Technology Adoption Consultant, Cybersecurity and Data Management
Toronto, ON, CA
University of Toronto
The University of Toronto is a globally top-ranked public research university in Toronto, Ontario, Canada.Date Posted: 04/01/2024
Req ID: 36729
Faculty/Division: OISE
Department: Education Commons
Campus: St. George (Downtown Toronto)
Position Number: 00056293
Description:
About us:
OISE is recognized as a global leader in graduate programs in teaching and learning, continuing teacher education, and education research. As one of the largest and most research-intensive faculties of education in North America, OISE is an integral part of the University of Toronto - Canada’s most dynamic and comprehensive institution of higher learning.
OISE is committed to enhancing the social, economic, political and cultural well-being of individuals and communities locally, nationally and globally through leadership in teaching, research and advocacy. A unique place to work, learn and grow, OISE addresses current and emerging challenges with the scale, academic excellence and collaborativeenergy that few institutions in the world can claim.
The Education Commons will provide, in collaboration with major research and development initiatives where appropriate, the iterative design, implementation and evaluation of technological environments and information space in which the academic and research programs of OISE are carried out.
Your opportunity:
Under the direction of the Director, Education Commons and in close collaboration with members of the team, the incumbent will be responsible for implementing the risk management framework by planning, coordinating, conducting and undertaking risk assessment activities across the OISE infrastructure, including applications, networks, databases, servers and other endpoints.
This role will collaborate closely with the University community and stakeholders to assess new products and project risks and recommend appropriate risk mitigation strategies. This role will act as a resource for advising on adopting Information Security controls arising out of the risk assessments performed across a wide range of technologies and ensuring such controls address the ever-evolving threat landscape impacting the usage of such technologies.
This role is also responsible for data asset inventory at OISE. Responsibilities include: designing, creating, deploying and maintaining OISE's data architecture. Reviewing data designs, data models and recommending frameworks and data roadmaps.
In addition, the incumbent is responsible for leading project teams. This includes providing staff with training and providing technical guidance. The incumbent acts as a technical resource to a group of specialists, and to the faculty for complex technical problems.
Your responsibilities will include:
- Analyzing projects or business practices to identify potential privacy and security risks through conducting Threat Risk Assessment (TRA) and Privacy Risk Assessment (PRA)
- Advising clients and technical subject matter experts on best practice for documenting system requirements
- Researching, analyzing and recommending potential changes to system features
- Developing project schedules including milestones, critical path, timelines, deliverables and reporting
- Analyzing the security and integrity of highly complex system problems and/or implications of any new or changed procedure or technology
- Facilitating educational workshops and seminars
- Reconciling business requirements with information architecture needs for highly complex system integration
- Writing complex specifications based on system requirements
Essential Qualifications:
- Bachelor's Degree in Computer Science, Computer or Software Engineering, or acceptable combination of equivalent education and experience.
- Minimum five years of recent and relevant information security experience in a heterogeneous environment, with a broad range of platforms and technologies.
- Demonstrated progressive experience in leading or contributing to the creation, implementation, and maintenance of information security risk management programs.
- In-depth knowledge and experience with information security controls applicable for web applications, cloud, IoT/OT, mobile applications, network and servers.
- Experience with implementing security tools and technologies such as firewall, IDS/IPS, SIEM, EDR, or similar technologies, used to protect on-premises or cloud infrastructure.
- Experience performing security assessments of infrastructure (cloud and on-premise), applications, websites, and end-user computing environments.
- Experience working with Information Security and Risk Management frameworks such as ISO27001, ISO27005, OWASP, CSA, CIS, NIST CSF and NIST 800-30.
- Experience working with legal and regulatory requirements such as PCI-DSS, PIPEDA, PHIPA, GDPR, etc.
- Experience with data modeling, data access and data storage techniques.
- Extensive experience working with clients, stakeholders and IT resources to gather and translate requirements into efficient data structures.
- Experience with Agile development methodologies.
- Proficient with data extraction and transformation frameworks.
- Experience with designing and deploying compelling dashboards using business intelligence tools (e.g. Tableau).
- Demonstrated effective oral and written communication skills including both technical and business writing, and documentation. Ability to communicate effectively with technical and non-technical clients and to build and foster a relationship with a variety of diverse stakeholders.
- Excellent presentation skills with the ability to facilitate staff training sessions, client workshops, and meetings.
- Ability to think strategically about change and new solutions.
- Excellent analytical, project management and problem solving skills.
- Strong organizational and time management skills to permit simultaneous action on many tasks, many of which will demand timely completion.
- Strong negotiation and influence skills, well versed as a change agent and in stakeholder relationship management.
- Demonstrated ability to adapt to shifting priorities, demands and timelines. Agile, with demonstrated ability to quickly learn, understand and apply new technologies.
Assets (Nonessential):
- CISSP, CISA, CRISC and other security certifications are a strong asset.
- Technical certifications related to project management, process improvement, and business analysis (e.g., PMP, ITIL, CBAP, CSPO) are an asset.
To be successful in this role you will be:
- Accountable
- Assertive
- Communicator
- Goal oriented
- Organized
- Team player
Closing Date: 04/10/2024, 11:59PM ET
Employee Group: USW
Appointment Type: Budget - Continuing
Schedule: Full-Time
Pay Scale Group & Hiring Zone:
USW Pay Band 16 -- $99,548 with an annual step progression to a maximum of $127,305. Pay scale and job class assignment is subject to determination pursuant to the Job Evaluation/Pay Equity Maintenance Protocol.
Job Category: Information Technology (IT)
Recruiter: Jennifer Tucker
Lived Experience Statement
Candidates who are members of Indigenous, Black, racialized and 2SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged to apply, and their lived experience shall be taken into consideration as applicable to the posted position.
Tags: Agile Business Intelligence CISA CISSP Cloud Computer Science CRISC EDR Firewalls GDPR IDS IPS ISO 27001 ISO 27005 ITIL NIST OWASP Privacy Risk assessment Risk management RMF Security assessment SIEM Teaching
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs