The Information Security Risk and Compliance Specialist is vital role responsible for designing and implementing an overall information security risk and compliance management process for the University. The incumbent will manage the process of gathering, analyzing, and assessing the current and future information security and privacy threats to the University. He/she will focus on delivering the objectives within the University’s information security strategy as well as enhancing a security program that identifies and addresses security and privacy risks and requirements.
The incumbent works with various stakeholders across the University to drive the information security agenda, ensuring it meets complex compliance requirements, as well as maintaining, monitoring, and promoting information security best practices. He/she acts as a specialist with a deep knowledge of various security risk management and compliance frameworks and plays an integral role ensuring security controls and requirements are incorporated into all information technology projects and initiatives.
The University has been recognized as one of the National Capital Region’s top employers in 2019. The main campus, located at the heart of Ottawa’s downtown core, gives you access to a range of services, including fitness facilities and popular food outlets. As an employee, you will be working in a multicultural environment that fosters diversity, inclusion, respect and appreciation. To encourage you to feel at home, the University has created a work environment that promotes health and well-being and facilitates a healthy work-life balance.
Information Technology is a dynamic and collaborative environment. We are focused on prioritizing and optimizing technological investments that facilitate the best student experience, as well as the activities of faculty, researchers and staff. Our greatest strength are the people working with us. People like you, professionals eager to flex their intellectual muscle and achieve new heights in their career. Working here gives you access to a great IT environment, rich with a diverse range of platforms, products, and services. This is a place where innovative ideas are welcome.
In a nutshell: working here is challenging and rewarding. It’ll bring out the best of you. We want people that have the drive to advance IT in higher education. We have the technologies to keep your inner fires burning, and benefits that can help you sustain a better lifestyle. And all this minutes away from gyms, the Byward Market, downtown, and the Rideau Canal at lunch time for runners and skaters.
University degree in Computer Science or Information Technology or a related field or an equivalent combination of education and experience;
Minimum of 7+ years of information security, IT audit and/or IT Risk Management experience
Expert understanding of NIST and ISO Risk Management Frameworks, ITSG-33, NIST CSF, ISO 27002, COBIT, SOC 2, and other relevant frameworks.
Experience with cloud security assessments (AWS, Azure, GCP, etc.).
Experience with risk discovery and assessment, as well as appropriate mitigation and controls.
Good knowledge of the latest trends in information security and risk management, e.g. evolving technologies, cyber risk mitigation, etc.
Experience of auditing IT environments, either through an internal or external audit role.
Broad knowledge of IT architecture and underpinning technologies including but not limited to: identity and access management, cloud hosting providers, database administration.
Experience designing and supporting large-scale, end-to-end information security systems in a complex, both on-premises and cloud hosted, multi-platform environment;
Knowledge of security technologies such as various monitoring and log aggregation platforms, penetration testing frameworks, operating systems, vulnerability scanners, and endpoint security solutions;
Leadership skills, ability to coach and mentor other IT professionals;
In-depth analytical skills for complex problem solving – identification, diagnosis, resolution;
Knowledge of the University’s information technology and security policies, procedures and standards would be considered an asset;
Experience in project management and meeting strict deadlines;
Good communication skills to interact with team members, support personnel, and provide technical guidance and expertise to clients and management;
CISSP or CRISC or other information security certifications is an asset;
Ability to work a flexible schedule including occasional weekends and evenings.
Bilingual: French and English (spoken and written)
Key competencies required at the University of Ottawa:
Planning: Organize in time a series of actions or events in order to achieve an objective or a project. Plan and organize own work and priorities in regular daily activities.
Initiative: Demonstrate creativity and initiative to suggest improvements and encourage positive results. Be proactive and self-starting. Show availability and willingness to go above and beyond expectations whenever possible.
Service Excellence: Reflect a positive attitude, demonstrate competence and professionalism, treat members of the community with respect, exercise care, devote full attention and find solutions. (Visit the section "Useful links" on the home page to read the detailed definition).
Teamwork and Cooperation: Cooperate and work well with other members of the team to reach common goal. Accept and give constructive feedback. Adjust own behaviour to reach team goals.
All qualified candidates are invited to apply; however, preference will be given to Canadian citizens and permanent residents. The University of Ottawa is an equal opportunity employer. We strongly encourage applications from women, Aboriginal peoples, persons with disabilities and members of visible minorities. If you are invited to continue the selection process, please notify us of any particular adaptive measures you might require.
This position is excluded from all union accreditation units. All applications will be considered equally. Priority will be given to employees who have an entitlement as defined by their collective agreement or university policies. This posting may appear simultaneously on external websites. Schedule with an average of 35hrs/week. Workshops offered by Leadership, Learning and Organizational Development that you have taken may be considered an asset if you apply for a position at the University. Don’t forget to list them on your CV. We thank all candidates for applying. We will only contact candidates selected for further consideration. Any information you send us will be handled respectfully and in complete confidence. Remember to upload a copy of your diploma(s) or a certificate of merit as well as a current version of your CV into the My documents section of your career profile (please include the job ID number, i.e. J0000-0000, in the title of your document).