5+) years working with Information Security as a prime focus of activity. Proven experience in planning, organizing, and developing IT security and facility security system technologies including end point protection, identity and access management, vulnerability management, network security, security incident response, tabletop exercises, risk management and application security.
- Experience working with a broad range of stakeholders and IT SMEs.
- Experience in planning and executing security policies and standards development.
- Excellent knowledge of technology environments, including information security and defense solutions.
- Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including financial, human resources and email.
- Good understanding of computer systems characteristics, features, and integration capabilities.
- Experience with systems design and development from business requirements analysis through to day-to-day management.
- Strong understanding of IT Architecture concepts and security methodologies.
- Experience developing and adopting information security standards and guidelines.
- Expert level understanding of Information Security technologies and concepts.
- Excellent understanding of defense in depth strategies and implementation across the entire ecosystem (endpoints, servers, appliances, cloud and network architecture, etc.).
SKILLS:
Strong managerial and leadership skills. Strong communication skills, both verbal and written. Excellent project management and problem solving skills. Ability to quickly analyze and interpret forensic information and evidence. Ability to master new technology quickly. Strong understanding of change and configuration management processes.
OTHER:
Broad knowledge of industry innovations and state-of-the-art technology in both computing and networking arenas, and in depth knowledge of information security. Strong organizational and interpersonal skills. Familiarity with financial requirements of project management is an asset. Familiarity with database administration and operations. Exposure to e-commerce and other net-centric business models highly desirable.
Closing Date: 09/30/2025, 11:59PM ET
Employee Group: Salaried
Appointment Type: Budget - Continuing
Schedule: Full-Time
Pay Scale Group & Hiring Zone: PM 5 -- Hiring Zone: $120,499 - $140,583 -- Broadband Salary Range: $120,499 - $200,831
Job Category: Information Technology (IT)
