Information Security Program Manager

Reporting to the Chief Information Security Officer (CISO) of the University and a dotted line to the Director of the Citizen Lab, based at the Munk School of Global Affairs & Public Policy, the Information Security Program Manager provides strategic leadership and management for developing and implementing Information Security Programs. This includes the security of the Citizen Lab, data centers, campus perimeter, and campus enterprise systems; managing risk and privacy assessments; incident response and investigation; and outreach and awareness. The Manager supports the University’s Information Security Program to protect and improve cybersecurity infrastructure, posture, and culture across ITS services to the campus and to advance security controls in support of teaching, learning, research, and services to staff, faculty, and students.

With the Citizen Lab, maintain up-to-date knowledge of advances in IT security, continually evaluate the Citizen Lab’s Information Security Program, analyze gaps and vulnerabilities, and solve security and privacy risk issues. Develop and implement protocols for security of communications during disruptions and establish new security standards and best practices for use in the Lab and across the University. Lead major security infrastructure and solutions as a senior project team member from design to delivery, ensuring high-quality, innovative solutions aligned with service best practices. Build strong relationships with the University and Citizen Lab community, including executive leadership, project teams, support teams, clients, stakeholders, and IT departments. Act as an internal consultant, reviewing proposals from other departments and partnering with project teams to deliver security solutions. Lead information security incident response for systems with compromised access controls, monitor cyber threats to lab and campus systems, and audit Citizen Lab systems administrators and privileged IDs to ensure secure access. Undertake investigations and gather forensic data in cases of employee-related breaches and potential IT-related criminal activity, collaborating with Campus Police, central ITS, external auditors, Human Resources, and Labour Relations as required. Manage security projects with a strong business orientation, including resource planning, staff direction, and project prioritization. Oversee project budgets, contracts, and procurement processes for hardware, software, consulting, and professional services, and ensure timely, accurate, and cost-effective project completion. Serve on University committees and advise on security and privacy considerations, the global threat landscape, nation-state actors, and cybercrime.

Education:

University degree in Computer Science, Engineering, or an equivalent combination of education and experience. A Graduate Degree and certifications in information security and management (e.g., CISSP, CISA, ISO Audit, PMP, CRISC or similar) are an asset.

Experience:

• Eight (8) years of IT industry experience, with five (5) years in a team lead or senior/supervisory role in IT and/or organizational security operations.
• Five plus (5+) years focused on Information Security as a primary activity. Experience planning, organizing, and developing IT security and facility security system technologies, including endpoint protection, identity and access management, vulnerability management, network security, security incident response, tabletop exercises, risk management, and application security.
• Experience working with a broad range of stakeholders and IT SMEs.
• Experience in planning and executing security policies and standards development.
• Excellent knowledge of technology environments, information security, and defense solutions.
• Exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems (financial, HR, email).
• Understanding of computer systems characteristics, features, and integration capabilities.
• Experience with systems design and development from business requirements analysis to day-to-day management.
• Strong understanding of IT architecture concepts and security methodologies.
• Experience developing and adopting information security standards and guidelines.
• Expert-level understanding of Information Security technologies and concepts.
• Strong understanding of defense in depth across endpoints, servers, appliances, cloud, and network architecture.

Skills:

Strong managerial and leadership skills; excellent verbal and written communication; solid project management and problem-solving abilities; ability to analyze forensic information and adapt to new technology quickly; strong change and configuration management understanding.

Other:

Broad knowledge of industry innovations and state-of-the-art technology in computing and networking; in-depth knowledge of information security; strong organizational and interpersonal skills; familiarity with financial aspects of project management is an asset; familiarity with database administration and operations; exposure to e-commerce and net-centric business models is highly desirable.

Closing Date: 09/30/2025, 11:59 PM ET

Employee Group: Salaried

Appointment Type: Budget - Continuing

Schedule: Full-Time

Pay Scale Group & Hiring Zone: PM 5 -- Hiring Zone: $120,499 - $140,583 -- Broadband Salary Range: $120,499 - $200,831

Job Category: Information Technology (IT)

Diversity Statement

The University of Toronto embraces Diversity and is building a culture of belonging that increases our capacity to effectively address and serve the interests of our global community. We strongly encourage applications from Indigenous Peoples, Black and racialized persons, women, persons with disabilities, and people of diverse sexual and gender identities. We value applicants who have demonstrated a commitment to equity, diversity and inclusion and recognize that diverse perspectives, experiences, and expertise are essential to strengthening our academic mission.

The Diversity Survey is voluntary. Information collected is confidential and will be aggregated for institutional planning purposes. For more information, see http://uoft.me/UP.

Accessibility Statement

The University strives to be an equitable and inclusive community and is committed to accessibility. If you require accommodations during the application process, please contact uoft.careers@utoronto.ca.