Chief Information Security Officer, Information Technology

Position Purpose Reporting to the Chief Information Officer, the incumbent is responsible for establishing and maintaining the institution's vision, strategy, and programs to ensure information assets and technologies are adequately protected. This role involves strategic leadership, risk management, stakeholder engagement, and fostering a strong security culture within the institution. The CISO recommends and oversees monitoring of computing practices to prevent and recover from security breaches, and directs the handling of security incidents when breaches occur. The incumbent governs the cybersecurity strategy and ensures the institution and its partners adhere to adopted standards and best practices throughout IT operations. The primary mandate is to protect the confidentiality, integrity, and availability of enterprise IT assets and data university‑wide.

Responsibilities

Strategic Leadership:

Develop and implement a comprehensive information security strategy that aligns with the institution’s business goals and objectives.

Ensure security considerations are integrated into all aspects of the institution’s operations.

Ensure the cybersecurity strategy is compliant with relevant laws, regulations and policies.

Risk Management:

Identify, assess, and mitigate security risks at a strategic level.

Develop and implement IT risk management frameworks and ensure compliance with relevant regulations and standards.

Stakeholder Engagement:

Engage with key stakeholders, including senior executives, board members, external institutions, and other partners, to communicate security risks and strategies.

Ensure that security is a top priority across the institution.

Liaise with provincial research network (ORION) and national cybersecurity agencies (CanSSOC, CCCS), higher education consortia (e.g., CUCCIO, CANARIE), and peer institutions to share best practices, align the organization’s cybersecurity strategy to the national strategy, and stay informed on emerging threats.

Innovation and Emerging Threats:

Continuously monitor the threat landscape and evaluate new risks.

Ensure the institution is prepared to respond to evolving security threats by creating strategic action plans to mitigate these risks.

Security Culture and Awareness:

Foster a strong security culture within the institution.

Develop and implement security awareness programs and train employees, external partners, students, and other collaborators on security best practices.

Collaboration and Coordination:

Collaborate with other institutions, faculties, services and teams to ensure security is integrated into all projects and initiatives.

Work closely with IT, legal counsel, privacy office, risk management office, and other teams to ensure security considerations are taken into account.

Qualifications

University degree or college diploma in Computer Science, Computer Engineering, or a related IT discipline.

Certification in the field of information security is considered an asset, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

Proven experience in planning, organizing, and developing IT security system technologies.

Experience in planning and executing security policies and standards development.

10 years’ experience in areas related to IT security and IT security domain expertise, including two years in a significant leadership role.

Understanding risk‑based approaches, regulatory and compliance issues.

Proven track record and experience in developing information security policies and procedures, and successfully executing programs that meet the objectives of excellence in a dynamic environment.

Excellent business and technological acumen, leadership style, and organizational skills suited to an environment where multiple projects are run concurrently.

Ability to lead and motivate cross‑functional, interdisciplinary teams to achieve tactical and strategic goals.

Knowledge of ISO 27000 series, ITIL, COBIT/Risk IT and NIST.

Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes‑Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.

Excellent communications and interpersonal skills.

Bilingual French and English (spoken and written).

Key Competencies

Planning – Organize in time a series of actions or events to realize an objective or project. Plan and organize own work and priorities in daily activities.

Initiative – Demonstrate creativity and initiative to suggest improvements and encourage positive results. Proactive and self‑starting. Willing to go above and beyond.

Client Service Orientation – Help or serve others to meet their needs. Anticipate and identify needs of internal and external clients and find solutions.

Teamwork and Cooperation – Cooperate and work well with other team members to reach common goals. Accept and give constructive feedback. Adjust behaviour to reach team goals.

Equal Employment Opportunity Statement The University of Ottawa embraces diversity and inclusion in the workplace. We are passionate about our people and committed to employment equity. We foster a culture of respect, teamwork and inclusion, where collaboration, innovation and creativity fuel our quest for research and teaching excellence. While all qualified persons are invited to apply, we welcome applications from qualified Indigenous persons, racialized persons, persons with disabilities, women and LGBTQIA2S+ persons. The University is committed to creating and maintaining an accessible, barrier‑free work environment and to providing accommodations for applicants with disabilities during the recruitment, assessment and selection processes. Applicants with disabilities may contact hrtalentmanagement@uottawa.ca to communicate the accommodation need. All qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority.

#J-18808-Ljbffr