Information Security Program Manager

Job Description

<p><h3>Overview</h3><p>Information Security Program Manager</p><p>Date Posted: 09/08/2025</p><p>Req ID: 44188</p><p>Faculty / Division: Ofc of the Chief Information Officer</p><p>Department: Information Security</p><p>Campus: St. George (Downtown Toronto)</p><p><b>Description :</b></p><p>Reporting to the Chief Information Security Officer (CISO) of the University and a dotted line to the Director of the Citizen Lab, based at the Munk School of Global Affairs & Public Policy, but operating with substantial autonomy under very general guidelines. The Information Security Program Manager provides strategic leadership and management for developing and implementing Information Security Programs, which includes, but is not limited to, the security of the Citizen Lab, data centers, campus perimeter, and campus enterprise systems; managing risk and privacy assessments; incident response and investigation; and outreach and awareness. The Manager provides strategic and tactical planning, evaluation, design, development, implementation, and overall management and support of the University’s Information Security Program, with the goal to protect and improve the University’s cybersecurity posture, infrastructure, and culture to minimize risk of compromise to ITS services for the campus community, including teaching, learning, research, and services to staff, faculty and students.</p><h3>Responsibilities</h3><p>Working with the Citizen Lab, the Manager maintains up-to-date knowledge of advances in IT security, continually evaluating the performance of the Citizen Lab’s Information Security Program, analyzing gaps and vulnerabilities, solving security and privacy risk issues, integrating new systems with current systems, and initiating projects to augment and improve services. The Manager develops and implements protocols for security of communications during disruptions and establishes new security standards and best practices related to the use and operation of digital assets, and strategies by which those standards are applied across the Lab and the University.</p><p>As the key senior project team member for major security infrastructure and solutions, the incumbent leads and provides expertise at all stages of each cybersecurity project, from design to delivery, ensuring current, high-quality innovative and advanced solutions are applied in accordance with service best practices, and evaluating appropriateness for final use to effectively achieve security goals of ITS services to the University and Citizen Lab community, and privacy requirements. The Manager establishes and manages strong relationships with all levels of the University and the Citizen Lab community including executive leadership, project teams, support teams, clients, stakeholders, and IT departments across the University of Toronto. Working as an internal consultant, the incumbent reviews proposals from other departments using in-depth technical and subject matter expertise and partners with other project teams to recommend and deliver security solutions.</p><p>With high-level authorization to the University’s computer systems (including M365) and the Citizen Lab’s computer systems (MDM, Google Workspace), the Manager leads information security incident response for systems and services whose access control mechanisms have been compromised or circumvented, both within and from outside of the University. The incumbent oversees the monitoring of cyber threats to lab and campus systems and the auditing of Citizen Lab systems administrators and others with privileged IDs for all Citizen Lab systems and servers, ensuring secure, uncompromised access. The incumbent undertakes investigations, gathering forensic IT and security data and evidence in incidents of employee-related breaches and misconduct, and of potential IT-related criminal activity, partnering with relevant departments such as Campus Police, central ITS, external auditors, and/or HR/ Labour Relations as required.</p><p>The Information Security Program Manager manages projects with a strong business-oriented focus. The Manager allocates project-related human resources and workload planning, directs staff efforts and assigns project priorities. The Manager is responsible for financial and contract management, and prepares and manages project budgets. The incumbent is responsible for initiation and successful negotiation of contracts and procurement processes covering hardware, software, consulting and professional services, and for managing budget expenditures and recoveries to complete projects in a timely, accurate and cost-effective manner.</p><p>The Information Security Program Manager serves on University committees, and has frequent contact with academic departments, instructors, and the research enterprise, to advise on security and privacy considerations, global threat landscape, nation-state actors and cybercrime.