Advisor, IT Security and Risk Management

Join to apply for the Advisor, IT Security and Risk Management role at Toronto Community Housing

What We Offer

In addition to a competitive salary and a rewarding career where you can truly make a difference, we offer a comprehensive package that meets the various needs of our diverse employees, including:

• Ability to participate in inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities;
• Minimum three (3) weeks of paid annual vacation days, increasing with years of service;
• Four (4) paid personal days;
• Defined benefit pension plan with OMERS, includes 100-per-cent employer matching;
• Health and dental benefits;
• Employee and family assistance program;
• Maternity and parental leave top up (93% of base salary);
• Training and development programs including tuition reimbursement of $1500 per calendar year.
• Fitness membership discount;

This job offers the opportunity to work from home as part of a hybrid work arrangement. This arrangement will allow you to work some days at a TCHC work location and the rest of the time from home. The amount of time required to work at a TCHC work location is flexible, while considering operational and service delivery requirements.

Make a difference

Are you passionate about Cyber Security and Information Risk Management and interested in having a positive impact on your local community? If so, the Advisor, IT Security and Risk Management position at Toronto Community Housing may be for you!

This position will have two main focuses: Cyber Security and Information Risk Management. As a key member of the Information Security & Risk team, the Advisor will be responsible for a broad range of information security work while operating with a high level of autonomy, engaging with stakeholders at all levels within the organization, and contributing to the continuous improvement of TCHC’s cyber security posture. Additionally, the Advisor will be the primary point of contact within their own specific area of expertise. You will be involved in the development and review of TCHC’s Information Security Risk policies and procedures, supporting compliance and reporting activities with respect to IPC and other regulatory and legislative requirements, and providing expert advice, guidance, coaching, and support in the development of IT Information Security practices.

What You’ll Do

• Provide security assessments on our in-house developed products as well as procured products
• Participate in the planning and design of enterprise security architecture, under the direction of the IT Security Manager, where appropriate
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate
• Research, define evaluation criteria and recommend information security controls and procedures
• Develop information security standards, policies and procedures
• Establish information security metrics, gathering data and preparing reports
• Participate in after-hours and on-call schedule(s)
• Participate in the information security incident response process; and champion and communicate the future state of TCHC’s (Toronto Community Housing’s) cyber security program
• Exercise knowledge of legislation (MFIPPA), regulations, policies, procedures, interpretations and apply applicable orders of Information and Privacy Commissioner of Ontario

Investigations and Audits

• Under the direction of the Manager, IT Security and Risk, participate in investigations into problematic activity
• Conducting audit and providing recommendations to the Manager to address the gaps from investigation and remediation
• In collaboration with the Manager, IT Security and Risk, participate in the design and execution of vulnerability assessments, penetration tests, and security audits and proactively conducts IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services)
• Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and provides relevant feedback to the manager for appropriate resolution
• Security and threat risk assessments for projects and security evaluations for tools and solutions
• Product reviews to identify potential vulnerabilities and risks
• Participate in the information security incident response process
• Manage access control for existing information technology and provide feedback on the development of access control methodology for new information technology solutions

Reporting and Compliance Control

• Process and track of Freedom of Information (FOI) requests and ensure TCHC’s compliance with MFIPPA
• Provide input on FOI policies and procedures and update the framework of compliance
• Participate in and provide support to the manager with relevant feedback related to information security standards, policies and procedures
• Through stakeholder engagement, ensure proper documentation standards are adhered to; advise Manager on any recommended documentation standards updated, based on industry best practices
• Gather and collect data and provide support in preparing reports for Cyber security and Risk
• Under the guidance of the Manager, IT Security and Risk, proactively review IT operational processes, identify potential security concerns and risks and recommend mitigation measures

Training and Change Management

• Participate in the development of the annual IT Security Operational Plan, IT Security and Risk Strategy, and roadmap execution
• Champion and communicate the future state of TCHC’s cyber security program
• Promote security awareness and good data protection practices to safeguard TCHC’s information assets
• Provide relevant feedback to Manager, IT Security and Risk to help shape strategic technical direction and standards for the organization
• Serve as a source of trusted information security expertise for various programs and projects
• Support projects by providing governance, and operational delivery of information security services
• Participate in the development of and conduct information security training and other related user education initiatives
• Participate in efforts to identify and evaluate project requirements, as they relate to Cyber Security and Information Risk Management. Provide feedback on the development of applications, test and implement said applications. Sustain information technology solutions to meet business objectives and client needs

What You’ll Need

• An undergraduate degree (or equivalent experience) in Information Technology, Computer Science, Engineering, Business or related degree is required. Information security specific coursework is an asset
• One or more security certifications in good standing that may include the following or industry equivalents
• CEH: Certified Ethical Hacker, ECSA: EC-Council Certified Security Analyst, GSEC / GCIH / GCIA: GIAC Security Certifications, CompTIA CSA+, CCSP, CCSK
• Other industry and product certifications (e.g. MCSE, CCNA, and ITIL) are preferred.
• 5+ years of broad and progressive information security experience in an enterprise environment including: security program development, security risk and vulnerability analyses, system design and architecture required.
• Minimum of 3 years in a senior information security position in a medium to large organization
• Experience working on solutions that support verticals such as government, finance, human resources and information management preferred.
• Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards required
• Demonstrable experience presenting analyses and presentations to both internal and external audiences
• Previous experience with application development security tools would be considered an asset
• Excellent communications skills and writing skills, as the production of high-quality written policies, reports and proposals is a core deliverable of this role
• Ability to affect change in a positive and constructive manner, through the development of effective working relationships with both internal & external business stakeholders and our partners.

What’s Next

Once you apply, we’ll review your resume and contact you if we believe your skills and experience will make you successful in the role. If you are selected to move forward, the process will include one or more interviews and/or assessments and reference checks.

• Seniority level
  Entry level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  Government Administration

Referrals increase your chances of interviewing at Toronto Community Housing by 2x

Toronto, Ontario, Canada $45.00-$50.00 4 weeks ago

Etobicoke, Ontario, Canada $94,400.00-$120,400.00 3 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.