Chief Information Security Officer

Job Type:

Employee

Duration in Months (for fixed-term jobs):

N/A

Job Family:

IT Security

# of Open Positions:

1

Faculty/Service - Department:

Information Technology

Campus:

Main Campus

Union Affiliation:

N/A

Date Posted:

June 29, 2023

Closing Date:

July 10, 2023

Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above

Hours per week:

35

Salary Grade:

Non-Union Grade NM4

Salary Range:

$130,390.00 - $158,729.00

About Information Technology:

Information Technology is a dynamic and collaborative environment. We are focused on prioritizing and optimizing technological investments that facilitate the best student experience, as well as the activities of faculty, researchers and staff. Our greatest strength are the people working with us. People like you, professionals eager to flex their intellectual muscle and achieve new heights in their career. Working here gives you access to a great IT environment, rich with a diverse range of platforms, products, and services. This is a place where innovative ideas are welcome.

In a nutshell: working here is challenging and rewarding. It’ll bring out the best of you. We want people that have the drive to advance IT in higher education. We have the technologies to keep your inner fires burning, and benefits that can help you sustain a better lifestyle. And all this minutes away from gyms, the Byward Market, downtown, and the Rideau Canal at lunch time for runners and skaters.

Position Purpose

Reporting to the Chief Information Officer, the incumbent provides vision, leadership, develops and leads outreach, communication and education efforts to raise University-wide awareness of information security risk, policies, standards, requirements, solutions, auditing; provides strategic and technical guidance and oversight in the design and implementation of appropriate security processes for the University’s systems; recommends and oversees monitoring of computing practices to prevent and recover from security breaches; and directs the handling of security incidents when breaches occur. The role governs the security framework and ensures its adherence throughout IT operations and interoperation of all university stakeholders; faculties, services, professors, students and external partners. The Chief Information Security Officer's primary mandate is to protect the confidentiality, integrity, and availability of enterprise IT assets and data University wide.

In this role, you will:

• Execute a University wide assessment of enterprise risks, threats, security vulnerabilities, potential anomalous flows and interactions in order to develop security plans based on the University business strategies, objectives and activities.
• Collaborate across the University, approaching stakeholders in a consultative manner with the goal of moving the information security role from a purely technical and enforcement role to one of risk management and mitigation.
• Define and communicate corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies. Oversee the approval, training, and dissemination of security policies and practices.
• Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
• Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies using a risk-based assessment methodology.

What you will bring:

• Excellent business and technological acumen, leadership style, and organizational skills suited to an environment where multiple projects are run concurrently.
• Understanding risk based approaches, regulatory and compliance issues.
• Certification in the field of information security is considered an asset, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Proven experience in planning, organizing, and developing IT security and facility security system technologies.
• University degree or college diploma in Computer Science, Computer Engineering, or a related IT discipline.
• Asset; The person in this role needs to have knowledge of: International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST)., as well as : Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
• Excellent communications and interpersonal skills.
• Experience in planning and executing security policies and standards development.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Bilingual French and English (spoken and written).
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Ten (10) years of experience in areas related to IT security and IT security domain expertise, including two years in a significant leadership role.

Key Competencies at uOttawa:

Here are the required competencies for all or our employees at uOttawa:

Planning: Organize in time a series of actions or events in order to realize an objective or a project. Plan and organize own work and priorities in regular daily activities.

Initiative: Demonstrate creativity and initiative to suggest improvements and encourage positive results. Is proactive and self-starting. Show availability and willingness to go above and beyond whenever it is possible.

Client Service Orientation: Help or serve others to meet their needs. This implies anticipating and identifying the needs of internal and external clients and finding solutions on how to meet them.

Teamwork and Cooperation: Cooperate and work well with other members of the team to reach common goal(s). Accept and give constructive feedback. Able to adjust own behaviour to reach the goals of the team.

The University of Ottawa embraces diversity and inclusion in the workplace. We are passionate about our people and committed to employment equity. We foster a culture of respect, teamwork and inclusion, where collaboration, innovation, and creativity fuel our quest for research and teaching excellence. While all qualified persons are invited to apply, we welcome applications from qualified Indigenous persons, racialized persons, persons with disabilities, women and LGBTQIA2S+ persons. The University is committed to creating and maintaining an accessible, barrier-free work environment. The University is also committed to working with applicants with disabilities requesting accommodation during the recruitment, assessment and selection processes. Applicants with disabilities may contact [email protected] to communicate the accommodation need. All qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority.

Note: if this is a union position: The hiring process will be governed by the current collective agreement related to the union affiliation noted above; you can click here to find out more.

If this is a front-line position with responsibilities to interact with students, selected candidates must be rated at the Low Advanced proficiency level or higher for both oral comprehension and reading comprehension in their second official language. The rating is determined by a proficiency test designed by the Official Languages and Bilingualism Institute.

Prior to May 1, 2022, the University required all students, faculty, staff, and visitors (including contractors) to be fully vaccinated against Covid-19 as defined in Policy 129 – Covid-19 Vaccination. This policy was suspended effective May 1, 2022 but may be reinstated at any point in the future depending on public health guidelines and the recommendations of experts.