Chief Information Security Officer, Information Technology

About The Position

Requirements

• University degree or college diploma in Computer Science, Computer Engineering, or a related IT discipline.
• Proven experience in planning, organizing, and developing IT security system technologies.
• Experience in planning and executing security policies and standards development.
• 10 years’ experience in areas related to IT security and IT security domain expertise, including two years in a significant leadership role.
• Understanding risk-based approaches, regulatory and compliance issues.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Excellent business and technological acumen, leadership style, and organizational skills suited to an environment where multiple projects are run concurrently.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Excellent communications and interpersonal skills.
• Bilingual French and English (spoken and written).

Nice To Haves

• Certification in the field of information security is considered an asset, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Knowledge of International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST).
• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.

Responsibilities

• Develop and implement a comprehensive information security strategy that aligns with the institution's business goals and objectives.
• Ensure security considerations are integrated into all aspects of the institution's operations.
• Ensures that cybersecurity strategy is in compliance with relevant laws, regulations and policies.
• Identify, assess, and mitigate security risks at a strategic level.
• Develop and implement IT risk management frameworks and ensure compliance with relevant regulations and standards.
• Engage with key stakeholders, including senior executives, board members, external institutions, and other external partners, to communicate security risks and strategies.
• Ensure that security is a top priority across the institution.
• Liaises with provincial research network (ORION) and national cybersecurity agencies (CanSSOC, CCCS), higher education consortia (e.g., CUCCIO, CANARIE), and peer institutions to share best practices, align the organization cybersecurity strategy to the national strategy, and stay informed on emerging threats.
• Continuously monitor the threat landscape and evaluate new risks.
• Ensure the institution is prepared to respond to evolving security threats by creating strategic action plans to mitigate these risks.
• Foster a strong security culture within the institution.
• Develop and implement security awareness programs and train employees, external partners, students, and other collaborators on security best practices.
• Collaborate with other institutions, faculties, services and teams to ensure security is integrated into all projects and initiatives.
• Work closely with IT, legal counsel, privacy office, risk management office, and other teams to ensure security considerations are taken into account.

Benefits

• competitive salary
• defined benefit pension plan
• group insurance coverage
• employee and family assistance program