Job Description

Provide security governance and oversight of 3rd party managed security services providers. Provide information security consulting & advice to internal & external WSIB stakeholders regarding all aspects of systems security. Plan, design, obtain approval and implement security architectures, procedures and software that safeguard access to WSIB data. Take a leadership role with respect to Security Incident management, Information Security Risk management, vulnerability advisories, new upgrades, patches or configuration changes that are required to protect the WSIB environment. Lead IT security investigations in cooperation with Human Resources and Legal.

Major Duties & Responsibilities

Lead security governance and oversight of 3rd party managed security services providers and system administrators;


Ensure proper application and administration of WSIB's information security systems and policy (whether located at 3rd party sites or at WSIB offices) Develop security metrics/dashboards to increase security process consistency, capability & maturity Liaise with systems administrators to ensure system integrity, proper installation, operation, and maintenance of all components. Lead resolution of security issues such as internet security, application security and major access issues, with 3rd party vendors Review/perform risk assessment and compliance to WSIB or industry standard IT Security Policies and controls.

Provide IT Security leadership in the following areas;:


Respond to security incidents by providing analysis and expertise, explaining technical issues, identifying alternatives, providing and recommending solutions which will help protect confidential data and the vital resources for processing that data. Monitor and protect the integrity of the information and electronic infrastructure by staying current with advanced technical skills and knowledge in order to respond to the increasing sophisticated intrusion attempts. Provide team leadership by assisting the manager in the prioritization of issues, assignments and projects and the monitoring of section projects and activities, providing technical guidance to staff, and advising Manager of major problems and issues. Provide advice and consultation to Infrastructure Teams & Applications Development regarding the use of system access and the interface with applications; provide on-call support during implementation of new systems & software releases. Provide rapid response to user community's requests for security assistance and security consultation to development projects. Maintain knowledge of vendor products through research of security services or contacts for security investigations or products for the purpose of recommending purchases. Provide guidance and technical assistance to operating units, including analyzing, assisting in the selection of security-related software and hardware, evaluating access to and use of online technology (network, LAN, mainframe) and operating systems and applications. Plan, design, obtain approval and implement security architectures, procedures and software that safeguard access to WSIB data. Ensure that logical access to and use of the WSIB's computing resources are restricted through the implementation of adequate verification mechanisms of identified users and resources associated with access rules Ensure currency of Information Security policies through updates, new development, implementation of controls, etc. Lead development and delivery of corporate security awareness campaigns. Conduct and/or oversee internal/external threat risk assessments and audits. Review, provide expert input and approve infrastructure and application design and development. Plan, coordinate and carry out threat and risk assessments and provide guidance on mitigation options

Provide a proactive leadership approach to ongoing Information Security Risk Management:


Review risk assessments, recommend & implement mitigation strategies - WSIB utilizes ServiceNow Integrated Risk Module for risk assessments. Create, compile and maintain information security policies, procedures, standards and guidelines to support the delivery of new technology Re-examine security periodically to maintain formally approved security levels and the acceptance of residual risk Monitor a variety of security publications, forums, blogs and mailing lists to keep abreast of emerging threats and control technologies Develop computer security incident handling procedures with sufficient expertise and rapid response capability, respond to various security incidents as required Provide team leadership to assist with security investigations and Human Resources procedures. Lead post security incident investigations and system intrusions, investigate root cause, report on findings, and present to stakeholders

Network and Security Investigations

Job Requirements

1. Education (Level and Specialty / Discipline):


College diploma in computer science or related engineering discipline

2. Experience (Years of Related Experience and Type of Experience):


5 years Information Security incident management experience 5 years Information Security Risk Management experience One or more InfoSec Certifications: + CISSP
+ SANS / GIAC
+ Cisco CCNA Security
+ Comp TIA Security +
+ Microsoft Certified IT Professional.
And one or more Technical training/certificates; + Network & Web Application Penetration Testing
+ Advanced Firewall Administration
+ Network Access Control
+ Intrusion Detection/Prevention Systems

Our commitment to equity, diversity and inclusion

We respect and value the diversity of our people. We strive to create an environment where employees can be themselves and where our differences are celebrated.


We value and celebrate diversity and are committed to creating inclusive experiences for both our employees and prospective employees. We invite all interested individuals to apply. If you require accommodations in order to apply to this position please contact talentacquisitioncentre@wsib.on.ca. If you are invited to participate in the interview or assessment process, you can advise our Recruiter of your accommodation needs at that time.


Please visit our EDI Vision to learn more about what actions WSIB are taking to advance our commitment to equity, diversity and inclusion and to support all employees participating and contributing to their full potential

Disclosing conflicts of interest

As public servants, employees at the WSIB have a responsibility to act in an ethical way at all times to create a respectful workplace and maintain public trust. Job applicants are required to disclose any circumstance that could result in a real, potential or perceived conflict of interest. A conflict of interest is any situation where your private interests may impair or be perceived to impair the decisions you make in your official capacity. This may include: political activity, directorship, other outside employment and certain personal relationships (e.g. with current WSIB employees, customers and/or stakeholders). If you have any questions about conflict of interest obligations and/or how to make a disclosure, please contact the Talent Acquisition Centre at talentacquisitioncentre@wsib.on.ca.

Privacy information

We collect personal information from your resume, application, cover letter and references under the authority of the Workplace Safety and Insurance Act, 1997. The Talent Acquisition Centre and WSIB hiring parties will used this information to assess/validate your qualifications, determine if you meet the requirements of vacant positions and/or gather information relevant for recruitment purposes. If you have questions or concerns regarding the collection and use of your personal information, please contact the WSIB's Privacy Office at privacy_office@wsib.on.ca. The Privacy Office cannot provide information about the status of your application.


As a precondition of employment, the WSIB requires that prospective candidates undergo a criminal records name check any time before or after they are hired.

To apply for this position, please submit your application by the closing date.