Lead, Cyber Security & Cloud Engineering

Lead Cyber Security & Cloud Engineering

Location: Toronto661 University

Department: Digital and Cyber Security Engineering and Applications

Accountable for leading and managing the design and implementation of Public Health Ontarios (PHO) cyber security and cloud systems to ensure the security confidentiality integrity and availability of digital and data assets.
To collaborate closely across PHO and within the Digital and Data portfolio to provide thought leadership orchestration implementation and operational support for a robust and resilient cyber security control framework.
To provide expertise and advice to management on security strategy posture and best practices across PHO and with external organizations.

Key Responsibilities

• Provides leadership and technical expertise to the full lifecycle management of technical security and cyber security controls including planning implementing managing monitoring testing and improving effectiveness.
• Develops and improves policies standards processes and strategies for the identification and prioritization of threat remediation as well as processes and methodologies for metrics and KPIs related to protections security and compliance.
• Provides advice and support to the Manager Director and CIO level in understanding leading and emerging cyber security concepts.
• Supports the Manager by providing cyber security and cloud engineering expertise and input to strategic planning.
• Sets security requirement and influences and guides senior subject matter experts across various business application and technology domains and with external partners related to execution of security requirements vision best practices and principles. Provides support to technical assessments and penetration tests.
• Coaches developers IT operations and architects about latest security threats and landscape as well as introducing tools and techniques as needed controls for securing PHOs digital assets data and operation.
• Works closely with Finance Legal and Privacy teams to translate security and privacy control requirements into technology solutions and works with management to advise on cyber security incidents and liaises for forensic investigations and sensitive matters affecting PHO.
• Leads the analysis of proposed solution architectures technology design and IT development processes to identify potential threats and vulnerabilities and to recommend options that enhance the security of solutions and business processes. Identifies issues and analyzes and recommends options for risk management at appropriate levels within PHO and with external partners.
• Ensures that digital solutions are robust and protect PHOs digital and data assets against persistent threats.
• Ensures that the organizations data and infrastructure are protected by enabling the appropriate security controls. Monitors vendors and other service providers and takes appropriate action to ensure compliance with PHOs cyber security standards and controls.
• Ensures PHOs cloud systems are secure through good practice and effective cyber security capabilities. Implements and monitors security controls in cloud environments.
• Oversees and provides guidance to the Cloud Engineer and M365 Engineer ensuring alignment with the overall cyber security and cloud engineering strategies and the implementation and maintenance of robust security controls in their respective areas.
• Leads and provides guidance to the Cloud Engineer in the design implementation and management of secure cloud infrastructure ensuring compliance with industry best practices and troubleshooting and resolving cloudrelated security incidents.
• Leads and provides guidance to the M365 Engineer to ensure the secure deployment and management of M365 services and the integration and monitoring of security features to ensure their effectiveness.
• Leads and ensures troubleshooting of security and network problems with an eye toward detecting anomalies and potential security incidents.
• In conjunction with Digital and Cyber Security operations responds to security incidents and breaches. Supports the Enterprise Technology & Cyber Security Operations team with threat hunting and analysis of suspicious security events and incidents.
• Takes a leading role in various PHO security initiatives providing security expertise facilitating collaboration and furthering PHOs security objectives.
• Leads the development and maintenance of continuous vulnerability management capabilities testing and identifying network and system vulnerabilities
• Implements and champions security automation including scripts and automation processes to improve control integration monitoring and streamline security tasks.
• Fosters a collaborative environment between staff and other departments to ensure seamless integration of security practices across all digital assets.
• Communicates effectively with stakeholders to provide updates on security initiatives and address any concerns
• Participates in all levels of the procurement process.
• Stays current with the latest tends threat landscapes and best practices and recommends innovative technologies to improve security operations allowing for proactive threat detection and improved efficiency across the organization.
• Stays abreast of provincial federal and international security attack tools Tactics Techniques and Procedures (TTPs) and secure operating trends.
• Be a point of contact for subject matter expertise by developing maintaining and evolving relationships with external organizations and communities of practice toward the betterment of cyber security.
• Manages staff congruent with PHO internal policies and procedures professional standards Collective Agreement requirements and other relevant standards legislation or regulations including: providing direction and leadership in the implementation of new techniques and standards; assigning staff and implementing work/vacation schedules setting clear responsibilities and objectives evaluating performance advising on training needs participating on recruiting/selection of staff dealing with disciplinary issues and responding to grievances in conjunction with PHO Human Resources management programs. Builds and leads a team of multidisciplinary staff who support PHOs activities.

