Advisor, IT Security and Risk Management

About the job
What We Offer

In addition to a competitive salary and a rewarding career where you can truly make a difference, we offer a comprehensive package that meets the various needs of our diverse employees, including:

Ability to participate in inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities;Minimum three (3) weeks of paid annual vacation days, increasing with years of service;Four (4) paid personal days;Defined benefit pension plan with OMERS, includes 100-per-cent employer matching;Health and dental benefits;Employee and family assistance program;Maternity and parental leave top up (93% of base salary);Training and development programs including tuition reimbursement of $1500 per calendar year.Fitness membership discount;

This job offers the opportunity to work from home as part of a hybrid work arrangement. This arrangement will allow you to work some days at a TCHC work location and the rest of the time from home. The amount of time required to work at a TCHC work location is flexible, while considering operational and service delivery requirements.

Make a difference

Are you passionate about Cyber Security and Information Risk Management and interested in having a positive impact on your local community? If so, the Advisor, IT Security and Risk Management position at Toronto Community Housing may be for you!

This position will have two main focuses: Cyber Security and Information Risk Management. As a key member of the Information Security & Risk team, the Advisor will be responsible for a broad range of information security work while operating with a high level of autonomy, engaging with stakeholders at all levels within the organization, and contributing to the continuous improvement of TCHC’s cyber security posture. Additionally, the Advisor will be the primary point of contact within their own specific area of expertise. You will be involved in the development and review of TCHC’s Information Security Risk policies and procedures, supporting compliance and reporting activities with respect to IPC and other regulatory and legislative requirements, and providing expert advice, guidance, coaching, and support in the development of IT Information Security practices.

What You’ll Do

Provide security assessments on our in-house developed products as well as procured productsParticipate in the planning and design of enterprise security architecture, under the direction of the IT Security Manager, where appropriateParticipate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriateResearch, define evaluation criteria and recommend information security controls and proceduresDevelop information security standards, policies and proceduresEstablish information security metrics, gathering data and preparing reportsParticipate in after-hours and on-call schedule(s)Participate in the information security incident response process; and champion and communicate the future state of TCHC’s (Toronto Community Housing’s) cyber security programExercise knowledge of legislation (MFIPPA), regulations, policies, procedures, interpretations and apply applicable orders of Information and Privacy Commissioner of Ontario

Investigations and Audits

Under the direction of the Manager, IT Security and Risk, participate in investigations into problematic activityConducting audit and providing recommendations to the Manager to address the gaps from investigation and remediationIn collaboration with the Manager, IT Security and Risk, participate in the design and execution of vulnerability assessments, penetration tests, and security audits and proactively conducts IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services)Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and provides relevant feedback to the manager for appropriate resolutionSecurity and threat risk assessments for projects and security evaluations for tools and solutionsProduct reviews to identify potential vulnerabilities and risksParticipate in the information security incident response processManage access control for existing information technology and provide feedback on the development of access control methodology for new information technology solutions

Reporting and Compliance Control

Process and track of Freedom of Information (FOI) requests and ensure TCHC’s compliance with MFIPPAProvide input on FOI policies and procedures and update the framework of complianceParticipate in and provide support to the manager with relevant feedback related to information security standards, policies and proceduresThrough stakeholder engagement, ensure proper documentation standards are adhered to; advise Manager on any recommended documentation standards updated, based on industry best practicesGather and collect data and provide support in preparing reports for Cyber security and RiskUnder the guidance of the Manager, IT Security and Risk, proactively review IT operational processes, identify potential security concerns and risks and recommend mitigation measures

Training and Change Management

Participate in the development of the annual IT Security Operational Plan, IT Security and Risk Strategy, and roadmap executionChampion and communicate the future state of TCHC’s cyber security programPromote security awareness and good data protection practices to safeguard TCHC’s information assetsProvide relevant feedback to Manager, IT Security and Risk to help shape strategic technical direction and standards for the organizationServe as a source of trusted information security expertise for various programs and projectsSupport projects by providing governance, and operational delivery of information security servicesParticipate in the development of and conduct information security training and other related user education initiativesParticipate in efforts to identify and evaluate project requirements, as they relate to Cyber Security and Information Risk Management. Provide feedback on the development of applications, test and implement said applications. Sustain information technology solutions to meet business objectives and client needs

What You’ll Need

An undergraduate degree (or equivalent experience) in Information Technology, Computer Science, Engineering, Business or related degree is required. Information security specific coursework is an assetOne or more security certifications in good standing that may include the following or industry equivalentsCEH: Certified Ethical Hacker, ECSA: EC-Council Certified Security Analyst, GSEC / GCIH / GCIA: GIAC Security Certifications, CompTIA CSA+, CCSP, CCSKOther industry and product certifications (e.g. MCSE, CCNA, and ITIL) are preferred.5+ years of broad and progressive information security experience in an enterprise environment including: security program development, security risk and vulnerability analyses, system design and architecture required.Minimum of 3 years in a senior information security position in a medium to large organizationExperience working on solutions that support verticals such as government, finance, human resources and information management preferred.Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards requiredDemonstrable experience presenting analyses and presentations to both internal and external audiencesPrevious experience with application development security tools would be considered an asset

Key Competencies

Excellent communications skills and writing skills, as the production of high-quality written policies, reports and proposals is a core deliverable of this roleAbility to affect change in a positive and constructive manner, through the development of effective working relationships with both internal & external business stakeholders and our partners.

What’s Next

Once you apply, we’ll review your resume and contact you if we believe your skills and experience will make you successful in the role. If you are selected to move forward, the process will include one or more interviews and/or assessments and reference checks.