Job Description

No.: CUPE C-23-0240UE
POSTED: October 17, 2023 DEADLINE: 4:30 p.m. October 31, 2023 Analyst I, Cyber Risk and Audit Management
1 \xe2\x80\x93 Permanent Position Information Technology Services
CUPE Local 4400 Unit C \xe2\x80\x93 Grade O (12 Month) $44.90 \xe2\x80\x93 $53.10 per hour The Toronto District School Board adheres to equitable hiring, employment and promotion practices. Reporting to the Senior Analyst, IT Security Risk and Audit, the Analyst 1, Cyber Risk and Audit
Management will conduct cyber risks assessments and audits in accordance with the TDSB risk
tolerance level and in collaboration with the FOI office to ensure the safety and security of the
students and staff and TDSB technology assets. Summary of Duties:
Perform cyber risk assessments in collaboration with the FOI office to incorporate privacy assessments in the final risk assessment report;
Conduct audit assessments and provide reports to stakeholders;
Facilitate meetings to review the completed risk and audit assessments;
Collaborate with Threat and Vulnerability Management team to ensure the disposition of risks, and with third party risk assessment service to investigate cloud services risks;
Identify potential cyber risks and weaknesses of cloud and online services;
Research, recommend, evaluate and implement security solutions that will mitigate TDSB security risks; report security exposures and recommend mitigative controls, as required;
Develop and maintain risk and audit management processes to meet service level expectations;
Support the development and maintenance of security and risk management policies, standards and guidelines;
Collaborate with all stakeholders, including departments to ensure appropriate controls are implemented to address cyber risk management issues, risk assessment requests and audit assessments;
Perform administrative tasks to maintain efficacy of the Risk Management Program;
Maintain the currency of various risk documents, forms and registers;
Assist in the development and delivery of cyber security awareness programs, simulations, table-top exercises and learning opportunities;
Assist in facilitating security governance programs with other IT operational units to convey risks arising out of enterprise, cloud and social computing environments;
Provide support to IT security projects as required; and
Perform phishing simulation campaigns;
Other related duties as assigned. Qualifications:
University degree in information technology or a related field with three years progressive work experience in cyber operations, risk and audit management in a large public sector environment, or an
equivalent combination of education and experience; CRISC or related certification;
Training and experience in conducting IT compliance and security audits;
Experience in developing information security programs and practices;
Experience in conducting cyber risk assessments, with focus on performing impact assessments on AI/ML technologies.
Experience establishing security and risk management frameworks, principles and, methodologies;

Understanding of security and risk management implications of the contents and intent of the production
environment and service level agreements; Understanding of IS information/process/technology and associated security architectures;
Understanding of system technologies, including hardware, operating systems, database and application software;
Knowledge and experience in project management methodologies, workload forecasting, documentation and performance standards;
Strong interpersonal and oral/written communication and presentation skills;
Excellent analytical, organizational and problem-solving skills;
Proven ability to work under pressure and consistently meet deadlines;
Knowledge of related TDSB policies and procedures and pertinent legislations; and
Demonstrated ability to handle matters requiring diplomacy, sensitivity and confidentiality.

Assets: Training and technical certification in Global Information Assurance in the following areas: security
leadership, risk management, information security, perimeter protection, endpoint protection, enterprise
defence, critical controls, system and network auditing, application security, ethical hacking Certification in one or more of the following: CISSP, CISA, CCSP, CEH, OCSP.
Experience performing privacy impact assessments (PIA).

Special Requirements: Available after hours where there is cyber security incident being mitigated.

Location: 1 Civic Centre Court (Wheelchair Accessible) (Hybrid Work Eligible)

Hours: 35 hours per week

Work Year: 12 Months

Please note:
Applications must be submitted:
1. In r\xc3\xa9sum\xc3\xa9 form with a covering letter as one single document to Application.Submission@tdsb.on.ca
2. With competition # CUPE C-23-0240UE in the subject line
3. Apply no later than 4:30 p.m. on October 31, 2023

Only applicants selected for an interview will be contacted. Applications will not be acknowledged in writing.

We strive to meet the accommodation needs of persons with disabilities. Applicants are
encouraged to make their needs for accommodation known in advance during the hiring process.

The TDSB follows a hybrid work structure where some employees may be able to work remotely at times, based on operational requirements. Please refer to Policy P103, Flexible Working
Arrangements for more information.