Chief Information Security Officer

SAIT’s Information Technology Services department handles all software and hardware needs, as well as technological and networking issues for both employees and students who rely heavily on computer systems across our campuses. Technical support — which includes help with computer hardware and software technical problems, email, audio-visual needs and more — is available to everyone at SAIT, whether the problem occurs at home or on-campus.
The Opportunity
Reporting to the Chief Information Officer, the Chief Information Security Officer (CISO) oversees ongoing activities related to the development, implementation, and improvement of the SAIT information, cyber, and operations security programs in compliance with applicable federal and provincial laws and regulations and SAIT information security policies. The CISO works in conjunction with the respective data asset owners, e.g., student, employee, and financial, to ensure those information assets are adequately protected. The CISO also works in conjunction with Facilities Management and Health, Safety, and Environment stakeholders to ensure that physical plant Operations Technology (OT) assets are adequately protected. 
Key responsibilities include identifying SAIT’s total information security needs, managing the complete life cycle of SAIT’s security technology, and working closely with business and technology leaders across SAIT to assess and manage information security risks. This position requires a solid understanding of information security best practices, as well as regulatory and compliance requirements, that impact the security of the organization, including, but not limited to FOIP, HIA, NIST, and PCI.

The Role

• Leadership
• Integrate a vision, strategy and implementation plan for area in alignment with SAIT’s 5-year strategic plan
• Provides leadership and direction to team that encourages and supports responsive communication, respect and teamwork
• Manage and support employees through the employment lifecycle (hiring, training, mentoring, performance development and offboarding)
• Intentional Equity, Diversity & Inclusion (EDI) focused decision making
• Demonstrate excellent employee leadership, while focusing on skill development and opportunities for advancement


• Information Security Services
• Responsible for the complete lifecycle of SAIT’s security technology. Combines up-to-date knowledge of commercially-available and open source information security tools, solutions and services with firsthand knowledge of SAIT’s information security risks to play a leading role in recommending and assessing new security services at SAIT.
• Advises operating units at all levels on information security issues, recommended practices, and vulnerabilities.
• Manages the program of providing security risk assessments to schools and departments across SAIT.
• Manages the program of assessing information security risks related to vendor-supplied services.
• Oversees the program of network traffic analysis to identify potential security events and risks to proactively address and mitigate identified weaknesses.
• Oversees the investigation and resolution of information security privacy considerations related to research and intellectual property, and in projects related to risk mitigation.
• Advises SAIT personnel on managing effective security practices.
• Responds appropriately with resources and information to requests submitted by internal and external auditing functions.


• Information Security Management
• Based on the direction and priorities set by the Executive Council, assists in strategy development and managing the information security program, focusing on: security risk assessments (schools, departments, and vendors); risk management (including risk prioritization and mitigation); education and awareness.
• Advises SAIT personnel on managing effective security practices.


• Collaboration
• At the faculty and school level: Collaborates with colleagues in the schools and departments on information security issues related to the delivery of technology services and the management of risk.
• At the managerial level: Develops and maintains strong working relationships to collaborate and partner with key SAIT stakeholders (VPs, AVPs, faculty, school administration, etc.) and external solution providers to advocate for appropriate security practices.
• At the community level: Develops and maintains strong working relationships to collaborate and partner with key external solution providers, and with peer post-secondary institution peers to advocate for appropriate security practices


• Security Incident Management
• Engage with incidence response resources
• Coordinate the actions of internal resources
• Manages security incidents across the campus.
• Acts as the primary control point during information security incidents.
• Communicates progress to the SAIT community, as appropriate, in managing security incidents.
• Interfaces with law enforcement agencies and other government agencies to address security lapses and respond to information security issues.
• Works with the information systems staff of SAIT, schools and departments to help them maintain a high level of technical competence and a professional approach to handling confidential matters while maintaining a student-focused attitude.


• Miscellaneous
• Establishes and maintains an appropriate network of professional contacts.
• Remain current with professional organizations and participates in local, provincial and national groups to share experiences, learn best practices from others, and influence policy formulation.
• Represents SAIT externally in areas of IT leadership and information security.
• Oversees the computer account administration process.
• Performs other duties as required and directed.

Qualifications & Experience

• Degree in Information Security, Computer Science or related field; a Masters is preferred.
• Minimum 7 years experience in regulatory compliance, and security compliance program management; a combination of education and experience will be considered.
• Experience overseeing direct reports is required.
• IT industry security certification required (CISSP, CISA, CISM, or GIAC); CISM is preferred.
• Extensive experience overseeing analysis of threat intelligence for potential response.
• Proven experience overseeing incident response.
• Demonstrated professional experience in a leadership role with emphasis on developing, evolving and measuring information security strategy.
• In-depth working knowledge of and experience implementing/operating an information security program based on established frameworks and other pertinent and applicable provincial and federal laws and regulations related to the protection of personal information.
• General knowledge of management of an effective security and compliance program, including training, monitoring, conducting and documenting investigations, addressing violations, and monitoring corrective actions.
• Seasoned security skills, including the ability to skillfully obtain complete and detailed information necessary to make accurate and well-founded determinations about security threats.
• Demonstrated ability to initiate, plan, and direct activities to meet requirements and timelines of enterprise initiatives or projects that are frequently driven by new or changing regulations.
• Demonstrated ability to understand and lead by communicating vision, exhibiting decisiveness, sponsoring change, and collaborating in support of organizational success.

Job classification: DirectorSalary range: $145,000-155,000# of positions: 1 Hours Per Week: 37.5Posting closing date: February 15, 2022
About SAIT SAIT is a global leader in applied education. Named one of Alberta’s Top Employers, we offer the chance to work with a purpose — preparing the next generation of industry leaders, entrepreneurs, advocates and explorers.  Building on our 100+ year history, we’re looking for innovative, bold and collaborative employees who embrace change and deliver world-class customer experiences. Your future starts now at SAIT. Equity, diversity and inclusion (EDI) is essential to achieving SAIT’s vision to be a global leader in applied education. It creates the conditions for a healthy campus where everyone feels welcome, respected and empowered to succeed. SAIT values fairness, shared accountability and the importance of representation. The institution expects a commitment from its students and employees to continuously develop an equitable and inclusive mindset that celebrates diverse experiences and perspectives. Learn more about EDI at SAIT.
Personal information that you provide is collected under the authority of the Freedom of Information and Protection of Privacy Act (FOIP Act) section 33(c) and will be used for the purposes of managing the application, selection and interview process. Should you require further information about the collection, use and disclosure of personal information, please contact the SAIT FOIP Coordinator at foip.coordinator@sait.ca.
 BEWARE FALSE POSTINGS AND RECRUITING OFFERS SAIT has been made aware of individuals or organizations posing as SAIT using false postings to attract job seekers and collect personal information. Please be aware that SAIT will never request sensitive personal information beyond what is required for an application.  Career opportunities at SAIT will always be posted on the SAIT career site and we encourage applicants to only apply directly through there. When your application is completed you will receive an email confirmation, if you did not receive one please check your junk mail or try applying through the SAIT career page again.