Cyber Security Advisor, Research

University of Toronto•Toronto, ON

4d•CA$93,592 - CA$155,985•Hybrid

About The Position

The Cyber Security Advisor, Research reports to the Manager, Research Information Security Program (RISP) within Information Security, under the Office of the Chief Information Officer. The Advisor enables secure, compliant research across the University by serving as a highly visible, researcher-facing information security advisor. Operating at the intersection of institutional IT security operations and research administration, the Advisor provides expert guidance, risk-based assessments, and enablement support to researchers, research staff, and research offices, helping them understand and meet evolving security expectations from institutional standards, research sponsors, regulatory bodies, and government-driven requirements. The Advisor provides consultative advisory services in a matrixed environment, coordinating across the Office of the CIO and enterprise security operations, the Vice-President, Research and Innovation (VPRI) and related research administration partners, research offices, and faculty and divisional stakeholders. The role requires the ability to align enterprise security capabilities with research-specific needs while maintaining the trust-based relationships with the research community that the program’s service model depends on. The role involves access to sensitive and confidential information, including institutional security posture and vulnerability data, threat intelligence from government and sector sources, details of research involving defence, national security, controlled goods, and commercially sensitive intellectual property, researcher safety information, and security control documentation for high-sensitivity research environments. Candidates must bring a substantive prior background working in or alongside the research enterprise, or with comparably autonomous expert client communities (e.g., clinical investigators, senior faculty, principal scientific or technical staff). The Advisor must exercise discretion and handle such information in accordance with institutional and, where applicable, government requirements. For work involving defence, controlled goods, or national-security-sensitive research, the incumbent may be required to obtain and a Government of Canada reliability and/or security clearance. The consultative, relationship-driven work at the centre of this role is the core of the position, not a soft skill layered on top of technical security delivery. Success depends on sustained relationships, strong familiarity with research practice, and the ability to co-develop practical paths forward with researchers. Technical security knowledge alone, without the consultative orientation and research-community credibility, is not sufficient for this role. The role is most effective when the research community actively seeks the Advisor out early because the service is viewed as credible, helpful, and enabling rather than obstructive. The Advisor will work collaboratively and consultatively in a matrixed environment with a diverse group of colleagues and stakeholders.

Requirements

A university degree, or an equivalent combination of education and experience is required, with work experience in information security, research information security, compliance, risk assessment, or a related field within an academic, research, or similarly complex institutional environment.
Significant experience (typically five or more years) in information security, risk assessment, compliance, security advisory, or closely related domains.
Substantive experience working directly with researchers, research administration, or comparably autonomous expert client communities (e.g., clinical investigators, faculty, senior scientific or technical professionals) in a consultative, client-facing capacity, with evidence of building trust and influencing outcomes through relationships and credibility rather than positional authority.
Strong working knowledge of the research ecosystem and research operating contexts, including how research groups collaborate, handle data, use research computing, navigate sponsor and funder expectations, and operate across multi-institutional and international partnerships, with the ability to translate security requirements into workable, research-aligned controls.
Familiarity with Canadian cyber security frameworks and those common in the higher education and research sector, as well as the broader landscape of sponsor, regulatory, and government-driven requirements that affect research information security.
Experience handling sensitive and confidential information with discretion, including institutional security data, threat intelligence, or information related to research involving defence, national security, or commercially sensitive IP.
Experience advising and briefing senior stakeholders on information security risks and recommendations.
Experience working collaboratively and effectively in a complex, multi-stakeholder environment.
Exceptional interpersonal skills and the ability to build rapport, trust, and credibility quickly with researchers and diverse stakeholders across the University.
Judgment to balance research enablement objectives with institutional security obligations, sponsor requirements, and regulatory compliance.
Strong research, analysis, writing, and presentation skills, including the ability to explain security concepts to non-specialist audiences and document recommendations clearly.
Demonstrated ability to apply risk-based critical thinking consistently and effectively in an advisory capacity.
Sound decision-making in a high-volume environment with competing stakeholder priorities and evolving requirements.
Ability to identify issues and take proactive action including adjusting to changing priorities as necessary.
Excellent organizational and time management skills.
Ability to facilitate productive conversations and navigate sensitive discussions with tact and professionalism.
Clear documentation, briefing, and facilitation skills, including on sensitive and time-critical matters.
Ability to obtain and maintain a Government of Canada security clearance (up to Secret or Top Secret) if required for work involving defence, controlled goods, or national-security-sensitive research.
Knowledge of privacy, confidentiality, and compliance as they relate to research data and institutional information.
Knowledge of the academic environment and working with researchers.

Nice To Haves

Advanced/graduate degree, special training and certificates related to the above areas are an asset.
Experience working in or with the post-secondary education sector is an asset.
Experience working within GRC platforms for control documentation, assessment tracking, or evidence management is an asset.
Relevant professional certifications are considered an asset.
Ability to work in a flexible, on and off-campus hybrid environment.

Responsibilities

Provides consultative advisory services in a matrixed environment, coordinating across the Office of the CIO and enterprise security operations, the Vice-President, Research and Innovation (VPRI) and related research administration partners, research offices, and faculty and divisional stakeholders.
Aligns enterprise security capabilities with research-specific needs while maintaining trust-based relationships with the research community.
Exercises discretion and handles sensitive and confidential information in accordance with institutional and government requirements.
Works collaboratively and consultatively in a matrixed environment with a diverse group of colleagues and stakeholders.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume