Website University of Guelph

Computing and Communications Services (CCS), the central IT department on campus, provides core IT services and technology solutions to the University of Guelph community. As a subject matter expert and best practices leader in cyber security, you welcome this opportunity to make your mark as part of the CCS Information Security team.

Reporting to the Chief Information Security Officer (CISO) within the CCS department, you’ll be primarily responsible for providing subject-matter expertise and leadership for the information security policy, risk, compliance, and security awareness portfolios. An integral part this senior role as Information Security Risk and Compliance Lead will involve influencing direction, developing consensus, as well as planning and executing initiatives in these areas to support the overall cyber security roadmap of the University.

Working in conjunction with other members of the Information Security team, campus IT groups, management, faculty, and staff, you will:

  • Provide subject-matter expertise and consultation services to University departments regarding data and systems security, risk management, and standards compliance, including representing Information Security on projects and working groups, such as the Research Ethics Board (REB), where you’ll provide consulting services and thorough review of information and data security concerns.
  • Assess the security and risk associated with proposed new platforms and applications, including cloud-based services, as requested by campus units or individual members of the campus community. The review process will include analyzing technical documentation, request for proposal (RFP) responses, technical architecture, third-party security reports, and vendor responses to security assessment questions.
  • Lead CCS efforts on our governance, risk, and compliance activities, including ongoing support for the associated processes and tools. This includes tracking audit findings with staff and preparing a monthly metrics dashboard for management and internal audit, as well as working with groups on campus and auditors to ensure that we adhere to, and maintain, our certifications, such as our annual PCI compliance certification.
  • Manage investigations into information security incidents and violations of University information security policies, documenting and tracking these incidents, and interfacing with management, Campus Community Police, University committees, and external agencies, as necessary.
  • Lead cyber security awareness initiatives to educate students, staff, and faculty on secure computing practices, including giving presentations to campus groups on relevant topics, such as new employee orientation presentations and other security awareness events during the year.
  • Oversee the response and remediation of security vulnerabilities with system owners and campus IT representatives as part of the information security vulnerability management program, working with system owners to drive closure of security vulnerabilities to improve the overall security posture of the University.
  • Audit and formulate security standards, policies and procedures related to all aspects of information security.
  • As a member of the Security Operations Centre (SOC) team, regularly assess and proactively monitor the security and risk posture of University information systems, networks, technical infrastructure, accounts, and data. 
  • Participate in the evaluation, acquisition and implementation of security-related technologies, such as authentication/authorization mechanisms, encryption, certificate services, anti-malware software, email and network filtering, intrusion detection, and security information and event management.
  • Collaborate with the CISO to develop security roadmaps, project plans, and risk mitigation strategies.

REQUIREMENTS

To assume the role of Information Security Risk and Compliance Lead, you must have a profile that includes:

  • Bachelor’s degree in Computer Science, Information Technology, Math, Business Administration, or a related field, and a minimum of seven (7) years of related work experience
  • Extensive prior work experience in cyber security roles
  • Expert knowledge and hands-on technical experience in cyber security monitoring, and incident handling, response, and investigation
  • Demonstrated expert knowledge and understanding of all information security domains:
    • Security and risk management
    • Asset security
    • Security architecture and engineering
    • Communications and network security
    • Identity and access management
    • Security assessment and testing
    • Security operations
    • Software development security
  • Previous experience performing security risk assessments and vulnerability management
  • Strong ability to analyze and understand technical data, including white papers, proposals, and RFPs
  • Experience and familiarity with disaster recovery methodologies, business resumption planning, and application development methodologies
  • Familiarity with relevant Canadian and International privacy legislation and standards such as ISO 27001, FIPPA, PHIPA, and PCI-DSS
  • Demonstrated ability to exercise sound and ethical judgement when handling matters requiring a high level of diplomacy, sensitivity and confidentiality
  • Highly developed skills of collaboration, communication (written and oral) and time management, with an ability to explain complex concepts to technical and non-technical members of the University community
  • Strong leadership, business analysis, and project management skills
  • Strong customer service focus and solution orientation
  • Strategic thinking with proven analytical and creative problem-solving skills
  • Demonstrated ability to establish priorities, with a track record of delivering on strategic and tactical objectives
  • Ability to work well under pressure, meet established deadlines, and manage conflicting priorities
  • Ability to work individually and as an integral member of a high-performance team

The following skills and experiences will set you apart as an ideal candidate:

  • Industry-recognized information security certifications, such as CISSP, CISM, GIAC, PCIP, or equivalents
  • Previous experience in higher education
  • Familiarity with the information technology needs of a university community, and an understanding of the work environments, policies, and governance structures of a university
  • Prior experience in supporting users in a large, complex, institutional information technology environment, in the area of information security

NOTE: This appointment is regularly performed on-campus but, due to the COVID-19 pandemic, will be initially fulfilled remotely (off-campus) until the University resumes its regular operations.

The University of Guelph (www.uoguelph.ca) is one of Canada’s leading research-intensive comprehensive institutions, with a record of outstanding scholarship in the arts, humanities, social sciences, life sciences, physical and engineering sciences, agriculture and veterinary sciences. This is your chance to join us in our endeavour to improve life.

To view a detailed posting for the role of Information Security Risk and Compliance Lead, including application instructions, please go to our website at www.uoguelph.ca/jobs. Applications, quoting Hiring #2021-0043, must be sent to: careers@uoguelph.ca.

At the University of Guelph, fostering a culture of inclusion is an institutional imperative. The University invites and encourages applications from all qualified individuals, including from groups that are traditionally underrepresented in employment, who may contribute to further diversification of our Institution.

To apply for this job please visit www.uoguelph.ca.

Information Security Risk and Compliance Lead