Information Security Manager

Duties and Responsibilities:

• Lead the development and implementation of the IAM program to follow industry best practices while meeting the needs of a diverse university community.
• Undertake project management on assigned projects, coordinate RFPs, review and evaluate bid submissions, track progress and costs, provide status reports, complete documentation, and project transfer.
• Communicate, consult, and assist with internal and external partners.
• Provide security advice and guidance to projects and decision-makers.
• Lead projects, migrate systems to new technology, develop/adapt business processes, and ensure IAM oversight using information security platforms.
• Contribute to the development of information security policy and strategy.
• Ensure compliance with information security policies and regulatory environment, e.g., PCI DSS, and improve security posture.
• Coordinate and communicate with consultants, contractors, vendors, and campus partners.
• Conduct digital forensic audits, incidence response and recovery, review logs, troubleshoot, and recommend actions on mitigating security controls.
• Complete business process compliance verifications, assess tool effectiveness, and provide recommendations.
• Manage IAM lifecycle processes, collect monthly metrics, and provide reports.
• Provide security awareness, deliver training, and respond to security tickets e.g., phishing, malware, or virus infection.
• Develop and update security incident response protocols, outline steps and procedures, and safeguards.
• Respond to internal and third-party policy and process audits, work with auditors, provide information, and make recommendations for risk mitigation.
• Act as subject matter expert, provide advice to senior information technology leaders, and contribute to the development of processes and procedures.
• Research existing and emerging technologies, threats, and vulnerability remediation.
• Advise on risk management opportunities and provide input into information security strategy.
• Monitor threat intelligence and take remedial action on behalf of the institution.
• Draft, review, and maintain the currency of the university’s information security policy frameworks.

Qualifications:

• Strong knowledge of access control, cryptography, security operations, communications security, system development and maintenance, computer architecture, information security management, systems security law, investigation protocols, and application program security.
• Familiarity with industry regulations, standards, and best practices such as the NIST Cybersecurity Framework (CSF), PCI DSS, etc.
• Strong oral and written communication skills.
• Ability to lead and manage a team independently.
• Knowledge of agile development techniques and secure software development life cycle.
• Ability to translate security-related matters into business terms that are clear and understandable to executives.
• Strong problem-solving and troubleshooting skills.
• Ability to manage projects and meet objectives.
• Experience with authentication technologies, such as Entra ID, CIAM solutions, Microsoft Active Directory/Windows authentication, OpenLDAP, SAML, Kerberos, OpenID Connect, OAuth, and federated identity management.
• Certification in one or more public cloud platforms, such as AWS, Azure Cloud, or Google Cloud.
• Experience with administrating authentication technologies, such as Microsoft Active Directory/Windows authentication, OpenLDAP, Shibboleth, SAML, Kerberos, OpenID Connect, OAuth, and federated identity management.

Education and Experience:

• Bachelor’s degree in computer science, information systems, cybersecurity, or a related field.
• Certified Information Systems Security Professional (CISSP).
• Minimum of five years of previous experience in information/cyber security and systems infrastructure (including identity and access management), including three years of supervision and leadership experience.

HR Note:

Equivalencies will be considered. Applicants are encouraged to provide information which may demonstrate equivalent qualifications. Please note that applicants may be required to complete an employment test as part of the selection process for this position. Those applicants that are selected for an interview will be requested to contact the Human Resource Advisor assigned to this competition as soon as possible to discuss any accommodation requirements. Arrangements will be made to accommodate your request in a timely manner. Carleton University is strongly committed to fostering diversity within its community as a source of excellence, cultural enrichment, and social strength. We welcome those who would contribute to the further diversification of our University including, but not limited to: women; visible minorities; First Nations, Inuit and Métis peoples; persons with disabilities; and persons of any sexual orientation or gender identity and expressions.