Job Description

Reporting to the Chief Technology and Innovation Officer, the Senior Director, IT Security & Risk Management is responsible for the design, development, monitoring, management, and execution of WSIB's overall IT Security, data privacy and security, and Risk Management.This role is responsible for owning, developing, communicating and implementing the organizational IT Security Program by institutionalizing overall IT security including systems and infrastructure security, data privacy and security, proactive threat hunting, data loss prevention, cloud security, forensics and Managed Security Services; and IT risk management activities including IT related general controls, regulatory compliance as it applies to IT, business continuity and disaster recovery.
This role works closely with the Real Estate and Facilities Management Branch (REFM) to ensure alignment with physical security and identify where it impacts IT security. It will participate and respond to audits related to physical security as they related to IT such as network security, access control, camera data management, asset security and data centre security.
This role will be responsible for leading and managing the overall Business Continuity and Disaster Recovery Plans for ITC including overseeing the continuity plans for each area to ensure critical business processes are supported during disaster scenarios.
Major Responsibilities:
Own and provide strategic direction and oversight for the design, development, and implementation of IT Security & Risk Management programs and plans that fulfill the needs of the enterprise, including policies, procedures, standards, practices, and tools to identify and mitigate all business risks inherent in the use, ownership, operation, and adoption of IT within WSIB.
Maintain oversight and overall accountability for operational performance and compliance with legislative requirements, corporate policy and financial controls.
Oversee and have accountability for resources and vendors regarding their commitments to program(s)/project(s), particularly the Managed Security Services Provider, by clearly articulating roles and responsibilities, with specific accountability to oversee the vendor contracts and manage infrastructure transitions. This includes monitoring and evaluating performance on a regular basis and taking corrective actions related to any transition/implementation plans as appropriate if/when required.
Foster a business-oriented culture and mindset driven by continual service improvement techniques, and support continuous improvement programs and processes to achieve and improve upon desired outcomes.
Provide support to the Enterprise Architecture team in the development of the WSIB's Enterprise Architecture (EA) program to include secure architecture practices and design, which can be leveraged in an integrated fashion consistently across the WSIB, reference architectures (including, but not limited to, business, information, application, technology and security architectures technology roadmaps, IT security policies and standards.
Manage financial, physical and human assets in a fiscally responsible manner including developing and forecasting annual operating and capital budgets; monitoring and reporting on variances based on projections; and evaluating overall expenditures.
Build and maintain active interaction and dialogue and constructive working relationships with other WSIB leaders and employees to assess and discuss business and organizational issues, their implications and potential solutions, and to promote an effective team approach to the attainment of corporate goals and objectives.
Establish and maintain effective relationships with appropriate external contacts or business partners other workers compensation boards, government agencies, stakeholders and industry groups and organizations. This includes external information sharing with organizations like the Canadian Centre for Cyber Security, other compensation boards and the provincial government Cyber Security Division. This also includes attending CISO level events and sharing information nationally with Community of Practice on behalf of WSIB
Job Requirements:

• Bachelor's degree in Computer Science or equivalent education
• 8 years in a leadership role with:

8 to12 years of experience in at least three disciplines, such as, application/solution development or delivery, security, technology planning, IT risk management, data privacy, technology/infrastructure delivery in a multi-tier environment

• Technical or Professional Qualifications: Experience with and working knowledge of the following Security Frameworks:
• National Institute of Standards and Technology (NIST) framework, Cloud Security Alliance Framework, Center for Internet Security (CIS) controls, Control Objectives for IT (COBIT)

Our commitment to equity, diversity and inclusion
We respect and value the diversity of our people. We strive to create an environment where employees can be themselves and where our differences are celebrated.
The WSIB is committed to being accessible and inclusive, and following barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require accommodation through any stage of the recruitment process, please let us know when we contact you and we will work with you to meet your needs.
Disclosing conflicts of interest
As public servants, employees at the WSIB have a responsibility to act in an ethical way at all times to create a respectful workplace and maintain public trust. Job applicants are required to disclose any circumstance that could result in a real, potential or perceived conflict of interest. A conflict of interest is any situation where your private interests may impair or be perceived to impair the decisions you make in your official capacity. This may include: political activity, directorship, other outside employment and certain personal relationships (e.g. with current WSIB employees, customers and/or stakeholders). If you have any questions about conflict of interest obligations and/or how to make a disclosure, please contact the Talent Acquisition Centre at talentacquisitioncentre@wsib.on.ca.
Privacy informationWe collect personal information from your resume, application, cover letter and references under the authority of the Workplace Safety and Insurance Act, 1997. The Talent Acquisition Centre and WSIB hiring parties will used this information to assess/validate your qualifications, determine if you meet the requirements of vacant positions and/or gather information relevant for recruitment purposes. If you have questions or concerns regarding the collection and use of your personal information, please contact the WSIB's Privacy Office at privacy_office@wsib.on.ca. The Privacy Office cannot provide information about the status of your application.
As a precondition of employment, the WSIB requires that prospective candidates undergo a criminal records name check any time before or after they are hired.
To apply for this position, please submit your application by the closing date.Job Type: Full-time