Manager, Information Systems Security - Jobs in Toronto, ON

Job Description

Date Posted: 12/15/2021Req ID: 21911Faculty/Division: Faculty of PharmacyDepartment: Faculty of PharmacyCampus: St. George (Downtown Toronto)Description:Reporting directly to the Leslie Dan Faculty of Pharmacy (LDFP) Director of Information and Learning Technology (ILT) and reporting indirectly to the U of T Chief Information Security Officer (CISO), the Manager, Information Systems Security (ISS) is responsible for working with Leslie Dan Faculty of Pharmacy (LDFP) faculty, staff, and students to minimize the cyber risk of information, data, servers, infrastructure, and applications. Work is done in the context of existing U of T and LDFP policy, guidelines and applicable legislation in a fluid, consultative environment.The ISS Manager assumes responsibility for the strategic and tactical planning and implementation of systems security, confidentiality, privacy and risk management in the areas of systems administration, server and service design, implementation, operation and support. This includes:

• developing, updating, implementing, promoting and training the community on LDFP’s Information Security and Risk Management Program
• ensuring reliable and robust access controls, service availability, and activity / incident reporting
• applying known security standards as well as establishes new security standards and best practices related to the use and operation of information technology solutions, systems, servers, network services, cloud services and solutions, and proposes strategies by which those standards and best practices are implemented, tested, and confirmed on a regular basis
• actively monitoring threats to the LDFP people, process, and technology
• performing cyber security assessments on LDFP systems, processes, partners, and vendors
• working closely with faculty, staff and students prior to, during and after collection of sensitive data and in the aftermath of a breach or near-miss event in order to advise, train and educate on best practices, procedures and tools.

