Specialist Risk Management

Division:

Office of the Chief Information Security Officer

Salary Range:

$122,000.00 to $163,639

Work Location:

55 John Street, Toronto

Job Type:

Permanent Full Time

Shift Information:

Monday to Friday, 35 hours work week

JOB SUMMARY:

To provide expert guidance, advice, and operational support for the City’s cyber risk management program, ensuring robust protection against cyber threats. This role also supports the Chief Information Security Officer’s (CISO) mandate, advancing the City’s cyber vision and strategy.

Key responsibilities include identifying, assessing, and mitigating cyber risks across the City, its agencies, and corporations. The role involves close collaboration with cross-functional teams to ensure that cyber practices align with industry standards and regulatory requirements.

MAJOR RESPONSIBILITIES:

1. Supports the implementation of a risk management strategy including the development of supporting methodologies and practices relating to a cyber risk management framework for the City of Toronto.
2. Conducts thorough assessments of potential cyber threats, vulnerabilities, and risks to the information systems and data.
3. Maintains a comprehensive risk register and library, prioritizing risks based on their potential impact and likelihood.
4. Supports remediation roadmaps using NIST frameworks to enhance cyber security maturity of the City’s divisions and its agencies and corporations.
5. Monitors the effectiveness of existing cyber measures and recommends enhancements to reduce risk exposure.
6. Facilitates and coordinates closure of audit findings.
7. Schedules regular assessments and testing of effectiveness and efficiency of controls and create GRC reports.
8. Assesses and implements information cyber controls and procedures required to protect the confidentiality, integrity, and availability of information.
9. Builds collaborative and productive working relationships across the organization to establish, maintain, and continuously improve cyber risk management capabilities and promote risk awareness and intelligent risk-taking.
10. Develops artifacts to support the implementation of a risk management program.
11. Maintains accurate documentation of risk management processes, assessments, and response activities.

QUALIFICATIONS/CERTIFICATIONS:

1. Post-secondary degree in Business or Technology or a related discipline.
2. Extensive experience conducting risk assessments based on NIST cyber security framework and related standards.
3. Strong knowledge of elements of risk, including vulnerability, threat, likelihood, impact, mitigation, remediation, and understanding the implications of cyber risk to the ability of an entity to achieve its business objectives.
4. Expertise working within an Information Security or Governance, Risk & Compliance (GRC) function.
5. Experience in conducting third-party assessments, especially on small and medium-sized service providers.
6. Experience in scoping, supporting and reviewing SOC 2 Type II reports and SOC 27001 certification.
7. Experience developing and assisting with the implementation of cyber policies and standards.
8. Preferred Certifications (at least two in the list): CISSP, CISA, CISM, CRISC, CCSP.

SKILLS:

1. Ability to communicate cyber risks and their implications clearly regardless of their complexity, relishes challenges, and projects a collaborative persona.
2. Skilled at conveying cyber risks to stakeholders at all levels and translating technical details into language that senior executives can readily grasp.
3. Ability to work in transformative programs.
4. Ability to lead efficient communication between all project stakeholders, including internal teams and clients.
5. Ability to achieve business objectives through influencing and effectively working with key stakeholders.
6. Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership, and vendors).
7. Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
8. Keen attention to detail and strong organizational skills.
9. Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
10. Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
11. Strong analytical skills and ability to prioritize and multitask.
12. Ability to prioritize and effectively manage competing priorities and projects.
13. Ability to manage multiple initiatives while adhering to strict deadlines.
14. Tenacious and willing to support the team during peak volumes and workloads with various activities.
15. Able to work extremely well under pressure while maintaining a high level of professionalism.
16. Self-motivated team player who takes initiative and can work independently.
17. Transferable skills, like communication and decision-making, are equally important.
18. Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.

ADDITIONAL COMMENTS/INFORMATION:

A normal work week is 35 hours; however, unforeseen situations may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.

*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, DIVERSITY, and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

ACCOMMODATION

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.