Competition No: CUPE C-21-0199UTE
POSTED: September 15, 2021
DEADLINE: 4:30 p.m. September 30, 2021
Analyst I, Cyber Risk and Audit Management
1 – Project Assignment
Information Technology Services
CUPE Local 4400, Unit C – Grade O (12 month)
$42.90 per hour
(This assignment is for 1 year)
The Toronto District School Board adheres to equitable hiring, employment and promotion practices.
Reporting to the Senior Analyst, IT Security Risk and Audit, the Analyst I, Cyber Risk and Audit Management will conduct cyber risks assessments and audits in accordance with the TDSB risk tolerance level and in collaboration with the FOI office to ensure the safety and security of the students and staff and TDSB technology assets.
Summary of Duties:
- Perform cyber risk assessments in collaboration with the FOI office to incorporate privacy assessments in the final risk assessment report;
- Conduct audit assessments and provide reports to stakeholders;
- Facilitate meetings to review the completed risk and audit assessments;
- Collaborate with Threat and Vulnerability Management team to ensure the disposition of risks, and with third party risk assessment service to investigate cloud services risks;
- Identify potential cyber risks and weaknesses of cloud and online services;
- Research, recommend, evaluate and implement security solutions that will mitigate TDSB security risks; report security exposures and recommend mitigative controls, as required;
- Develop and maintain risk and audit management processes to meet service level expectations;
- Support the development and maintenance of security and risk management policies, standards and guidelines;
- Collaborate with all stakeholders, including departments to ensure appropriate controls are implemented to address cyber risk management issues, risk assessment requests and audit assessments;
- Perform administrative tasks to maintain efficacy of the Risk Management Program;
- Maintain the currency of various risk documents, forms and registers;
- Assist in the development and delivery of cyber security awareness programs, simulations, table-top exercises and learning opportunities;
- Assist in facilitating security governance programs with other IT operational units to convey risks arising out of enterprise, cloud and social computing environments;
- Provide support to IT security projects as required; and
- Other related duties as assigned.
- University degree in information technology or a related field with three years progressive work experience in cyber operations, risk and audit management in a large public sector environment, or an equivalent combination of education and experience;
- CRISC or related certification;
- Training and experience in conducting IT compliance and security audits;
- Experience in developing information security programs and practices;
- Experience establishing security and risk management frameworks, principles and, methodologies;
- Understanding of security and risk management implications of the contents and intent of the production environment and service level agreements;
- Understanding of IS information/process/technology and associated security architectures;
- Understanding of system technologies, including hardware, operating systems, database and application software;
- Knowledge and experience in project management methodologies, workload forecasting, documentation and performance standards;
- Strong interpersonal and oral/written communication and presentation skills;
- Excellent analytical, organizational and problem-solving skills;
- Proven ability to work under pressure and consistently meet deadlines;
- Knowledge of related TDSB policies and procedures and pertinent legislations; and
- Demonstrated ability to handle matters requiring diplomacy, sensitivity and confidentiality.
- Training and technical certification in Global Information Assurance in the following areas: security leadership, risk management, information security, perimeter protection, endpoint protection, enterprise defence, critical controls, system and network auditing, application security, ethical hacking
- Certification in one or more of the following: CISSP, CISA, CCSP, CEH, OCSP.
- Available after hours where there is cyber security incident being mitigated.
Location: 1 Civic Centre Court (wheelchair accessible)
Hours: 35 hours per week
Work Year: 12 months
- It is anticipated that interviews will take place within two weeks after the closing date of this competition.
- It is anticipated that the successful applicant will commence as soon as possible and practical.
Applications must be submitted:
- in résumé form with a covering letter to: email@example.com
- with competition # CUPE C-21-0199UTE in the subject line
- Apply no later than 4:30pm on September 30, 2021
Only applicants selected for an interview will be contacted. Applications will not be acknowledged in writing.
We strive to meet the accommodation needs of persons with disabilities. Applicants are encouraged to make their needs for accommodation known in advance during the hiring process.