Associate Director, Chief Information Security Officer

Regional Municipality of Niagara - Thorold, ON • Full-time • Thorold, Ontario, Canada • C$ 133.45k - C$ 157k / year • 2w ago

SALARY CURRENTLY UNDER REVIEW

This position currently falls within our hybrid model.

About Us

Serving a diverse urban and rural population of more than 475,000, Niagara Region is focused on building a strong and prosperous Niagara. Working collaboratively with 12 local area municipalities and numerous community partners, the Region delivers a range of high-quality programs and services to support and advance the well-being of individuals, families and communities within its boundaries. Nestled between the great lakes of Erie and Ontario, the Niagara peninsula features some of Canada’s most fertile agricultural land, the majesty of Niagara Falls and communities that are rich in both history and recreational and cultural opportunities. Niagara boasts dynamic modern cities, Canada’s most developed wine industry, a temperate climate, extraordinary theatre, and some of Ontario’s most breathtaking countryside. An international destination with easy access to its binational U.S. neighbour New York State, Niagara attracts over 14 million visitors annually, as well as a steady stream of new residents and businesses.

At Niagara Region, we value diversity - in background and experience. We are proud to be an equal opportunity employer. We aspire to hire and grow a workforce reflective of the diverse community we serve. By doing so, we can deliver better programs and services across Niagara.

We welcome all applicants! For more information about diversity, equity, and inclusion at Niagara Region, Diversity, Equity and Inclusion - Niagara Region, Ontarioor email related questions to diversity@niagararegion.ca. To send input on reducing barriers in the current hiring process, please email myhr@niagararegion.ca. For the Region's full employee equity statement, Working at Niagara Region - Niagara Region, Ontario .

Job Summary

Salary Pending Review

Reporting to the Chief Information Officer, the Associate Director, Chief Information Security Officer (CISO) is responsible for setting the strategic direction and overseeing the development and continuous support of an enterprise-wide information security program. This role leads the planning and implementation of IT systems designed to safeguard business operations and facility defenses against security breaches and vulnerabilities. The CISO is focused on strategically anticipating, assessing, and managing emerging security threats that could impact the organization, while collaborating with senior leadership to align security initiatives with broader business goals. Additionally, the CISO develops solutions to mitigate risks and ensures the effective administration of security policies, activities, and standards, including auditing existing systems for compliance and effectiveness.

Education

Bachelor’s degree in Information Technology, Computer Science, related discipline or equivalent combination of education and experience may be considered.

Knowledge

Minimum 10 years of progressively senior level experience in IT management, facilitation and strategic planning related to Cyber Security, Threat Risk Analysis, and Information Management in a medium to large organization of complex diverse nature.
Proven experience in strategic planning, information systems security design, network design, disaster recovery planning, policy development, organizational change, emergency response management and client support services.
Demonstrated ability to apply IT in solving business problems.
Experience with systems design and development from business requirements analysis through to day-to-day management.
Excellent understanding of project management principles - PMP designation is preferred.
In-depth knowledge of applicable laws and regulations as they relate to information security.
Knowledge and understanding of the Personal Health Information Protection Act (PHIPA) and Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and how these apply to the collection, storage, use and retention of data.
Security related certification required, such as CISSP, CISM, CISO, or CISA.
Knowledge of regulatory and industry standards such as ISO, NIST, COBIT, GDPR and other security frameworks.
Understanding of information systems and networks and all areas of Information Security including data protection, incident management, and vulnerability management.
Knowledge of development and management of business continuity and disaster recovery planning.
Previous experience with IT systems threat/risk assessments, IT audits and regulatory compliance such as SOX and GDPR would be an asset.
Experience with cloud security controls and administration would be an asset.

Responsibilities

Provides leadership and direction in the development and execution of service delivery programs and initiatives that support cyber security defense, risk management and information technology audits, to support and enable the alignment and achievement of strategic goals at the division, department, and corporate level. (40% of time)

Oversees the development and implementation of the corporate-wide Information Security Governance program and strategies ensuring alignment with the Information Technology Program and Corporate Enterprise Information Program and ensuring legislative compliance. Acts as the technology lead for the Security Governance Steering Committee and builds and maintains effective partnerships with all Regional departments, shared service partners, external agencies, and tier of government. (25% of time)

Provide leadership, direction, and accountability during cybersecurity incidents, serving, in conjunction with the CIO, as the primary decision-maker and escalation point for incident response efforts across the organization. (5% of time

Build and maintain relationships with internal and external stakeholders to foster consensus and partnerships, ensure effective management of shared services, and collaborate with other levels of government, boards, and agencies (10% of time).

Manages people resource planning for the division or operating unit, determining ideal organizational structures, identifying desirable role and skill mix requirements, and ensuring ongoing work quality and deliverability of results. (10% of time)

Develops, manages, and administersannual and multi-year Capital and Operating budgets for the operating unit ensuring support of Council’s objectives, financial transparency and accountability, monitoring budget adherence, identifying and explaining variances, and financial reporting is effectively managed in compliance with corporate financial policies. Ensure goods and services are acquired in accordance with the procurement policy. Authorize, and administer the acquisition of goods and services for the operating unit and direct reports in accordance with the procurement policy and procedures. (10% of time)

Perform other related duties and responsibilities as assigned or required.

Special Requirements

· In accordance with the Corporate Criminal Record Check Policy, the position requires the incumbent to undergo a Criminal Records Check and submit a Canadian Police Clearance Certificate.

· Must maintain ability to travel in a timely manner to other offices, work locations or sites as authorized by the Corporation for business reasons.

· May be required to support emergency operations under the incident management structure, at the direction of the Emergency Operations Centre Director.

Regional staff strive to enable the strategic priorities of council and the organization through the completion of their work. Staff carry out their work by demonstrating the corporate values.