Senior Information Security Officer

We have an exciting opportunity for you to join our team as a Senior Information Security Officer! Reporting to the Deputy Chief Information Officer – Planning and Government, the Senior Information Security Officer (SISO) is a technology leader that establishes, directs, implements and maintains the City’s enterprise cybersecurity program.

The incumbent will identify, evaluate and report on some or all legal and regulatory, IT and cybersecurity risk to information assets, while supporting and advancing business objectives. This position will determine the cybersecurity approach and operating model in consultation with stakeholders and align with the City’s risk management approach and compliance monitoring of non-digital risk areas. You will implement practices that meet policies and standards for cybersecurity to ensure that information assets and associated technology, applications, systems, infrastructure and processes are protected in the digital ecosystem in which the City operates such as firewalls, intrusion detection/prevention, and data encryption. Furthermore, you will serve as the process owner of the appropriate second-line assurance activities related to confidentiality, integrity and availability of information owned or processed by the City such as periodic security audits to assess effectiveness and identify area of improvement. Additionally, you will coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event. Duties also include directing the creation of a targeted cybersecurity awareness training program for staff, contractors and approved system users. Along with developing and overseeing effective resilience policies and standards to align with the enterprise resilience program goals, with the realization that components supporting primary business processes may be outside the City’s perimeter. Other responsibilities will include liaising with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies. Performs related work as required.

The ideal candidate will possess a Master’s or Bachelor’s degree in Computer Science, Information Security, Business Administration or related field with a minimum of seven years of recent experience in the field of cybersecurity with five years’ experience at the management level preferably in municipal government, plus required technical and or project certifications OR an equivalent combination of education, training and experience. The role requires expert knowledge of frameworks, principles, practices, techniques, legislation, methods and procedures applicable to the work as well as considerable knowledge of City rules, regulations, policies, procedures, practices and operations related to the work performed, the functions, projects and operations of all City departments and their requirements. The successful candidate will have the ability to lead a team of direct and functional reports, and recruit, performance management, train, coach and investigate and administer discipline. You will have the ability to support a wide variety of technology projects while exercising sound judgement and discretion under tight deadlines and constant change. You will have the ability to develop, communicate, implement and evaluate information security initiatives while handling sensitive, contentious, complex and highly confidential issues involving multiple stakeholders with skill, tact and diplomacy. Other skills required include leading investigations, analyzing impacts, making recommendations on Information Security incidents and events along with the skill and the use of various software applications.

• Establishes, directs, implements and maintains the City’s enterprise cybersecurity program.
• Identify, evaluate and report on legal, regulatory, IT and cybersecurity risks to information assets; support and advance business objectives.
• Determine cybersecurity approach and operating model in consultation with stakeholders; align with risk management and compliance monitoring.
• Implement practices that meet policies and standards for cybersecurity and protect information assets, applications, systems, infrastructure and processes.
• Serve as process owner for second-line assurance activities related to confidentiality, integrity and availability; oversee periodic security audits.
• Coordinate development and implementation of incident response plans and procedures to recover business-critical services after security events.
• Direct the creation of a targeted cybersecurity awareness training program for staff, contractors and approved system users.
• Develop and oversee resilience policies and standards aligned with the enterprise resilience program goals; consider components outside the City’s perimeter.
• Liaise with external agencies (e.g., law enforcement, advisory bodies) to maintain a strong security posture and stay informed of threats.
• Perform related work as required.

The closing date for this position has been extended until filled. New applications are welcome!

The City of Burnaby acknowledges that we are on the ancestral and unceded homelands of the hən̓q̓əmin̓əm̓ and Sḵwx̱wú7mesh Sníchim speaking peoples, and we are grateful to be on this territory as we dedicate ourselves to creating an inclusive and diverse workforce that reflects our vibrant community and welcomes applicants of all backgrounds, genders, ages, ethnicities, abilities, sexual orientations, and life experiences.

Copies of relevant professional certificates, degrees, or tickets will be required at the time of the interview.

Please contact People and Culture at 604-294-7303 if you do not receive a confirmation email within one hour of submitting your application online.

We thank all applicants for their interest; however, only those considered for an interview will be contacted.