Manager, IT Infrastructure and Security

University of Toronto•Toronto, ON

79d•CA$120,499 - CA$200,831•Onsite

About The Position

The Faculty of Applied Science & Engineering is a world-renowned community of researchers and students dedicated to solving some of the world's most pressing challenges through collaborative and multidisciplinary research and experiential education. Through rigorous technical training, and unparalleled extracurricular and professional experience opportunities, we prepare the next generation of engineering leaders and changemakers to unlock the future's boundless potential. The Faculty of Applied Science and Engineering is distributed and complex, serving the needs of teaching, research and administration in academic units and institutes. The Faculty Information Technology Office, in partnership with academic units is responsible for ensuring that technology is delivered and stewarded with security and risk focus and in alignment with institutional guidelines and direction. Reporting to the Director, Information Technology, and operating with substantial autonomy, the Manager provides strategic leadership and tactical oversight for the Faculty’s Digital Infrastructure (servers, networks, cloud platforms, and related services) and leads the Faculty’s Information Security and Risk Management Program, including cybersecurity initiatives. The role maintains a dotted-line relationship with the University’s Chief Information Security Officer (CISO), as required. The Manager works closely with academic departments and units across the Faculty to minimize the risk of compromise to all Faculty IT services and resources. This includes analyzing gaps and vulnerabilities, addressing security and privacy risks, integrating new systems with existing environments, and initiating projects to augment and improve service delivery. The Manager oversees the monitoring of cyber threats and ensures that systems, servers and computing solutions administered by the Faculty and its academic units are secure and available. The role also ensures that appropriate disaster recovery and business continuity plans are established, maintained and regularly tested. With high level authorization to the University’s computer systems, the Manager leads information security incident response for systems and services whose access control mechanisms have been compromised or circumvented, both within and from outside of the University. In coordination with academic and administrative leadership, the Manager undertakes investigations, gathering forensic IT and security data and evidence, partnering with relevant departments such as Campus Police, central ITS, external auditors, the Privacy Office and/or work in consultation with Human Resources and Labour Relations as required. The Manager collaborates with departmental and faculty-wide groups to ensure that all projects containing confidential and restricted information follow the information security standards and best practices for Identity and Access Management, Information Disclosure, Information Integrity, Business Continuity and Protection of Privacy. As a member of the FASE management team, the incumbent tables proposals to augment and/or improve services delivered and participates in reviewing proposals from others. The incumbent’s in-depth technical expertise and teamwork approach to organizational issues are called upon not only in day-to-day developments but also in tactical and strategic planning efforts. As the key senior project team member, for major digital infrastructure initiatives and solutions, the Manager provides expertise at all stages of each assigned project, from design to delivery, ensuring current, high-quality innovative and advanced solutions are being applied in accordance with service best practices, and evaluating appropriateness for final use to effectively achieve and optimize delivery of IT services to the faculty. The Manager establishes and manages strong relationships with all levels of the FASE community including executive leadership, project teams, clients, stakeholders, and academic departments across the Faculty and the University of Toronto to promote resilient Digital Infrastructure and cybersecurity awareness. Work is done in collaboration with institutional partners including other academic Divisions, IT&S, FIPP office and others. The Manager oversees direct reports and manages IT enterprise projects with a strong business-oriented focus. The Manager allocates project related human resources and work force planning, directing staff efforts and assigning project priorities. The Manager is responsible for financial and contract management and prepares and manages project budgets. The Manager is also responsible for the initiation and successful negotiation of a wide variety of contracts covering hardware, software, consulting and professional services, and is responsible for the management of budget expenditures and recoveries and for completing projects in a timely, accurate and cost-effective manner. The Manager will also deploy mechanisms and approaches to champion and progress models, templates and documentation for robust Digital Infrastructure and cybersecurity, including availability, business continuity, disaster recovery planning and audits. The Manager serves on University committees, and has frequent contact with academic departments, instructors, and the research enterprise, to advise on security and privacy considerations, global threat landscape, nation state actors and cybercrime.

