Supervisor, Information Security Operations & Defense

What we offer

In addition to a competitive salary and a rewarding career where you can truly make a difference, we offer a comprehensive package that meets the various needs of our diverse employees, including:

• Ability to participate in inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities;
• Minimum three (3) weeks of paid annual vacation days, increasing with years of service;
• Four (4) paid personal days;
• Defined benefit pension plan with OMERS, includes 100-per-cent employer matching;
• Health, dental, and vision benefits, including a health spending account available upon your start date;
• Employee and family assistance program;
• Maternity and parental leave top up (93% of base salary);
• Training and development programs including tuition reimbursement of $1500 per calendar year.
• Fitness membership discount;

This job offers the opportunity to work from home as part of a hybrid work arrangement. This arrangement will allow you to work some days at a TCHC work location and the rest of the time from home. The amount of time required to work at a TCHC work location is flexible, while considering operational and service delivery requirements.

Make a difference

Are you passionate about Cyber Security and Information Risk Management and interested in having a positive impact on your local community? If so, the Supervisor, Information Security Operations & Defense position at Toronto Community Housing may be for you!

The Supervisor, Information Security Operations & Defense is accountable for ensuring all aspects of the security of “TCH’s” IT systems and assets. Activities in this strategic role include conducting risk and security assessments, incident response and security operations, and developing the necessary monitoring and compliance systems, policies, procedures and security controls. This position is accountable for the protection of information and information systems from unauthorized access, inappropriate use, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability.

What you’ll do

Information Security Defense Management Framework and Strategy for TCHC:

• Accountable for the operationalization and management of the information security defense controls and incident response including IT and OT Security controls including but not limited to detection, recovery, protection, and identification of potential threats against TCHC enterprise digital assets and operations including and infrastructure and networks. Develop security technology strategies that align with TCHC vision, mission and objectives. Plays a proactive role in development of annual Information Security operational plans.

• Provide tactical and strategic recommendations to Senior Management - related to Information Security, Cyber threats and risk management, Cyber disaster recovery and associated Information Management and IT/OT Security controls.

• Analyse proposed solution architectures, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes.

• Proactively provides internal Information Security Operation recommendations on related governance requirements, baselines, standards and best practices. Balance the requirement for Information Security controls with the requirements of the Business and make implementable recommendations balancing risk versus business operations.

• Identify, analyze, and recommend options for risk management at appropriate levels within the enterprise and municipalities and associated agencies.

• Acts as a subject matter expert and may take on more complex work in developing plans and deliverables, deploying resources, and interacting with key internal partners.

• Play a mentorship role as a senior subject matter expert in information security domain and provide training and guidance to them wherever needed.

• Research and maintain proficiency in tools, techniques, countermeasures and trends in computer and network vulnerabilities, data hiding, encryption and cyber security.

• Recommends technology changes in order to mitigate risks or implement and operationalize new or enhance existing security services and controls

• Collaborates with other City of Toronto and other Corporate Security and IT departments on technology selection for Security related controls and services.

Daily IT Security Operational Activities:

• Provides technical directions and guidance to staff directly and indirectly in the secure operation of all IT services.

• Handles Information Security incidents and exceptions often of a confidential nature incorporating highly technical concepts to business stakeholders. The information if miscommunicated or incorrectly assessed or analyzed might harm the reputation of TCHC and might lead to incorrect Management actions. Leads and coordinate confidential investigations alongside TCHC MSSP and Incidet Responder and reports the results to Upper Management.

• Leads vulnerability management program.

• Leads Corporate Identity and Access Management (CIAM) Program

• Work with IT, Enterprise Solutions & Data, and all other TCHC Enterprise teams to establish appropriate security processes, controls and ensure compliance with security policies.

• Manage multiple partners such as MSSP and security related projects simultaneously, and present status updates to upper management.

• Conducts internal information systems security reviews. Reviews IT and business process changes for potential IM and IT Security issues and compliance to standards.

• Analyze proposed solution architectures, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes.

IT and IT security audit and internal control Compliance and Reporting:

• Participates and co-ordinates all internal and external information technology audit compliance and remediation activities. Manages the Audit responses with his team, implementation plan completions, time frames and remediation activities.

• Documents and manages the implementations of necessary IT security controls to address the management responses. Crafts draft management responses. Works with internal and external auditors to confirm findings. Is the single-point-of-contact (SPOC) for providing data to internal and external auditors

• Manages the day-to-day management and testing of internal Information Security controls, remediating where possible and escalating key issues to appropriate management staff with effective recommendations for remediation.

• Develops procedures to meet Internal control perspectives and tests or verifies procedures are followed according to acceptable control standards.

• Monitors the Information Security internal controls to ensure appropriate access levels are maintained, Recommend access controls and roles consistent with “lest privilege” security rules.

• Proactively recommends changes to IT and TCHC information systems, business processes and procedures to address potential control deficiencies.

Disaster Recovery and Emergency Response Planning:

• Develop and manage the Annual Cybersecurity Recovery plan and Tabletop Exercises (TTX) to test such plans and report lessons learned to the Upper Management and remediate the identified gaps.

• Develop and operationalize Business Continuity Plan for Security services and controls and test them through Tabletop Exercises (TTX) on annually.

What you’ll need

• University degree, or equivalent, in computer science, engineering or a relevant technical discipline.

• 5 -7 years of broad and deep information security experience (9 + years of broad and deep information technology and information security experience preferred)

• IT Security Designations – CISSP

• Specific strengths in multiple areas including Application Security, Network security, server and database security, cloud security, identity and access management, incident response and disaster recovery and business continuity planning, data leakage prevention, IT Security Architecture, Threat Risk Assessment, Experience with embedded systems.

• Excellent communication skills in English

Nice to have:

• SANS, CISA, CISM, SABSA, GCIH, or similar certification and training are assets.

• Strong understanding of IT Compliance frameworks (NIST, ISO 27001, CoBit, )

• Expert knowledge of network security systems and protocols including firewalls, Radius, TACACS+, IPSEC IKE, SSH etc.

What’s next

Once you apply, we’ll review your resume and contact you if we believe your skills and experience will make you successful in the role. If you are selected to move forward, the process will include one or more interviews and/or assessments and reference checks.