Manager, Cyber Security / Gestionnaire, Cybersécurité

Reference number: SIF24J-085897-000113
Selection process number: 24-25-SIF-EA-10969

Office of the Superintendent of Financial Institutions Canada - Cyber Security
Vancouver (British Columbia), Ottawa (Ontario), Toronto (Ontario), Montréal Island (Québec)
IT-04, IT-05, RE-06 - NOTE: This position is classified at the RE-06 group and level which is roughly equivalent to the IT-04 and IT-05 groups and levels.
Indeterminate
$122,000 to $157,600

For further information on the organization, please visit Office of the Superintendent of Financial Institutions Canada.

Closing date: 10 January 2025 - 23:59, Pacific Time

Apply online

We are committed to providing an inclusive and barrier-free work environment, starting with the hiring process. If you need to be accommodated during any phase of the evaluation process, please use the contact information below to request specialized accommodation. All information received in relation to accommodation will be kept confidential.

POSITION LOCATION / WORK ARRANGEMENT:
The designated worksite for these positions is the Ottawa (ON) OSFI Office. However, the employees may work from the Ottawa (ON), Toronto (ON), Montreal (QC), or Vancouver (BC) office.

OSFI’s hybrid model includes telework and mandatory onsite presence. The terms of the employee’s telework arrangement will be established in accordance with the Directive on Telework and the Guidelines on Hybrid Work. These arrangements must be reviewed annually, at a minimum, and can be subject to change.

EMPLOYMENT EQUITY:
OSFI is dedicated to building and promoting a diverse, equitable and inclusive workforce, representative of all Canadians regardless of race, ethnicity, colour, religion, sex, age, disability, sexual orientation, gender identity or expression, socio-economic background or lived experience. By embracing diversity and inclusion, our department ensures broader discussions, better decisions, and a more positive workplace. We welcome all candidates to apply and strongly encourage candidates to self-declare if they belong to an Employment Equity designated group: Aboriginal Peoples, Persons with Disabilities, Women or Visible Minorities (Black people and other racialized groups).

Are you passionate about protecting critical systems and staying ahead of evolving cyber threats? Are you ready to make an impact in a fast-paced, cutting-edge environment? OSFI’s dynamic Cyber Security team is growing, and we are looking for two experienced cyber security professionals to help lead the charge in safeguarding our organization's digital landscape as part of the IM/IT directorate.

Stream 1: This Manager, Cyber Security position (Stream 1) leads the Cyber Security Incident Coordination, Threat Intelligence and Vulnerability Management team. The Manager will contribute to the development of incident response plans, standard operating procedures, and playbooks, and coordinates cyber security event and incident response with other operational areas. Reporting to the Director, Cyber Security, the Manager will provide strategic and operational guidance on cyber security matters to internal clients to improve the organization’s overall security posture.

Stream 2: This Manager, Cyber Security position (Stream 2) will lead the Governance, Training and Awareness team. The Manager will oversee the implementation and review of cyber security technical and procedural controls, as well as contribute to the development of policy instruments to ensure that OSFI’s cyber security risk is managed effectively. The incumbent will contribute to cyber security risk management processes and strategies across the organization. Reporting to the Director, Cyber Security, the Manager will also oversee the development and delivery of cyber security training and awareness campaigns.

Our Role:
OSFI is an independent federal government agency that regulates and supervises more than 400 federally regulated financial institutions and 1,200 pension plans to determine whether they are in sound financial condition and to ensure they protect themselves against threats to their integrity and security. In fulfilling its mandate, OSFI supports the government's objective of contributing to public confidence in the Canadian financial system.
Learn more about us: https://youtu.be/QO_3vnPKuZI

