Senior Director, Information Security Officer

Job Title: Senior Director, Information Security Officer

Reports To: Lily Chen, Chief Financial Officer

Hiring Manager: Lily Chen (Lily.Chen@torontohousing.ca)

Salary Range: $185,772.55 – $204,349.81

Work Location: 729 Petrolia Road, Toronto

Job Type: Permanent Full Time

Shift Information: Monday to Friday, 35 hours work

Job Summary:

The Senior Director, Information Security Officer (ISO) is a strategic executive leadership role responsible for overseeing the entire cybersecurity posture of Toronto Community Housing Corporation (TCHC) and Toronto Seniors Housing Corporation (TSHC), while also liaising with the City of Toronto. The ISO leads the development, execution, and continuous improvement of comprehensive cybersecurity programs that protect digital and information assets and ensure organizational resilience.

This position is accountable for ensuring the confidentiality, integrity, and availability of TCHC’s technology infrastructure, and for aligning security strategies with business objectives, regulatory compliance, and emerging threats.

The ISO directly advises the Executive Leadership Team and Board of Directors, and leads cross-functional collaboration with municipal, regulatory, and law enforcement partners.

• Lead enterprise-wide cybersecurity governance, risk management, operations, and compliance across TCHC and affiliates.
• Design and implement cyber strategy, policies, standards, procedures, and controls aligned with NIST CSF and other frameworks.
• Oversee threat monitoring, incident response, vulnerability management, and forensics functions.
• Manage and mentor a large multidisciplinary cybersecurity team (20+ staff), including four senior managers.
• Provide expert advisory and reporting to the CFO, executive leadership, and Board Committees.
• Ensure alignment of cybersecurity posture with operational technology (OT) and information technology (IT).
• Supervise cybersecurity risk assessments, maturity assessments, and internal/external audits.
• Direct disaster recovery (DR), business continuity planning (BCP), and emergency response efforts.
• Ensure legal, privacy, regulatory and audit compliance across cybersecurity programs.
• Establish and report enterprise-level KPIs and performance metrics.
• Lead strategic vendor and stakeholder management with City of Toronto, regulatory bodies, vendors, and law enforcement.
• Oversee a cybersecurity budget of $3.5M–$4.5M and ensure responsible fiscal management.
• Promote cyber awareness programs and conduct executive-level and board-level training.
• Act as incident commander during major cyber events or crises, including war room coordination.

• Reports To: Lily Chen, Chief Financial Officer
• Direct Reports: 4 Senior Managers (IS Defense & Operation; GRC/Risk & Security Architecture; Security Program Execution; Security Program Manager)
• Team Size: Over 20 staff including supervisors and leads
• Collaborates With: City of Toronto’s Office of the CISO

• External: City of Toronto, Regulatory Bodies, Cybersecurity Vendors, Auditors, Law Enforcement

Experience:

• Minimum 15 years in information security, with at least 10 years in senior leadership roles.
• Proven experience in leading cybersecurity transformation programs in complex environments.

Education:

• Bachelor’s or Master’s degree in cybersecurity, information systems, or related field.

Certifications (at least one preferred):

• CISSP, CISM, CRISC, CISA, GSLC

• Experience in the public sector or similarly complex organizations.
• Strong technical knowledge in IT/OT security, cloud security, and incident response.
• Expertise in security frameworks: NIST CSF, ISO 27001, COBIT, etc.
• Ability to communicate cyber risks to non-technical executive stakeholders and Boards.
• Demonstrated ability to lead under crisis, including ransomware and breach scenarios.

• Regular hours: 35-hour work week.
• Requires availability during emergencies, breaches, and war room scenarios.
• May involve evening, weekend, and extended-hour commitments.
• Requires handling highly confidential and sensitive data.

• Subject to police background check, psychological assessment, and additional screening.
• Equity Statement: TCHC encourages applications from Indigenous peoples, racialized communities, persons with disabilities, women, 2SLGBTQ+ persons, and others from equity-deserving groups.