It jobs in United States

JOB INFORMATION

Requisition ID: 11103

Number of Vacancies: 1

Department: Information Technology Services (20000014) - ITS-Department Head & Staff (30000026)

Salary Information: $177,377.20 - $221,803.40

Pay Scale Group: 14SA (CAN/S/N/14SA)

Employment Type: Regular

Weekly Hours: 35, Off Days: Saturday and Sunday Shift: Day

Posted On: April 10, 2025

Last Day to Apply: May 1, 2025

Reports to: Chief Information Officer

Benefits

The Toronto Transit Commission (TTC), North America's third largest transit system and recognized as one of the top places to work in the GTA has introduced its new 2024-2028 TTC Corporate Plan - Moving Toronto, Connecting Communities which continues the TTC's legacy of delivering service to hundreds of millions of customers a year. The TTC's new vision and mission statements also help promote the many environmental, social equity and economic benefits that the TTC provides:

Vision: Moving Toronto towards a more equitable, sustainable, and prosperous future.

Mission: To serve the needs of transit riders by providing a safe, reliable, efficient, and accessible mass public transit service through a seamless integrated network to create access to opportunity for everyone.

The full Plan can be viewed on ttc.ca.

Overview

The TTC recognizes the critical importance of cybersecurity and risk mitigation in protecting sensitive data, ensuring service continuity, preventing operational disruptions and maintaining public trust. In support of our Corporate Plan and to uphold our responsibility in providing secure and reliable services, the TTC is currently seeking a Chief Information Security Officer.

The Chief Information Security Officer (CISO) will serve as a visionary leader with the mandate to further transform our cybersecurity program, enhancing cybersecurity infrastructure, adopting advanced technologies, and continuously improving our risk management practices to stay ahead of emerging threats to ensure the highest level of protection.

Reporting directly to the Chief Information Officer (CIO), the CISO will be a pivotal member of the TTC Senior Management team, providing leadership and direction for Cybersecurity strategy and risk management.

Position Summary

The CISO will be responsible for developing and implementing the TTC's cybersecurity strategy and budget, addressing cybersecurity from a strategic perspective, translating technical risks into business risks for both technical and non-technical stakeholders.

They will lead the creation and implementation of a cybersecurity management framework and multi-year roadmap, articulating a clear vision, mission, and deliverables. The CISO will foster robust communication and collaboration with cybersecurity leadership at the City of Toronto and ensure compliance with municipal, provincial, and federal standards and regulations. Additionally, they will establish and maintain strong relationships with executive leadership at the City of Toronto and various business stakeholders across the TTC to develop a unified cybersecurity framework, strategy, and operating model that addresses risk at all levels of TTC's technology, personnel, and business processes.

Scope & Responsibilities

The duties of this role will include but are not limited to the below:

1. Lead the cybersecurity function across TTC to ensure consistent and high-quality cybersecurity management in support of TTC's corporate plan, organizational policies, and directives.
2. Develop and oversee a comprehensive cybersecurity vision, strategy, framework, and multi-year program plan aligned with TTC's priorities and business objectives. Ensure team engagement and senior stakeholder buy-in while providing tailored cybersecurity expertise and services to management and staff, detailing strategic goals, industry compliance, reporting mechanisms, budgets, and continuous improvement initiatives.
3. Manage the department budget, preparing financial reporting, operational plans and performance objectives for cybersecurity programs, technologies, and activities.
4. Guide enterprise technology leadership and Executives to prioritize security initiatives and spending based on relevant business risk, legislation and regulatory compliance, financial implications, and alignment with the corporate strategic plan.
5. Lead the identification, development, implementation and maintenance of technologies, processes, procedures, standards, and protocols across the TTC to protect the privacy, confidentiality, integrity and systems to reduce security risks and increase resiliency.
6. Monitor and evaluate program performance and health through quantitative or qualitative key performance indicators (KPIs) metrics and key risk indicators (KRIs) to gauge service effectiveness and efficiency. Participate in cybersecurity audits and assessments of the IT and OT environments.
7. Facilitate a cybersecurity governance structure through the implementation of a governance program, including the formation of a cybersecurity steering committee or advisory board.
8. Further enhance the cybersecurity incident response plan and ensure TTC is prepared to detect, respond, and recover from a cybersecurity incident.
9. Establish vendor relationships and develop outsourcing plans to meet potential demands where in-house skill-sets, resources, and technology are limited.
10. Prepare and present security and risk management reports to executive leadership and the Board.
11. Engage Municipal and/or Provincial stakeholders to exchange information and to provide input into joint issues as required.
12. Respond to and/or coordinate responses to inquiries or information requests made by TTC Commissioners, City Councilors and staff or other external parties as required.
13. Monitor the flow of work to ensure cybersecurity program activities meet quality and quantity standards and address cybersecurity risks at an enterprise level.
14. Promote a respectful work and service environment that supports diversity, inclusion, and is free from harassment and discrimination in accordance with the OHRC and AODA.
15. Perform all other related duties as assigned.

