Senior Manager, Cybersecurity

ABOUT US
Almost 1.2 million residents call York Region home making it one of the largest regions in Canada and the fastest growing with a population thats expected to grow to more than 2 million by 2041. Our geography which is comprised of about 1800 square kilometers over nine different municipalities is as beautiful interesting and diverse as our people. Local government is organized in a two-tier structure and we work together with our local municipalities to provide residents and businesses access to a broad selection of services and resources.

WHAT WE OFFER
Consistently named one of Canadas Best Employers by Forbes we offer a collaborative progressive workplace that takes pride in our organizational culture and is committed to living The 13 Factors of Psychological Health and Safety in the Workplace aligned with our vision to create strong caring and safe communities both within and outside our walls.

• Defined Benefit Pension Program - With the Ontario Municipality Employees Retirement System (OMERS) defined benefit pension plan you can confidently retire knowing that you will have income for life. Eligibility from date of hire as a full-time employee and includes employer-matched contributions.
• Employer of Choice - Recognized as the highest-ranking government employer in Canada and fourth overall among 300 organizations.
• Benefits and Wellness - Employees and their loved ones have access to a comprehensive employer-paid benefits plan that includes extended health dental and life insurance access to a 24/7 Employee and Family Assistance Program and corporate discounts and purchase plans for day-to-day products and services.
• Inclusive and Diverse Workforce - Were committed to fostering an environment that celebrates all dimensions of diversity and ensures everyone can develop to their full potential participate freely in society and live with respect dignity and freedom from discrimination. Our robust Inclusion Diversity Equity and Accessibility program continues to grow and has been recognized by the United Nations and many other organizations for our leadership.
  

WHAT YOULL BE DOING

• Lead the Development and implementation of a comprehensive information security strategy aligned with business objectives and industry best practices encompassing policy development threat intelligence risk management incident response cybersecurity training and data protection.
• Lead the establishment of overarching security architecture principles such as zero trust and micro-segmentation in partnership with Enterprise Architecture guiding technical teams in designing resilient scalable infrastructures.
• Direct the development and integration of strategic identity access management policies including federated identity multi-factor authentication and role-based access controls across all systems.
• Lead the development and implementation of cloud security strategies ensuring robust access controls and monitoring mechanisms for cloud environments.
• Monitor and stay current on emerging threats and changes to the cyber threat landscape to provide strategic guidance and advice to senior leadership around maintaining a robust cyber posture to protect the Region
• Lead the development of and implement a continuous security assessment framework leveraging independent audits vulnerability testing and red-teaming exercises to validate alignment with security objectives that covers the different infrastructure technologies information systems and operational technologies used at the Region.
• Continuously evaluate emerging security technologies trends and standards driving innovation and adoption of new security solutions that mitigate potential risks and align with the organizations risk tolerance.
• Establish Key Performance Indicators (KPIs) and metrics to track the effectiveness of the security program support the Director in reporting to senior leadership driving continuous improvement.
• Lead the design and selection of security platforms automation capabilities and operational use cases to enhance the efficiency and effectiveness of security operations.
• Develop strategies for endpoint detection and response API and network security container security vulnerability management and Infrastructure as Code security.
• Implement maintain and renew appropriate security vendor support contracts and purchase requisitions to ensure a high level of systems availability.
• Collaborate with development teams to integrate security throughout the Software Development Life Cycle (SDLC).
  

WHAT WERE LOOKING FOR

• Successful completion of a University Degree in a related field or approved equivalent combination of education and experience.
• Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) or equivalent.
• Minimum seven (7) years of experience in cybersecurity or information security roles including a minimum of three (3) years of direct experience managing cybersecurity teams and projects.
• Strong understanding of networking and cybersecurity architecture across both on-prem and cloud environments.
• Solid understanding of modern programming or scripting (e.g. Python) to guide automation strategies.
• In-depth knowledge of container security API security endpoint management security and Infrastructure as Code.
• Leadership ability to motivate staff and foster a positive team environment and a culture of security awareness.
• Supervisory and human resource management skills including knowledge of collective agreement administration and interpretation labor relations principles and practices and relevant employment legislation.
• Ability to make decisions under high pressure and tight timelines.
• Demonstrated knowledge of relevant legislation standards acts and regulations.
• Ability to demonstrate the Regions leadership and corporate core competencies.