JOB SUMMARY

You are responsible for establishing and maintaining a corporate wide information security, privacy and digital risk management program that balances the need to protect the business with the need to run the business, and that supports defensibility in regulatory actions. As a business leader with expertise in IT security, risk and privacy, you are also responsible for advising and influencing executive management and city departments on strategic issues relating to information security, risk and privacy in a manner that meets compliance and regulatory requirements and balances the operational business needs and risk posture across all business lines of the City of Ottawa.

In addition, you oversee all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information, in compliance with the organization's information security policies. You create policy, practices and guidelines for the organization and proactively work with business units to implement practices that meet these defined policies and standards for information security and privacy. You hold the primary accountability to identify, assess and mitigate the risk of compromise, and in cases of a cyber breach or attack, you will lead the crisis to resolution.

You are also responsible for developing and monitoring operating budgets, and for managing the full human resources component of the unit.

EDUCATION AND EXPERIENCE

Completion of 4 year university degree in Computer Science, Management Information Systems, Engineering, or related discipline. Additional training in the area of information and network security.

Minimum of 10 years of experience in risk management related fields with broad experience across various IT disciplines, including a minimum of 5 years managing/leading information security programs within a large (10,000+ base), complex environment.

Experience in the development and delivery of business support strategies/program activities, the management of human resources and external contract resources, and the management of operating and capital budgets, preferably in a unionized, municipal setting.

CERTIFICATIONS AND LICENCES

KNOWLEDGE

• Knowledge of business environment with sound business management expertise and working knowledge of information security technologies.
• Principles, practices, methods and techniques of security management including: risk management, threats, risks and vulnerabilities; disaster recovery procedures and business continuity, regulatory and legal compliance, privacy.
• Trends and directional developments in IT security as they apply to establishing and executing security solutions to meet enterprise objectives.
• Business relationship management and internal consulting concepts and practices.
• Principles, practices, methods and techniques applicable to long-range and strategic security planning.
• Technology trends and best practices related to architecture, governance, innovation and security.
• Project management tools and techniques, including project cost accounting and project change management and control.
• Principles, methods and best practices in the development and operations of project and portfolio management functions.
• The City of Ottawa and its policies and procedures.
• Legislation, policies, regulations and guidelines relevant to security standards, acceptable risk levels.
• Development and implementation of long range and short-term strategies for Security functions.
• Management principles, planning, budgeting and supervision techniques and practices.
• Economic and statistical analysis and research techniques.
• Policy and program analysis, development, implementation and evaluation techniques.
• Performance measurement and management practices
• Financial management, budget development and control and other related business practices.
• Project management and evaluation – principles and practices.
• Service Level Agreements, Purchase of Service Agreements and Professional Services Contracts.
• Corporate and Departmental functional authorities and service providers, and Centres of Expertise.
• Working knowledge of corporate human resource policies, practices and collective agreements related to managing in a unionized environment, including hiring, dismissal, performance management and the grievance procedure.
• Methods used to deal with the media in a professional manner.
• Protocols for developing of briefing notes, technical and legislative reports and submissions to project stakeholders, procedures manuals, process streamlining initiatives.
• Must possess the training, experience and knowledge to organize the work and its performance.
• Must be familiar with applicable health and safety legislation, have knowledge of any potential or actual danger to health or safety in the work place, and have knowledge of appropriate actions to be taken in order to ensure the health and safety of staff in accordance with applicable legislation and City policies and procedures.

COMPETENCIES, SKILLS AND ABILITIES

Core Behaviours
Core behaviours define the City’s expectations of the behaviours employees should demonstrate in performing their work. They are reflective of the City’s culture and values and guide all our present and future activities. Every employee is encouraged to learn, embody and demonstrate these core behaviours.

Review the Core Behaviours.

Leadership Competencies
The City has defined key competencies that leaders are expected to embody and demonstrate to successfully move the organization towards achieving its strategic objectives and create an organizational culture that supports and empowers employees to excel, grow and reach their full potential. These leadership competencies and associated behaviours are expected to be demonstrated by leaders at all levels of the organization.

Review the Leadership Competencies.