Key Skills & Expertise

1. Demonstrated experience and success in senior leadership roles in cybersecurity, IT, risk management, and/or operations technology security.
2. Hands-on cybersecurity experience directly leading teams through the establishment of security programs including architecture and design, policies, procedures, standards, controls, frameworks and metrics.
3. Extensive experience working in complex technical and organizational environments with a deep understanding of cybersecurity concepts, networks, applications, threat landscape, risk management, and technical knowledge of Operational Technology, Data Center and cloud technologies.
4. Working knowledge of legal requirements and common information security management frameworks - ISO 27001, ITIL, COBIT and NIST including 800-53.
5. Experience with contract/vendor management and negotiations.
6. Direct experience in designing and implementing an enterprise-wide multi-year cybersecurity roadmap; identifying scope, financial/budgetary requirements, prioritizing risks, scheduling and required resources.
7. Expertise developing reporting tools that deliver precise information on KPIs and KRIs.
8. Proven ability to assess, manage, monitor, and report cybersecurity risks (vulnerability management, penetration testing), as well as incident response and forensics.
9. Extensive experience in communicating security requirements and risks to non-technical staff, management, and key stakeholders.
10. Excellent interpersonal and communication skills to liaise with all levels, able to quickly establish rapport with various teams and departments.
11. Strong ability to manage and lead change, motivating teams and influence stakeholders.
12. Expert people leadership skills with ability to manage reporting managers and staff; to direct, coach, develop and manage performance of reporting senior leaders; to lead multi-functional teams that contribute to succession planning.
13. Understand the evolving nature of cybersecurity, able to pivot strategies based on new trends, technologies, and threats.
14. Industrial technology cybersecurity experience (SCADA, ICS) and/or transit cybersecurity experience would be an asset.
15. Must have or rapidly acquire a comprehensive knowledge of the Ontario Human Rights Code and Related Orders including disability accommodation and accessibility requirements pertaining to passengers and employees.

EDUCATION & PROFESSIONAL CREDENTIALS

1. Post-secondary degree in computer science, cybersecurity, information technology, IT management, business administration or a related field or equivalent combination of education and experience. MBA would be an asset.
2. Certified Information Systems Security Professional (CISSP) certification would be an asset.
3. Certified Information Security Manager (CISM) certification would be an asset.
4. Any additional cybersecurity, risk or audit certification(s) would be an asset.

CORE COMPETENCIES

1. Strategic Mindset & Decisive, Visionary Thinker
2. Hands-On Leadership Approach & Interpersonal Effectiveness
3. Adaptability & Change Management
4. Process-Driven & Results-Oriented

COMMITMENT TO EDI

The TTC is committed to upholding the values of equity, diversity, anti-racism and inclusion in the delivery of its services and in its workplaces. The TTC is committed to fostering a diverse workforce that is representative of the communities it serves at all levels of the organization, and supports an inclusive environment where diverse employee and community perspectives and experiences bring value to the organization. The TTC encourages applications from all applicants, including members of groups with historical and/or current barriers to equity, including but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the LGBTQIA+ community. The TTC values and supports an inclusive and barrier-free recruitment and selection process. Accommodations for applicants are available upon request throughout the recruitment and selection process, including for those who identify as having a disability. Please contact Talent Management at (416) 393-4570. Any information received related to an accommodation will be addressed confidentially.

The TTC's policy prohibits relatives of current TTC employees from being hired, assigned, transferred or promoted into positions, where there is a conflict of interest due to a relationship. Should you be selected for an interview, you will be required to disclose the name, relationship and position of any relative who is a current TTC employee.