Job ID #30540: Chief Information Security Officer

Contribute to the City of Hamilton, one of Canada’s largest cities - home to a diverse and strong economy, an active and inclusive community, a robust cultural and dining scene, hundreds of kilometers of hiking trails and natural beauty just minutes from the downtown core, and so much more. Join our diverse team of talented and ambitious staff who embody our values of sensational service, courageous change, steadfast integrity, collective ownership and being engaged empowered employees. Help us achieve our vision of being the best place to raise a child and age successfully. #BeTheReason Job ID #30540: Chief Information Security Officer Union: Non-Union Job Description ID #: 7753 Close date: Interested applicants please submit your application online at www.hamilton.ca/city-council/jobs-city by 4:00 p.m. on November 6, 2024. Duration: 24 Months This vacancy is for a period of 24 months as a result of a new position. Internal applicants should apply with your work e-mail address . External applicants are considered only after the internal posting process has been completed. Only applicants chosen for an interview will be contacted. SUMMARY OF DUTIES Reporting to the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) will be responsible for implementing and running the enterprise cybersecurity and technology infrastructure program. The CISO is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets, technologies, and infrastructure are adequately protected. This includes oversight of the City's data center, network infrastructure, and telephony and related infrastructure across approximately 180 sites. The CISO will lead efforts to secure the organization’s information and IT assets by developing and implementing strategies to mitigate risks, ensure operational stability, manage security incidents, and ensure compliance with relevant policies and regulations. The CISO will ensure that the business complies with all relevant IT security regulations and standards when acquiring new technology. The CISO will lead the IT Security and Data Operations Teams consisting of approximately 25 staff members. GENERAL DUTIES STRATEGY & PLANNING Lead and provide strategic direction to achieve business goals by articulating standards, prioritizing technology initiatives and coordinating the evaluation, deployment, and management of current and future security and infrastructure technologies. Participate in the development and implementation of IT strategies in collaboration with the IT Management team. Provide advice and recommendations to the Senior Management team on strategic infrastructure and security architectures and best practices to ensure the integrity of the City environment. Develop and communicate security and technology plans and directions to senior management team, staff, partners, customers and stakeholders. Direct development, execution and updating of cyber incident response and assist with technology business continuity planning and execution. Design and develop enterprise security standards, architecture, security technology evaluation and implementation. Review proposed infrastructure and application projects and solutions for compliance to defined City security and technology policies, procedures and standards. Conduct research and provide recommendations on security products, services, protocols, and standards in support of all infrastructure procurement and development efforts. Establish and manage delivery of quality service through the establishment and monitoring of Key Performance Indicators (KPI). Devise strategies and make recommendations for enterprise information/data and solution architectures that meet the City’s security objectives and goals. Coordinate with the IT Management Team to effectively and efficiently utilize IT resources – including personnel and equipment – across the IT organization. Manage and maintain strategic relationships with the corporate departmental leadership - across the City with a view to sustained insight on City business strategies and directions. Oversee the support, management and administration of contracts for spending on services and products related to managed security hardware and applications. Participate in the evaluation, installation, configuration and deployment of new applications, systems software, products, and/or enhancements to existing applications to ensure compliance with the City’s security policies. Oversee the delivery of IT cyber and infrastructure related projects using standard project management practices and methods. Validate the compliance of proposed new software against the City’s security and infrastructure architecture and policies. Plan, organize, and manage staff and overall section operations to ensure the stable operation of the City’s IT security applications and software. Ensure that all employees perform work in accordance with applicable health and safety legislation and all City of Hamilton corporate and departmental policies and procedures. Develop and manage operational and capital budgets to support strategic and operational requirements. Manage and maintain an inventory of company security application software and systems assets and their corresponding contracts/agreements. Establish and maintain regular written and in-person communications with the organization’s executives, department heads and end users regarding pertinent Security and IT activities. Ensure effective management and communication of Security training and documentation for end users. ACQUISITION & DEPLOYMENT Assess and communicate risks associated with technology-related investments and purchases. Develop business case justifications and cost/benefit analyses for technology spending and initiatives. Define requirements for new technology implementations and communicate them to key business stakeholders. Review hardware and software acquisition and maintenance contracts. Define and communicate corporate procedures, policies, and standards for the organization for acquiring, implementing, and operating new network systems, equipment, software, and other technologies. Approve and prioritize projects and the project portfolio as they relate to the selection, acquisition, development, and installation of major information systems. Collaborate on the preparation of RFPs, bid proposals, contracts, scope of work reports, and other documentation for infrastructure projects. Review the planned purchase of technology equipment and supplies for architecture compliance. Analyze existing operations and make recommendations for the improvement and growth of the IT infrastructure and IT systems. OPERATIONAL MANAGEMENT Design and direct the governance activities associated with ensuring compliance with the enterprise architecture. Plan, develop and deploy security measures in collaboration with infrastructure, application and security resources. Identify and research security technologies that are right for the City of Hamilton and develop/refine adoption strategies. Direct the design and execution of vulnerability assessments, penetration tests, security audits, ensuring legislative compliance. Provide continuous delivery of technical services through management of service level agreements with end users and monitoring of systems, programs, and equipment performance. Ensure equipment and software operation adheres to applicable laws and regulations. Convey the technology vision through the establishment and maintenance of regular written and in-person communications with the organization’s executives, decision-makers, stakeholders, department heads, and end users. Manage and develop operational and capital budgets and forecasts to support strategic and operational requirements. Ensure that employees are provided with and use the appropriate equipment, material and/or procedures required to perform the assigned duties. Perform such other duties from time to time, as may be assigned by the IT Director, which are directly related to the normal job function. QUALIFICATIONS University Degree in field of Computer Science, Information Systems, or equivalent. Master’s or PhD. degree in one these fields preferred. Fifteen (15) years of relevant experience in the field with demonstrated leadership capability including 10 years direct experience managing and/or directing the direction, development and implementation of Cyber Security programs, security hardware, data centre and network operations. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials. Familiarity with NIST or similar related Cybersecurity frameworks. Knowledge of network security practices and experience in interpreting the applicability of local and federal laws/regulations to City operations. Strong knowledge of change management practices, business process flow analysis and re-engineering and methodology development. Experience overseeing the design, development and implementation of change management facilitation programs and process review. Experience with multi-platform environments, infrastructure and security architectures. Knowledge across multiple technical areas and business segments relevant to the City’s network and infrastructure architecture. Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency situations. Good Knowledge of the ITIL standard. Strong technical knowledge of current network hardware, protocols, and standards including voice communications. Knowledge of HR practices and policies relating to the hiring, retention and performance management of direct reports. Proven problem-solving abilities. Demonstrated strong leadership and personnel/project management skills. Strong interpersonal, written, and oral communication skills. Disclaimer: Be advised that Human Resources frequently audits resumes of internal/external applicants to ensure/validate information provided is consistent and trustworthy. Falsification of information provided at any time throughout the recruitment process may be grounds for disqualification, and for internal applicants, subject to discipline up to and including termination. Terms: The City is an equal opportunity employer that is committed to inclusive, barrier-free recruitment and selection processes. The City will provide accommodation for applicants in all aspects of the hiring process, up to the point of undue hardship. If you have an accommodation need, please contact Human Resources as soon as possible to make appropriate arrangements. #J-18808-Ljbffr