Knowledge and Skills

• Advanced knowledge of security principles issues techniques and implementations across security platforms.
• Advanced knowledge of cyber intelligence analytical methodologies tools and techniques.
• Strong understanding of Cloud environment security monitoring components.
• Strong ability to work on and prioritize multiple concurrent projects while meeting aggressive deadlines in a fastpaced environment.
• Strong problemsolving and analytical skills to proactively identify and resolve complex securityrelated problems and to navigate and resolve diverse technical challenges.
• Project management skills.
• Experience in healthcare scientific government organizations desirable
• Broad knowledge of legislative boundaries and privacy regulations unique to Ontario and Canada.
• Awareness and understanding of complex geographical multilingual and multiequity considerations specific to Ontario.
• Strong comprehension of patient safety considerations when working with digital systems.
• Applied knowledge of Ontario Public Sector procurement legislation policies and practices.

Education and Experience

• Undergraduate degree in computer science engineering IT; or equivalent experience.
• Minimum 10 years experience in progressive technology roles.
• Minimum 5 years experience in roles with Cyber Security and Information Security job responsibilities (e.g. architecture incident response vulnerability management etc.).
• Minimum of 5 years of cloud infrastructure experience preferably Azure and/or AWS.
• Proven experience working with technical safeguards such as: Web Application Firewalls extensible Detection & Response (XDR) Next Generation Firewalls Security Information Event Management (SIEM) and other modern technical controls.
• Relevant industry certifications or working towards (e.g. CISSP CISA) strongly desired.

Attributes and Competencies

• Leadership and consultation skills to provide expertise direction and advice on cyber security strategies policies and programs.
• Influencing skills to drive the adoption of security solutions ensuring scalability operational efficiency and compliance with security standards.
• Collaboration skills to provide cyber security and cloud engineering expertise and input to strategic planning.
• Verbal and written communication and presentation skills often as the senior authoritative expert on cyber security to promote or influence PHO decision making with colleagues across the organization.
• Presentation skills to communicate complex technical information or concepts to a variety of executives and stakeholders at varying levels with the ability to describe technical concepts to nontechnical audiences. Collaboration skills to develop collaborative business relationships with external contacts critical to the work of PHO.
• Proactively identifies and/or anticipates opportunities and initiatives for optimum quality services/programs for the department.
• Partners with government (e.g. Ontario Government Cyber Security Division) agencies (e.g. Ontario Health) Canadian Centre for Cyber Security (CCCS) and other external groups to ensure a strong network of shared cyber support and knowledge.
• Builds networks both across PHO and externally to negotiate and resolve conflicts that have a critical impact on both the departments goals and strategic direction and mandate of PHO.
• Promotes and leads the operational implementation of new Cyber Security strategies directions and practices.
• Accountable for advising management with current and relevant expertise during cyber security incidents.
• Attention to detail ongoing strong professional acumen and maintained expert level knowledge.
• Coaches all leadership levels with respect to cyber security technical controls and guides management during incident response.
• Coaches developers IT operations and architects about latest security threats and landscape as well as introducing tools and techniques as needed controls for securing PHOs digital assets data and operation.
• Provides cyber security subject matter expertise across PHO including leadership of various senior level committees.

Duration: Permanent

Hours of Work: Full time 36.25 hours per week

Compensation Group: Team Leader

Posting Date:

Closing Date:

Please note: applications will be received no later than 11:59pm on the date preceding the closing date as indicated on the Job Requisition.

Note: Internal candidates will be considered first.

While we thank all applicants for their interest only those selected to move forward in the recruitment process will be contacted. Any information obtained during the course of recruitment will be used for employment recruitment purposes only and not for any other purpose.

PHO is committed to ensuring equity in employment. Our goal is to create a diverse inclusive workforce that reflects the communities we serve and to ensure our services and communications are accessible to all individuals. Any candidate who requires a job posting in an alternative format may email a request to Once an applicant has been selected for an interview they can inform PHO about any accommodations they may require at any stage of the interview process.