The Associate Director, Cybersecurity Governance, Risk and Compliance oversees the portfolio of services delivered as part of the Compliance and Risk Assessment team of the UBC Privacy & Information Security Management (PrISM) initiative. The function reports directly to the Chief Information Security Officer (CISO) and to the Executive Director, Safety and Risk Services and ensures cybersecurity risks are understood and communicated to institutional leadership in collaboration with the leaders within the CIO & CISO’s portfolio, and those of the Enterprise Risk Management team. The role establishes and sustains second-line risk management processes and leads the Risk and Compliance team in optimizing risk assessment practices and improving institutional visibility of cybersecurity and privacy related risks as well as training and compliance. The Associate Director is responsible for overseeing the activities related to assessing and reporting on compliance with Policy SC 14 and the associated Rules, identifying risks and gaps, prioritizing the risks and maintaining an institutional IT risk register for communicating these risks to the appropriate governance bodies. The register will support the CIO and CISO in establishing the annual activities for the CISO team and the broader UBC IT and distributed IT units. The Associate Director will support the Enterprise Risk Management team in reporting on key risks to the Executive and the Board. The Associate Director is responsible for assessing the priority of the risks, and recommending ownership for cybersecurity and privacy related risks including external risks related to third party suppliers, and emerging risks such as digital resilience, and AI assisted attacks. The compliance reports and the risk register will provide the CIO and Executive Leadership with a structured view of risk exposures across the University to inform future initiatives, priorities and subsequent investments. The Associate Director and their team provides compliance advisory services pertaining to the standards set out in Policy SC 14 and associated Rules, as well as supporting the Office of University Counsel by managing the Privacy Impact Assessment process under the guidance of the Legal Counsel responsible for Privacy while supporting the institution’s capacity to innovate responsibly. The function provides independent risk insight and advisory services related to the impact of technology. The Privacy and Information Security Management Risk and Compliance team delivers risk and compliance services in established areas such as Privacy Impact Assessments, Security Threat Risk Assessments, Information Security Compliance, awareness and training. While progressively expanding their knowledge of or integrating with (as appropriate and subject to the decision of the CIO and advice of Enterprise Risk and Assurance) additional priority domains including artificial intelligence and supply chain risk. Through coordinated intake, assessment and advisory services, the function improves process efficiency while strengthening the institution’s understanding of technology-related risk. The function provides advisory, risk analysis, investigation and compliance services spanning major technology transformation initiatives, emerging technology domains and key operational areas as agreed thorough agreement between Enterprise Risk and Assurance and the CIO. Working closely with Enterprise Risk and Assurance, the CIO portfolio, Cybersecurity, Enterprise Data Governance, Architecture, University Counsel and key service units, the function supports the consistent application of risk-informed practices across UBC operations. These activities help embed proportionate risk and compliance practices aligned with institutional priorities and informed by the evolving technology risk register.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Mid Level