Manager Cyber Security

Manager Cyber Security
ITS
Permanent

Today, the Royal College has over 55,000 members and the vision remains to advance the learning for specialist physicians to deliver the best health care for all. The Royal College partners and collaborates to lead the evolution of specialty medical education and standards; support specialist physicians, learners and teams to continuously improve; and advocate for excellence in specialty medicine by supporting innovation, well-being, equity and person-centered care. We are a national, nonprofit organization established in 1929 by a special Act of Parliament to oversee the medical education of specialists in Canada.

Reporting to the Director Information and Technology Services, the Manager Cyber Security will define the strategic direction of Royal College’s digital security program, ensuring security is seamlessly integrated into our services and day-to-day activities. You will be accountable for Royal College Cyber Security posture, roadmap, policies, and the day-to-day operations to protect the Royal College’s information and technology assets. This position will lead the design, implementation, and ongoing management of security controls. You will lead a team of cyber security professionals and partner with business leaders across the Royal College to provide cyber security guidance, standards, oversight and support. You and your team will mitigate risks in our digital environment, detect threats, and respond to security incidents effectively. You will test these controls and make sure they are working and being followed. This role will play a role in ensuring compliance with security best practices across the digital environment.

Here’s an insight into your typical day-to-day:

1. Develop, implement and maintain the information security program to ensure that it aligns with the organization's goals, objectives, and risk tolerance.
2. Research and evaluate emerging cyber security trends, threats, and technologies and provide recommendations and insights to enhance the Royal College’s cyber security posture and capabilities.
3. Develop and maintain enterprise information security architectures and solutions.
4. Build and maintain effective relationships with internal and external groups and represent security in various projects, committees and working groups.
5. Lead Information Security delivery for the Royal College, including threat detection, monitoring, and incident response. You will have responsibility for security input at the Security, Privacy Records and Information Governance Committee (SPRING) as well as at Digital Governance committees.
6. Conduct cyber security assessments and testing ensuring that cyber security practices are working as expected and gaps/issues are identified and remediated.
7. Work collaboratively with other ITS managers, business units, legal, and privacy to develop and maintain an information security roadmap.
8. Establish and monitor the ongoing effectiveness of Security and Privacy design practices and ensure alignment with relevant Royal College Policies and procedures.
9. Work with the broader Crisis Management and Business Continuity Teams to ensure effective procedures are in place to respond to a significant incident.
10. Develop and test Playbooks and Incident Response Plans to ensure the Royal College is prepared to respond to various cyber security incident scenarios.
11. Monitor constantly changing technology landscape to ensure Royal College systems and applications are well positioned to meet current and future business requirements.

Does this sound like you?

1. Level of education, training and experience equivalent to a bachelor’s degree in computer science, mathematics, engineering, information systems or related field or related experience.
2. 10 years’ demonstrated experience with Information Security frameworks, and information security principles.
3. 5 years’ demonstrated management experience leading, managing and coaching a team focused on results.
4. Experience with protecting a cloud based, Azure focused (but not exclusive), environment. Strong understanding and working experience with Microsoft security products is required.
5. CISSP, CISM, or GIAC or equivalent certification.
6. Strong understanding of NIST CSF, NIST RMF, ISO27001, SOC2 PCI DSS, ITIL.
7. Programming knowledge (Python, UNIX shell scripting, PHP, etc.).
8. Strong Asset: Systems Security Certified Practitioner (SSCP).
9. Strong Asset: Certified Ethical Hacker (CEH).
10. Bilingualism is an asset.
11. Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
12. Experience in developing and administering information security procedures and programs.
13. Experience with Event Management/SIEM Management, and Identity and Access Management principles and systems.
14. Experience completing Risk and Control Assessments for systems and applications.
15. Experience developing and monitoring a Threat and Vulnerability Management program and associated systems.
16. Strong written and verbal communication skills with the ability to interact and communicate with stakeholders and business leaders at all levels, to effectively communicate information.
17. Experience in developing and managing budgets.
18. High degree of professionalism, ethics, and integrity with the ability to handle highly sensitive information.

How to get noticed?
Please apply through our UKG recruitment platform with your résumé, covering letter and salary expectations by April 27, 2025.

The Royal College invites applications from all qualified applicants. The Royal College is strongly committed to employment equity and diversity in the workplace and encourages applications from Black, racialized/visible minorities, Indigenous/Aboriginal people, women, persons with disabilities, and 2SLGBTQIA+ persons. In accordance with Canadian immigration requirements, Canadian citizens and permanent residents of Canada will be given priority.

We sincerely thank all applicants for their interest; however, we will only contact those under consideration. An eligibility list may be established for similar positions of various tenures. The list will be retained for a maximum period of 18 months.

The Royal College supports a hybrid work environment which includes a combination of working both onsite in Ottawa and from home.

The Royal College will provide support in its recruitment processes to applicants with disabilities, including accommodation that considers an applicant’s accessibility needs. If you require accommodations during the interview process, please contact careers@royalcollege.ca.

Please note that the job advertisement will no longer be available once the position has closed.

Salary ranges from $115,716 - $141,430