Information Security Officer and Program Manager

Job Details

Posting Status

Open to all current Town of Oakville employees and external applicants

Closing Date

Applications for this position must be received at oakville.ca by no later than May 28, 2025.

We offer:

• A progressive work environment that promotes work/life balance and strives to be a great place for great people to do great things
• A defined benefit pension plan
• Comprehensive health plan complemented with life and disability insurance
• A hybrid work environment

Reporting to the Director, ITS, the Information Security Officer and Program Manager oversees the development, management, and implementation of IT Security Assets and Services, including lifecycle management, investments, and initiatives to achieve enterprise goals and mitigate cyber risks.

The role involves ownership of security operations, lifecycle projects, business transformation initiatives, and security best practices. It includes managing resources, engaging with senior executives, and reporting on the security ecosystem's performance aligned with enterprise KPIs and KRIs.

What can I expect to do in this role?

As the Information Security Officer and Program Manager, you will:

• Develop and evaluate security services and assets, create cyber security strategies, incident response plans, and lead related activities. Act as a client advocate through communication and strategic enhancement of security solutions.
• Lead the development of a strategic vision via the Oakville Technology Plan to establish core IT Security operations, processes, and demand management to evolve Oakville’s Security Technology environment.
• Align operational and capital initiatives with security asset categories through evaluation, prioritization, and measurement of results.
• Conduct quarterly reviews with senior management and stakeholders to validate plans, implement changes, and reprioritize as needed.
• Manage dependencies across operational and capital activities using a risk-based framework.
• Oversee security asset lifecycle management for operational and capital projects.
• Evaluate, select, and manage vendor relationships following procurement policies.
• Support executives in balancing security assets and resources.
• Review and improve IT Security assets and services continuously.
• Ensure compliance with governance, policies, and standards related to IT Security.
• Create and maintain security procedures and documentation.
• Manage security asset lifecycle for projects and services.
• Identify staffing needs and ensure team skills and competencies are adequate.
• Maintain knowledge of IT Security concepts, practices, and procedures.
• Develop communication and reporting strategies for security plans, initiatives, and performance.
• Define security standards and prioritize system design, maintenance, and evaluation.
• Plan the evolution of IT Security architecture in line with industry best practices and town requirements.
• Develop security policies, standards, and procedures, and oversee service delivery and performance measurement.

How do I qualify?

Education and Key Competencies:

• Bachelor’s degree in computer science, IT, or related field from a recognized institution, with progressive leadership experience.
• Minimum 10 years of cybersecurity experience, including at least 5 years in a leadership role.
• Ability to make risk-based, evidence-driven decisions promptly.
• Experience leading change and innovation, preferably in an Agile environment.
• Experience with Digital Transformation and customer experience initiatives.
• Proven leadership of diverse teams.
• Extensive knowledge of IT Asset Management.

Core Knowledge and Experience:

• Security certifications such as CISSP, CEH, CISM are desirable.
• Experience in risk, business impact, control, and vulnerability assessments.
• Knowledge of security architecture, strategic and tactical planning.
• Experience in vulnerability management, scanning, and penetration testing.
• Ability to produce clear security policy documents.
• Project Management Professional (PMP) or similar certification is advantageous.
• Working knowledge of Lean Six Sigma and ITIL best practices.

Note: Successful candidates will be required to provide a recent criminal record check.

This profile outlines the general requirements; applicants should demonstrate their qualifications through their application and interview. Testing may be required.

We thank all applicants and advise that only those selected for an interview will be contacted.

#LI-OK1