This job posting has expired.

Here are some similar positions.

Coordinator – IT Security Risk Management Portfolio Lead

December 2 2019
Industries Education, Training
Categories Information Technology, Installation, Maintenance, Repair, Internet, Web, E-Commerce, Programming, Development, Networking, Project management, QA, Tester, Debug, Systems architect, Design, Security, Continuity, Risk, Product development and Management, System administrator
Toronto, ON


Non-Union Level 6 - $97,333 - $116,795

The Toronto Catholic District School Board (TCDSB) is currently hiring for a new role leading the IT Security Risk Management portfolio. Reporting to and under the direction of the Chief Information Officer, this new exciting position will form a part of our Information and Technology Strategic Plan, in building the foundation for the digitally enabled school.  You will have the opportunity to grow a new IT Security Risk Management practice from the ground up, while working collaboratively with system leaders, union partners, and the executive team to enhance cyber security, support secure online business practices and teaching methods, shape technology policies, partner on large system implementations, and safeguard student and family privacy.

The portfolio lead of IT Security Risk Management will possess sound knowledge of business management and a working knowledge of cybersecurity technologies covering systems and networks as well as the broader digital ecosystem and should understand and articulate the impact of cybersecurity on business processes and educational services, with the ability to communicate this to the executive team and other stakeholders. 


  • Minimum four (4) year university degree in business administration, engineering, or a technology-related field.  Or an equivalent combination of education and experience
  • Minimum four (4) years proven experience in a management role for information technology/risk in a large enterprise environment management/information security or similar areas of expertise
  • A professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) an asset, or willingness to obtain
  • Experience in developing technology policies, processes, and/or procedures
  • Sound knowledge of business management and team leadership practices
  • Strong knowledge of information security risk management and cybersecurity technology
  • Up-to-date knowledge of methodologies and trends in both business and IT
  • Knowledge of information security management systems/frameworks, such as ISO/IEC 27001, ITIL, COBIT, NIST including 800-53 and Cybersecurity Framework, etc.
  • Knowledge and understanding of relevant legal and regulatory requirements, such as the Education Act, Municipal Freedom of Information and Protection of Privacy Act (or FIPPA), Payment Card Industry/Data Security Standard.
  • Excellent written and verbal communication skills
  • Excellent interpersonal, organizational and analytical skills
  • Proven ability to communicate on information security and risk-related concepts to technical and nontechnical audiences at all levels of the organization and stakeholders, ranging from the public to technical specialists
  • Proven ability to respond competently in high-pressure and high-stress situations
  • Demonstrated ability to manage multiple projects and meet overall objectives under strict timelines in a demanding, dynamic environment
  • Project management skills: financial/budget management, scheduling and resource management


  • Support the Chief Information Officer in determining the information security approach and operating model, in consultation with stakeholders, in developing and building a new IT Security and Risk that encompasses the vision and strategy of the Board.   This includes standards, guidelines, policies and procedures, and future needs as related to information security in both classroom and business operations
  • Develop, implement and enforce the IT Security Practices and Policies across the system
  • Work with other IT professionals to develop an IT security strategy and improve IT security practices across all Departments within the broader ICT Services Division
  • Oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of system outcomes
  • Develop and enhance information security management procedures and practices based on a standard IT security framework such as Technology NIST Cybersecurity Framework, ITIL or COBIT/Risk IT framework
  • Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, including but not limited to, developing and maintaining a document framework of continuously up-to-date information security procedures, standards and guidelines, and overseeing the approval and publication of these documents
  • Develop incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event
  • Act as a lead during security incidents and events to protect corporate IT assets, intellectual property, personal and regulated data, and the company's reputation
  • Work collaboratively with the privacy staff to ensure that all personal information owned, collected or controlled by TCDSB is processed and stored in accordance with applicable laws and applications
  • Establish metrics to measure the effectiveness of this security training program for the different audiences
  • Monitor the external environment for emerging security threats and recommend mitigating activities and updating relevant stakeholders as required
  • Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies
  • Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders as part of a strategic enterprise risk management program
  • Develop and oversee effective disaster recovery policies and standards to align with the Board's business continuity management goals
  • Perform other tasks/duties as assigned by the Chief Information Officer, or required

Barrier-Free Recruitment and Selection
The TCDSB is committed to creating an inclusive, barrier-free recruitment and selection process.  Please inform the Human Resources department, at the time of your application, of any requirement for accommodation in order for us to assess all candidates in a fair and equitable manner. Documentation to support the accommodation may be requested as required prior to the implementation of the accommodation measures.

Interested applicants are asked to submit a completed résumé, cover letter, and any related educational documents, and reference letters, no later than Monday, December 16, 2019.

Applications are to be submitted online through Apply To Education.

We thank all applicants, however, only those selected for further consideration will be contacted.

Please note, candidates selected for an interview will be required to provide original applicable education documents. network