The ISS Manager acts as a project manager for IT projects that fall within areas related to Information Security or projects, which include confidential and restricted information following the security standards and best practices for Identity and Access Management, Information Disclosure, Information Integrity, Business Continuity and Protection of Privacy. In projects where LDFP ILT is not the lead, the ISS Manager acts as a subject matter expert in the above areas to the Faculty unit leading the project.The ISS Manager reviews the performance of security controls, and effectiveness of projects to achieve the security goals of the Faculty IT portfolio. The ISS Manager is also responsible for the initiation, specification and assessment of a wide variety of contracts covering information security related hardware, software, support and services.The ISS Manager works to support and undertake forensic audits of IT systems and services whose access control mechanisms have been compromised or circumvented, both within and from outside of the University working with the ITS Information Security team as well as external auditors when required; Undertakes investigations in consultation with Human Resources (HR) and Campus Safety to gather forensic IT and security data and evidence in instances of employee and/or student related breaches and misconduct; Participates and assists investigations of potential IT related criminal activity (i.e. denial of service attacks, unauthorized access to user accounts) acting as a local contact and resource for the Campus Police and the ITS Information Security team. The ISS Manager reviews and performs detective auditing of the LDFP Systems Administrators and other privileged IDs for all LDFP systems and servers.As a member of the LDFP administrative management team, the ISS Manager tables proposals to augment and/or improve services delivered and participates in reviewing proposals from others. Their in-depth technical expertise and their team work approach to organizational issues are called upon not only in day-to-day developments but also in tactical and strategic planning efforts as well as filling in for the Director of ILT during periods of absence or unavailability.The ISS Manager has broad and in-depth knowledge of industry innovations and state-of-the-art technology in computing and networking. The ISS Manager has very strong interpersonal skills in communication, emotional intelligence, social intelligence, teamwork, dependability, and responsibility. Familiarity with contract management, project management, and people management are an asset. IT Security certifications held or in progress are an asset.Qualifications Required:I. EDUCATION:University degree in a relevant field, (e.g., Business, Computer Science, Engineering), or equivalent combination of education and experience.II. EXPERIENCE:Four years working in an Information Technology environment, including at least two years working with Information Security as a significant focus of activity. Expert understanding of client and server application deployment and support. Strong understanding of client and server activity tracking. Strong understanding of IT Architecture concepts and security methodologies. Experience auditing systems for compliance (PCI-DSS, PA-DSS, etc.). Experience drafting information security standards and guidelines, assessing risk management and determining controls. Experience in administering enterprise-level Microsoft and Unix-based server applications (Microsoft System Centre, MBAM, Advanced Threat Analytics, etc.) Strong Scripting skills required including Shell and interpreted languages. Experience with application / scripting tools (Powershell, Python). Experience configuring databases and database-backed applications (SQL Server, MySQL). Extensive experience using network and security analysis tools. Extensive experience with intrusion detection and prevention – host and network, active and passive. Experience in selecting, configuring and deploying service mis-use detection and prevention technologies (Anti-Spam, Anti-Virus, Anti-DDOS, etc.). Experience running static and dynamic penetration testing and vulnerability scanning (Metasploit, Nessus, etc.). Experience with deploying, configuring and securing virtualized and cloud (IaaS, SaaS, PaaS, VMWare) environments, and services running in it. Experience with federated access control (i.e. Shibboleth, Active Directory Federation Services (ADFS) or similar services.III. SKILLS:Expert level understanding of Windows and a variety of Unix-like operating systems (Solaris, Linux, OpenBSD, OS X), at both server and client level. Comprehensive knowledge of TCP/IP networking and client-server architecture and protocols. Strong understanding of network configuration, hardware and next-gen firewall/IPS technologies (Cisco ASA, Juniper, Fortinet, Palo Alto, FireEye, etc)Expert level understanding of the following access control technologies – LDAP, Kerberos, and Active Directory. Expert knowledge of Virtual Private Networks (VPNs) and Multi-Factor Authentication (MFA) tools. Expert knowledge of Encryption technologies at network, file and file-system levels. Strong understanding of cryptographic certificates and the operation of certificate authorities.Excellent communication, instruction and presentation skills. Able to describe a variety of complex technical concepts or policies to users and senior leadership at all technical experience levels and to deliver security awareness and education content to faculty, staff and graduate students.IV. OTHER:Ability to work under pressure of high volume and expectations, while meeting multiple deadlines for multiple projects; strong service orientation coupled with ability to recognize and assess the operational significance of a problem, control/mitigate the risk and set priorities accordingly. Strong ability to assess risks and controls of computing systems and operations. Demonstrated broad knowledge of information technology, instructional technology, classroom technology, audiovisual technologies, digital signage, network technologies, databases and application development. Strong ability and willingness to work effectively as a team leader and team member; must be able to collaborate and cooperate with team members, project sponsors, other stakeholders. Ability to supervise team members of varying levels and skill sets including Professional/Managerial as well as staff. Must be able to deal calmly and effectively with a variety of people. Demonstrated ability to exercise sound judgment, tact and diplomacy. Ability to effectively navigate a professional and political climate including assessing the requirement to escalate and issue to more senior levels of management or resources or bodies outside the Faculty; ability to maintain a high level of confidentiality. Ability and willingness to learn new systems, technologies and project management methods and tools.About us:With nearly 1,000 undergraduate and over 140 graduate students walking the halls of our iconic building, the university of Toronto’s Leslie Dan Faculty of Pharmacy is a recognized global leader in the fields of pharmacy education and research. Together, we are moving science and health through a focus on excellence and innovation.With over 180 faculty members including researchers, clinician scientists, clinical educators and community, hospital and affiliated experts, we are the top faculty of pharmacy in Canada and ranked among the top globally. We are committed to offering leading-edge pharmacy education programs and driving innovation and discovery in the pharmaceutical sciences. Our scientists are catalysts for the discovery of novel therapeutic targets, new drugs, medical devices, diagnostic tests and new solutions to provide the safest, most effective and affordable therapies for patientsand methodologies to foster pharmacy practice excellence.Visit us at www.pharmacy.utoronto.ca to find out more about the incredible work being done.Closing Date: 01/14/2022,11:59PM ETEmployee Group: SalariedAppointment Type: Budget - ContinuingSchedule: Full-TimePay Scale Group & Hiring Zone: PM 3 - Hiring Zone: $81,873 - $95,518 - Broadband Salary Range: $81,873 - $136,454Job Category: Information Technology (IT)Quick Apply

• Terms & Conditions
• New Privacy
• Privacy Center
• Accessibility

For Job Seekers

• Browse Jobs
• Advanced Job Search
• Emplois Quebec

For Employers

• Post a Job

Stay Connected