Why Choose OSFI:
People are the foundation of our organization. You will become part of a diverse community that acknowledges everyone has varied experience and fosters an environment where communication and teamwork amplify our effectiveness. OSFI is passionate about fostering a workplace where all people feel welcome, can reach their full potential, and contribute their unique perspectives and experience to the success of the team. We have several networks dedicated to ensuring that the department continues to grow as an inclusive, accessible, respectful, and diverse workplace. Some examples include: 2SLGBTQIA+, Mental Health and Accessibility, Multiculturalism (Affinity Groups: Indigenous, Asian, Black), Unconscious Bias.
Hear about our people: https://youtu.be/diUspmpYWQI

Compensation: OSFI offers a competitive salary, and employees may be eligible for in-range increases and economic adjustments. Salaries are based on qualifications, experience, and knowledge. The Public Service Pension Plan is a defined benefit pension plan (indexed for inflation), where both the employer and the employee contribute.

Health Care Coverage: OSFI employees and their dependents are eligible to be enrolled in the Public Service Health Care Plan, designed to supplement provincial/territorial health insurance plans.

Performance Pay: OSFI employees are eligible for an annual bonus based on their performance throughout the year.

Vacation and Leave: OSFI employees start with 4 weeks of paid vacation, 2 personal days and 5 days of Family Related Leave with Pay among other various types of paid and unpaid leave.

Flexible Work Arrangements: OSFI offers flexible work arrangements by providing support for compressed work week schedules, flexible work hours and teleworking, in order for employees to achieve their work objectives while achieving balance between work and home life.

Learning and Development: OSFI offers career advancement opportunities and encourages innovative thinking in its work environment. Employees may be reimbursed for relevant professional association membership fees.

The immediate need is to staff two (2) positions with a language requirement of bilingual imperative CBC/CBC on an indeterminate basis. If no bilingual imperative CBC/CBC appointments can be made, bilingual non-imperative CBC/CBC appointments may be considered within this advertised appointment process.

A pool of qualified or partially qualified candidates may be created to staff similar or identical positions with various linguistic profiles, security requirements, tenures, and/or locations within the Office of the Superintendent of Financial Institutions (OSFI), which may vary according to the position being staffed.

Positions to be filled: 2

ESSENTIAL EDUCATION
• A degree OR diploma from a recognized post-secondary institution with specialization in computer science, information technology, information security or other relevant field.
OR
• An acceptable combination* of relevant experience AND education or training.

*At the manager’s discretion, as an alternative, OSFI may consider candidates who do not possess a degree or diploma but meet the combination of experience and education or training if concrete examples are provided.

ESSENTIAL EXPERIENCE
To be considered for both streams (1 and 2), you must possess the experience below:
• Experience in assessing cyber security risk, recommending safeguards to mitigate risk, and ensuring that safeguards are implemented.
• Experience in leading technical cyber security projects and initiatives focused on improving the enterprise's or organization's cyber maturity.

To be considered for stream 1 (Cyber Security Incident Coordination, Threat Intelligence and Vulnerability Management), you must also possess the experience below:
• Recent* and significant** experience in cyber incident response management and coordination.
• Recent* and significant** experience in overseeing the ongoing evaluation of vulnerability assessment measures, identifying any threats, and making recommendations to reduce exposure.

To be considered for stream 2 (Governance, Training and Awareness), you must also possess the experience below:
• Recent* and significant** experience in developing and maintaining cyber security policy instruments.
• Recent* and significant** experience in developing and delivering cyber security training and awareness programs.

*Recent is defined as relevant experience gained within approximately the last two (2) years.
**Significant is defined as the depth and breadth of the experience normally associated with the performance of the duties for a period of five (5) years.

ASSET EDUCATION
• An advanced degree in a relevant field.
• A relevant professional designation (e.g., CISSP).

ASSET EXPERIENCE
• Experience in leading cyber security risk management processes, tracking performance/risk indicators and reporting against them.

ESSENTIAL KNOWLEDGE
To be considered for stream 1 (Cyber Security Incident Coordination, Threat Intelligence and Vulnerability Management), you must possess the knowledge below:
• Knowledge of cyber security incident response frameworks.
• Knowledge of standards and concepts for secure solution development, networking technology, system and network architecture and systems design and analysis.

