Manager Application Security

Division: Office of the Chief Information Security Officer

Reports To: Director Cyber Threat Management

Salary Range: $140,350.00 to $182,614.00

Work Location: 55 John Street, Toronto

Job Type: Permanent Full Time

Shift Information: Monday to Friday, 35 hours work week

JOB SUMMARY:

To provide senior level strategic and tactical guidance to the Director Cyber Threat Management as well as the Chief Information Security Office (CISO) in the execution of its mandate to establish and maintain a City-wide cyber program to ensure the City is adequately protected.

To provide leadership, guidance and advice regarding the security of the City’s application portfolio.

To lead the development, deployment, and management of enterprise security solutions to mitigate existing and future security gaps within the organization.

To lead the remediation of vulnerabilities and the creation of solutions that couples business continuity with information and cyber security regulatory requirements.

To administer the unit’s financial and administrative responsibilities including the operating budget process, monitoring spending and revenues and directing the unit’s cyber information technology program services, communications, human resources planning and decisions, quality assurance and staff training.

To collaborate with other segments of the organization to manage City-wide cyber initiatives.

MAJOR RESPONSIBILITIES:

• Leads the strategy, roadmap, development of a comprehensive application security program.
• Identifies and implements enterprise security solutions to address known risks
• Collaborates with development teams and stakeholders to integrate security best practices into the software development lifecyle (SDLC).
• Oversees the execution of security risk assessments, vulnerability testing and code reviews.
• Prioritizes risks discovered along with remediation timeline(s).
• Monitors and reports on compliance with the related policies and standards.
• Proposes changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
• Prepares and deliver metrics, reports for senior management to show efficiency and compliance of security functions.

QUALIFICATIONS/CERTIFICATIONS:

• Post-secondary degree in Business or Technology or a related discipline.
• Over 7 years of senior level experience in Information Security.
• In-depth knowledge of application security principles, practices and tools.
• Strong experience with application solutioning, configuration and application security testing (e.g. SAST, DAST)
• Strong understanding of multiple information security platforms and able to solve complex issues.
• Extensive knowledge of security industry standards and best practices such as OWASP, ISO 27001 and NIST standards.
• Strong understanding of security risks, threats, and vulnerabilities and the judgment to assess and articulate risk effectively.
• Preferred Certifications (any in the list): CISSP, CSSLP, CISM

SKILLS:

• Ability to work in transformative programs.
• Excellent leadership and organizational skills and the ability to work effectively with all level of stakeholders.
• Motivated self-starter demonstrating integrity, initiative and innovation qualities.
• Strong analytical ability where problems are typically unusual and difficult.
• Strong analytical skills and ability to prioritise and multitask.
• Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
• Ability to make quick decision.
• Strong business acumen with budgeting experience.
• Excellent understanding of audit and compliance standards.
• Experience with the audit process and performing risk-based audits.
• Ability to work with the broader IT organization and business management to align priorities and plans with key business objectives.
• Demonstrated capacity to lead under pressure, make decisions in ambiguous situations and drive cross functional collaboration in a short period of time.
• Demonstrated influence and persuasion skills, able to present to senior levels.
• Strong understanding of the business impact of security tools, technologies and policies.
• Ability to handle ambiguity and make decisions and recommendations with limited data
• Ability to prioritize and effectively manage competing priorities and projects.
• Ability to manage multiple initiatives while adhering to strict deadlines.
• Excellent communication and active listening skills with an aptitude for extracting and synthesizing complex information.
• Exceptional written and oral communication skills.
• Transferable skills, like communication and decision-making, are equally important.
• Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.
• Must be able to travel to all City of Toronto’s office locations and outside city/country for conferences if required.

ADDITIONAL COMMENTS/INFORMATION:

A normal work week is 35 hours; however, in case of a cyber incident or breach, extended hours may be required with little or no prior notice.

*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

ACCOMMODATION

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.