</p><h3>Qualifications</h3><p><b>Education :</b></p><p>University degree in Computer Science, Engineering, or an equivalent combination of education and experience. A Graduate Degree and certifications and specialization in information security and management, such as CISSP, CISA, ISO Audit, PMP, CRISC or other relevant certifications, are assets.</p><p><b>Experience :</b></p><ul><li>Eight (8) years experience working in the IT industry, with five (5) years experience in a team lead or senior/supervisory role in an IT and/or organizational security operation.</li><li>Five plus (5+) years working with Information Security as a prime focus of activity. Proven experience in planning, organizing, and developing IT security and facility security system technologies including end point protection, identity and access management, vulnerability management, network security, security incident response, tabletop exercises, risk management and application security.</li><li>Experience working with a broad range of stakeholders and IT SMEs.</li><li>Experience in planning and executing security policies and standards development.</li><li>Excellent knowledge of technology environments, including information security and defense solutions.</li><li>Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems, including financial, human resources and email.</li><li>Good understanding of computer systems characteristics, features, and integration capabilities.</li><li>Experience with systems design and development from business requirements analysis through to day-to-day management.</li><li>Strong understanding of IT Architecture concepts and security methodologies.</li><li>Experience developing and adopting information security standards and guidelines.</li><li>Expert level understanding of Information Security technologies and concepts.</li><li>Excellent understanding of defense in depth strategies and implementation across the entire ecosystem (endpoints, servers, appliances, cloud and network architecture, etc.).</li></ul><p><b>Skills :</b></p><p>Strong managerial and leadership skills. Strong communication skills, both verbal and written. Excellent project management and problem solving skills. Ability to quickly analyze and interpret forensic information and evidence. Ability to master new technology quickly. Strong understanding of change and configuration management processes.</p><p><b>Other :</b></p><p>Broad knowledge of industry innovations and state-of-the-art technology in computing and networking, in-depth knowledge of information security. Strong organizational and interpersonal skills. Familiarity with financial requirements of project management is an asset. Familiarity with database administration and operations. Exposure to e-commerce and other net-centric business models highly desirable.</p><p>Closing Date: 09/30/2025, 11:59 PM ET</p><p>Employee Group: Salaried</p><p>Appointment Type: Budget - Continuing</p><p><b>Schedule :</b> Full-Time</p><p>Pay Scale Group & Hiring Zone: PM 5 Hiring Zone: $120,499 - $140,583</p><p>Broadband Salary Range: $120,499 - $200,831</p><p><b>Job Category :</b> Information Technology (IT)</p><p><b>Diversity Statement</b></p><p>The University of Toronto embraces Diversity and is building a culture of belonging that increases our capacity to effectively address and serve the interests of our global community. We strongly encourage applications from Indigenous Peoples, Black and racialized persons, women, persons with disabilities, and people of diverse sexual and gender identities. We value applicants who have demonstrated a commitment to equity, diversity and inclusion and recognize that diverse perspectives, experiences, and expertise are essential to strengthening our academic mission.</p><p>As part of your application, you will be asked to complete a brief Diversity Survey. This survey is voluntary. Any information directly related to you is confidential and cannot be accessed by search committees or human resources staff. Results will be aggregated for institutional planning purposes. For more information, please see http://uoft.me/UP</p><p><b>Accessibility Statement</b></p><p>The University strives to be an equitable and inclusive community, and proactively seeks to increase diversity among its community members. Our values regarding equity and diversity are linked with our unwavering commitment to excellence in the pursuit of our academic mission.</p><p>The University is committed to the principles of the Accessibility for Ontarians with Disabilities Act (AODA). As such, we strive to make our recruitment, assessment and selection processes as accessible as possible and provide accommodations as required for applicants with disabilities.</p><p>If you require any accommodations at any point during the application and hiring process, please contact uoft.careers@utoronto.ca</p><p><b>Job Segment :</b> Information Technology, IT Manager, Program Manager, Information Security, Cloud, Management, Technology</p></p>
#J-18808-Ljbffr