To be considered for stream 2 (Governance, Training and Awareness), you must possess the knowledge below:
• Knowledge of cyber security governance frameworks and operational controls.
• Knowledge of the cyber threat landscape, evolving cyber attack trends, and best practices in training and awareness to foster a cyber security-aware culture.

To be considered for both streams (1 and 2), you must also possess the knowledge below:
• Knowledge of cyber security principles, processes, and frameworks (e.g., NIST).
• Knowledge of constantly evolving trends and developments in the cyber security field, including the latest standards, technologies, threats, and vulnerabilities.

ESSENTIAL COMPETENCIES
To be considered for both streams (1 and 2), you must also possess the competencies below:
• Collaboration
• Critical Thinking
• Interpersonal Communication
• Leading People
• Inclusion

ESSENTIAL ABILITIES
To be considered for both streams (1 and 2), you must also possess the abilities below:
• Ability to communicate effectively in writing.
• Ability to communicate effectively verbally.

• OSFI is committed to having a skilled and diverse workforce representative of the Canadian population. In order to meet our employment equity objectives, selection for this position may be made from among qualified candidates who self-declare as belonging to one or more of the following Employment Equity groups: Persons with a disability, Aboriginal people, Members of a Visible Minority, or Women. OSFI is committed to diversity and inclusion, and we strongly encourage candidates to self-declare if they belong to one of these designated employment equity groups.

OPERATIONAL REQUIREMENTS
• Ability and willingness to work overtime.
• Ability and willingness to travel internationally and/or domestically when required.

Secret security clearance
• In our hybrid workplace environment, the ability to work remotely from home within Canada with access to the Internet in one’s residence is a condition of employment.

The Public Service of Canada is committed to building a skilled and diverse workforce that reflects the Canadians we serve. We promote employment equity and encourage you to indicate if you belong to one of the designated groups when you apply.

• For external processes (as indicated by the abbreviation “EA” in the selection process number), only those selected for further consideration will be contacted.

• OSFI is a separate agency with its own classification and compensation system. OSFI's staffing is subject to the Public Service Employment Act (PSEA).

• All written and verbal communication obtained throughout the staffing process, from the time of application to close of process, may be used to evaluate the candidate.

• Candidates must meet all of the essential qualifications to be appointed; however, depending on the requirements of the specific position(s) being staffed, one or more asset criteria or organizational need may be invoked at any stage of the process.

• Staffing strategies such as random selection, top-down approach and/or establishing cut-off scores to determine who will continue in the staffing process may be used for the purpose of managing applications. Please note that although you may attain the established pass mark on any of the assessments used in this staffing process, management may decide to use a higher cut-off score.

• During the staffing process, various assessment methods can be utilized, including but not limited to written exams and interviews. These assessments may be conducted either remotely or in-person at one of our OSFI offices (Toronto, Ottawa, Montreal or Vancouver).

• Eligible candidates may be considered and offered a deployment or Interchange before considering other applicants.

• This process may also be used to staff a Specialist position.

• Persons are entitled to participate in the appointment process in the official language of their choice. Applicants are asked to indicate their preferred official language in their application.

• Email correspondence will be the only method of communication with candidates for this selection process, please ensure it accepts messages from unknown users. Please ensure you check your spam folder for any communications from OSFI. You must provide valid and updated contact information.

• All job applications must be submitted through the Government of Canada public service jobs website. Do not email or mail hard copy documents as these will not be accepted. To submit an application online, please click on the "apply now" button. Persons without Internet access may also review jobs open to the public through INFOTEL at 1-800-645-5605.

Preference will be given to veterans first and then to Canadian citizens and permanent residents, with the exception of a job located in Nunavut, where Nunavut Inuit will be appointed first.

We thank all those who apply. Only those selected for further consideration will be contacted.