Advisor, IT Security and Risk Management

at  Toronto Community Housing

• Provide security assessments on our in-house developed products as well as procured products
• Participate in the planning and design of enterprise security architecture, under the direction of the IT Security Manager, where appropriate
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate
• Research, define evaluation criteria and recommend information security controls and procedures
• Develop information security standards, policies and procedures
• Establish information security metrics, gathering data and preparing reports
• Participate in the information security incident response process; and champion and communicate the future state of TCHC’s (Toronto Community Housing’s) cyber security program
• Exercise knowledge of legislation (MFIPPA), regulations, policies, procedures, interpretations and apply applicable orders of Information and Privacy Commissioner of Ontario

Investigations and Audits

• Under the direction of the Manager, IT Security and Risk, participate in investigations into problematic activity
• Conducting audit and providing recommendations to the Manager to address the gaps from investigation and remediation
• In collaboration with the Manager, IT Security and Risk, participate in the design and execution of vulnerability assessments, penetration tests, and security audits and proactively conducts IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services)
• Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and provides relevant feedback to the manager for appropriate resolution
• Security and threat risk assessments for projects and security evaluations for tools and solutions
• Product reviews to identify potential vulnerabilities and risks
• Participate in the information security incident response process
• Manage access control for existing information technology and provide feedback on the development of access control methodology for new information technology solutions

Reporting and Compliance Control

• Process and track of Freedom of Information (FOI) requests and ensure TCHC’s compliance with MFIPPA
• Provide input on FOI policies and procedures and update the framework of compliance
• Participate in and provide support to the manager with relevant feedback related to information security standards, policies and procedures
• Through stakeholder engagement, ensure proper documentation standards are adhered to; advise Manager on any recommended documentation standards updated, based on industry best practices
• Gather and collect data and provide support in preparing reports for Cyber security and Risk
• Under the guidance of the Manager, IT Security and Risk, proactively review IT operational processes, identify potential security concerns and risks and recommend mitigation measures

Training and Change Management

• Participate in the development of the annual IT Security Operational Plan, IT Security and Risk Strategy, and roadmap execution
• Champion and communicate the future state of TCHC’s cyber security program
• Promote security awareness and good data protection practices to safeguard TCHC’s information assets
• Provide relevant feedback to Manager, IT Security and Risk to help shape strategic technical direction and standards for the organization
• Serve as a source of trusted information security expertise for various programs and projects
• Support projects by providing governance, and operational delivery of information security services
• Participate in the development of and conduct information security training and other related user education initiatives
• Participate in efforts to identify and evaluate project requirements, as they relate to Cyber Security and Information Risk Management. Provide feedback on the development of applications, test and implement said applications. Sustain information technology solutions to meet business objectives and client needs