Information Security Officer and Program Manager

Job Details
Permanent Full Time (Non-Union)

Posting Status
Open to all current Town of Oakville employees and external applicants

Closing Date
Applications for this position must bereceived at oakville.ca by no later than 11:59pm on May 28, 2025.

We offer:

• Aprogressive work environment that promotes a work/life balance and strives to be a great place for great people to do great things
• Adefined benefit pension plan
• Comprehensive health plan complemented with life and disability insurance
• A hybrid work environment

Reporting to the Director, ITS, the Information Security Officer and Program Manager assumes the overarching responsibility for supporting the Town of Oakville and ITS leadership in their efforts at overseeing, managing, developing and implementing IT Security Assets and Services. Including IT Security Life cycle management, investments and initiatives to optimally achieve enterprise goals and mitigate Cyber Risk.

The position includes ownership for identifying, prioritizing, coordinating, developing and balancing Security Operations, Operational Lifecycle Management Projects, Business Transformation Projects/Programs and Security best practice initiatives. Managing functional resources engaged with all types of initiatives. The position is also responsible for senior executive engagement and reporting on the state and performance of the IT Security ecosystem in alignment with enterprise goal/KPIs and KRIs.

What can I expect to do in this role?

As the Information Security Officer and Program Manager you will:

• Plans, directs, and evaluates services and assets provided to the client departments. Develops and maintains the cyber security strategy and roadmap. Develops the incident response plans and leads incident response activities. Performs as a client advocate by sponsoring internal and external communications using user groups, vendor demonstrations to client groups and strategic enhancement of the core solution suites.
• Lead the development of a strategic vision through the Oakville Technology Plan to guide Security Solutions toward the establishment of core IT Security operations definition, structures, processes and demand management in order drive the evolution of Oakville’s Security Technology environment
• Operations and Capital initiative alignment to security asset categories and services, through evaluation, selection, prioritization, execution, tracking and measuring the achieved results
• Engage with and conduct minimum quarterly area specific reviews with senior business management, ITS executives, stakeholder committees, and other relevant bodies to validate and assess the operational and capital plans, execute change, and reprioritize to meet business needs as required
• Ensure the oversight and coordination of dependencies across the Operational and Capital activities are effectively managed via a risk based framework
• Manage the capital and operating planning process for accountable areas of security assets and services
• Manage vendor evaluation, selection, performance and business relationships in accordance with the Town’s purchasing by-law
• Support and advise executives on actions required to balance existing security assets and services with IT resources
• Lead reviews of IT Security assets and services evolving to a continuous improvement model
• Ensure adherence to the appropriate governance functions relating to IT Security in accordance with enterprise guidelines, policies and standards
• Direct the creation and maintenance of the required security standard operating procedures and other documentation
• Work with teams to manage/oversee the full range of security asset life cycle (procure, energize, remove/replace, dispose) for operational and capital projects and services
• Identify staffing needs - as mandated and empowered by leadership, ensure and balance the availability of the required skills and competencies across responsible teams
• Develop and maintain appropriate knowledge of common IT Security concepts, practices and procedures
• Direct the development and maintenance of communications and reporting around the IT Security plans and services, their contents and the individual performance of initiatives to stakeholders, as well as disruptions and interruptions following best practice frameworks
• Define security standards, manage and set priorities for the design, maintenance, development and evaluation of respective IT systems, ensuring that assets are inventoried, properly managed and serviced
• Plan the evolution of IT Security architecture ensuring that deployment, integration and configuration of solutions are in accordance with industry best practice and the requirements of the Town
• Develop IT Security policies, standards, procedures and set priorities while being responsible for service delivery and the development and implementation of performance measures and objectives

How do I qualify?

Education and Key Competencies:

• You have a bachelor’s degree in computer science, Information Technology or a related field from a recognized university/college. Your formal education is augmented by progressively responsible positions that have resulted in outstanding leadership.
• Minimum 10 years of experience in a cyber security role with a minimum of 5 years' experience in a cyber security leadership position.
• Able to make risk-adjusted evidence-based decisions in a timely manner;
• Leading change and innovation ideally in an IT Agile development project environment.
• Experience with Digital Transformation and Customer Experience improvement initiatives
• Demonstrated experience in leading diverse teams
• Comprehensive knowledge and experience with IT Asset Management.

Core Knowledge and Experience:

You are an experienced leader with a comprehensive knowledge of:

• Security Designations: CISSP (Certified Information Systems Security Professional), CEH and/or CISM (Certified Information Security Manager) desirable
• Security Assessments: Proficiency in performing risk, business impact, control and vulnerability assessments.
• Security Architecture and Planning: Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Vulnerability Management: Experience in vulnerability scanning and penetration testing.
• Security Policy: Ability to produce information security policy documents that demonstrate command of language, clarity of thought and orderliness of presentation.
• Project Management: Project Management Professional (PMP) Certification or equivalent favorable
• ITIL or Lean Six Sigma: Working knowledge of Lean Six Sigma Methodologies; working knowledge of ITIL Best Practices

Please note that successful candidates, who are new hires and/or who have not performed in this position previously will be required to provide a satisfactory criminal record check dated within the last 30 days as a condition of employment.

This job profile reflects the general requirements necessary to perform the principal functions of the job.This does not include all of the work requirements of the job. Applicants are required to demonstrate through their application and in the interview process that their qualifications match those specified. Applicants may also be required to undergo testing.

Wethank all applicants and advise that only those selected for an interview will be contacted.

#LI-OK1