Manage a team responsible for the delivery of overall the Information Security Program to protect the confidentiality, integrity and availability of WSIB information systems through:

• Security governance, risk and compliance
• Oversight of 3rd party managed security services providers
• Information security consulting & advice to internal & external stakeholders regarding all aspects of information systems security
• IT security strategies, architectures, procedures and software that safeguard access to WSIB data
• Leadership of Information Security Risk Management and compliance enforcement audits
• Information Security policies and information security awareness campaigns
• Delivery of security awareness campaigns and courses to raise overall staff awareness
• Delivery of security risk assessments and providing expert advice on remediation recommendations

Lead and manage the relationship with Managed Security Services Partner including managing, service level agreements, performance metrics, budget and spend rates and performing vendor management governance.

Provide technical expertise, advice and leadership to team members, WSIB management, internal and external stakeholders.

Provide technical expertise on forensics practices, investigation processes, evidence collection and reporting.

Develop and maintain communication linkages and relationships both internally with (ITC Management Team, ITC PMO, Human Resources, Legal Dept. & Privacy Office, Regulatory & Audit, Business Transformation Project teams, Service Delivery Lines, etc.) and externally with various business partners, (vendors/providers, 3rd party audit firms, other ministries, agencies & associations, etc.).

Major Responsibilities:

Plan, manage and control the activities of section which includes annual planning of projects and priorities, identifying resource requirements, allocating work, recruiting, establishing performance objectives, conducting performance reviews, and providing guidance and feedback to staff. This includes:

• Working collaboratively with our security and risk partners, stakeholders and customers
• Providing technical expertise and direction to staff when required
• Identifying and addressing blockers, inefficiencies and other issues to effective service delivery
• Participating as a member of the Branch’s management team in the development of branch goals and objectives in support of the divisional and corporate goals and objectives
• Develop and communicate talent management plans to ensure proper skills development for all staff and succession planning for branch
• Deliver and communicate performance development plans annually for all staff to align to overall branch commitments and ITC values and culture
• Participate/evaluate procurement requirements for the branch ensuring compliance to corporate policies and practices.

Lead and manage the delivery of the overall IT Security Design and Governance program as developed with the Director, IT Security and Risk Mgmt.

• Manage IT Security Design and Governance team
• Provide resources to projects to ensure security best practices are implemented
• Develop, maintain, communicate and ensure compliance of all IT security policies, standard and processes
• Develop and deliver IT security awareness training including annual assessments of staff
• Oversee the development of the IT Forensics program ensuring alignment to best practice and building relationships with both external and internal partners such as Labour relations, Legal and Stakeholder Compliance Services
• Own and manage the Security Risk Assessment process to provide oversight and governance over project and day-day activities from a IT security perspective
• Develop and maintain communication linkages and relationships both internally with (ITC Management Team, ITC PMO, Human Resources, Legal Dept. & Privacy Office, Regulatory & Audit, Business Transformation Project teams, Service Delivery Lines, etc.) and externally with various business partners (vendors/providers, 3rd party audit firms, other ministries, agencies & associations, etc.) to discuss and resolve issues, and exchange information of mutual concern.
• Develop and administer section operating budget, authorize expenditures and report on variances from approved plan. Recommend expenditures outside budget for approval.

Ensure risk management, quality management and continuous improvement systems are established to analyze and evaluate the effectiveness and cost benefit of services and programs.

Review and assess the effectiveness of the security program against the objectives set out by the Director, IT Security and Risk Management.

1. Education requirements:

• College diploma in computer science or IT management
• University degree (Bachelor or MBA) in computer science, information security or information systems management
• CISSP - ISSMP: Information Systems Security Management Professional
• CISSP, CISM
• CRISC
• SANS / GIAC
• Cisco CCNA Security
• Comp TIA Security +
• Microsoft Certified IT Professional
• Technical training/certificates;

o Security tools
o Business security practices and procedures;
o Hardware/software security implementation;
o Encryption techniques/tools; and Various communication protocols

1. Experience:

Minimum Experience Required

• 5-10 years information security experience
• Knowledge of relevant standards; ISO/IEC 27002, ITIL, GO ITS,

Preferred Experience

• Information security experience 15 yrs

Our commitment to equity, diversity and inclusion

We respect and value the diversity of our people. We strive to create an environment where employees can be themselves and where our differences are celebrated.

We value and celebrate diversity and are committed to creating inclusive experiences for both our employees and prospective employees. We invite all interested individuals to apply. If you require accommodations in order to apply to this position please contact talentacquisitioncentre@wsib.on.ca. If you are invited to participate in the interview or assessment process, you can advise our Recruiter of your accommodation needs at that time.

Please visit our EDI Vision to learn more about what actions WSIB are taking to advance our commitment to equity, diversity and inclusion and to support all employees participating and contributing to their full potential

Disclosing conflicts of interest

As public servants, employees at the WSIB have a responsibility to act in an ethical way at all times to create a respectful workplace and maintain public trust. Job applicants are required to disclose any circumstance that could result in a real, potential or perceived conflict of interest. A conflict of interest is any situation where your private interests may impair or be perceived to impair the decisions you make in your official capacity. This may include: political activity, directorship, other outside employment and certain personal relationships (e.g. with current WSIB employees, customers and/or stakeholders). If you have any questions about conflict of interest obligations and/or how to make a disclosure, please contact the Talent Acquisition Centre at talentacquisitioncentre@wsib.on.ca.

Privacy information

We collect personal information from your resume, application, cover letter and references under the authority of the Workplace Safety and Insurance Act, 1997. The Talent Acquisition Centre and WSIB hiring parties will used this information to assess/validate your qualifications, determine if you meet the requirements of vacant positions and/or gather information relevant for recruitment purposes. If you have questions or concerns regarding the collection and use of your personal information, please contact the WSIB’s Privacy Office at privacy_office@wsib.on.ca. The Privacy Office cannot provide information about the status of your application.

As a precondition of employment, the WSIB requires that prospective candidates undergo a criminal records name check any time before or after they are hired.

To apply for this position, please submit your application by the closing date.