Requirements

University degree in Computer Science, Engineering, or an equivalent combination of education and experience.
At least eight (8) years of experience working in the IT industry.
Five (5) years of experience in a team lead or senior/supervisory role in an IT and/or organizational digital infrastructure and security operation.
Five plus (5+) years working with Information Security as a prime focus of activity.
Proven experience in planning, organizing, and developing IT infrastructure and security.
Experience working with a broad range of stakeholders and IT SMEs.
Experience in planning and executing security policies and standards development.
Excellent knowledge of technology environments and cloud platforms (Azure).
Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including financial, human resources and email.
Good understanding of computer systems characteristics, features, and integration capabilities.
Experience with systems design and development from business requirements analysis through to day-to-day management.
Strong understanding of IT Architecture concepts and security methodologies.
Experience in leading the architecture and governance of the Security DevOps strategy, setting technical standards and providing direction for CI/CD pipelines, infrastructure-as-code across cloud platforms, policy enforcement, and monitoring and alerting frameworks to enable secure, scalable, and reliable software delivery.
Experience developing and adopting information security standards and guidelines.
Expert level understanding of Information Security technologies and concepts.
Excellent understanding of defense in depth strategies and implementation across the entire ecosystem (endpoints, servers, appliances, cloud and network architecture, etc…)
Experience auditing systems for compliance (PCI-DSS, PA-DSS, etc.).
Experience with deployment of policies and security controls within cloud-based platforms (Azure, O365, etc. …).
Strong and proven managerial, relationship management and leadership skills.
Strong communication skills, both verbal and written.
Excellent project management and problem-solving skills.
Ability to quickly analyze and interpret forensic information and evidence.
Ability to master new technology quickly.
Strong understanding of change and configuration management processes.
Demonstrated aptitude for security/or major incident management.
Excellent communication, instruction and presentation skills.
Able to describe a variety of complex technical concepts or policies to users and senior leadership at all technical experience levels and to deliver security awareness and education content to faculty, staff and graduate students.
Broad knowledge of industry innovations and state-of-the-art technology in both computing and networking arenas, and in-depth knowledge of information security.
Strong ability to assess risks and controls of computing systems and operations.
Ability and willingness to learn new systems, technologies and project management methods and tools.
Ability to work under pressure of high volume and expectations, while meeting multiple deadlines for multiple projects.
Strong service orientation coupled with ability to recognize and assess the operational significance of a problem, control/mitigate the risk and set priorities accordingly.
Strong ability and willingness to work effectively as a team leader and team member; must be able to collaborate and cooperate with team members, project sponsors, other stakeholders.
Must be able to deal calmly and effectively with a variety of people.
Demonstrated ability to exercise sound judgment, tact and diplomacy at all times.
Ability to effectively navigate a professional and political climate including assessing the requirement to escalate an issue to more senior levels of management or resources or bodies outside the Faculty; ability to maintain a high level of confidentiality.

Nice To Haves

A Graduate Degree and certifications in information security and management, such as CISSP, CISA, ISO Audit, PMP, CRISC or other relevant certifications, are an asset.
Familiarity with financial requirements of project management a plus.
Familiarity with database administration and operation a plus.
Exposure to e-commerce and other net-centric business models highly desirable.
Expedience with and ability to provide support outside of normal working hours, as needed.

Responsibilities

Provides strategic leadership and tactical oversight for the Faculty’s Digital Infrastructure (servers, networks, cloud platforms, and related services).
Leads the Faculty’s Information Security and Risk Management Program, including cybersecurity initiatives.
Works closely with academic departments and units across the Faculty to minimize the risk of compromise to all Faculty IT services and resources.
Analyzes gaps and vulnerabilities, addressing security and privacy risks, integrating new systems with existing environments, and initiating projects to augment and improve service delivery.
Oversees the monitoring of cyber threats and ensures that systems, servers and computing solutions administered by the Faculty and its academic units are secure and available.
Ensures that appropriate disaster recovery and business continuity plans are established, maintained and regularly tested.
Leads information security incident response for systems and services whose access control mechanisms have been compromised or circumvented.
Undertakes investigations, gathering forensic IT and security data and evidence, partnering with relevant departments.
Collaborates with departmental and faculty-wide groups to ensure that all projects containing confidential and restricted information follow information security standards and best practices.
Tables proposals to augment and/or improve services delivered and participates in reviewing proposals from others.
Provides expertise at all stages of major digital infrastructure initiatives and solutions, from design to delivery.
Establishes and manages strong relationships with all levels of the FASE community.
Oversees direct reports and manages IT enterprise projects with a strong business-oriented focus.
Allocates project related human resources and work force planning, directing staff efforts and assigning project priorities.
Responsible for financial and contract management and prepares and manages project budgets.
Responsible for the initiation and successful negotiation of a wide variety of contracts covering hardware, software, consulting and professional services.
Responsible for the management of budget expenditures and recoveries and for completing projects in a timely, accurate and cost-effective manner.
Deploys mechanisms and approaches to champion and progress models, templates and documentation for robust Digital Infrastructure and cybersecurity.
Serves on University committees.
Has frequent contact with academic departments, instructors, and the research enterprise, to advise on security and privacy considerations, global threat landscape, nation state actors and cybercrime.