Job Title

Job ID: AR 489 Job Title: Senior Manager, Governance, Compliance, and Risk Division : Information Technology Services, Toronto Community Housing Corporation (TCHC) Salary Range : $139,499.70 - $153,449.67 Location : Toronto, Ontario Job Type : Permanent, Full-Time, Hybrid (Remote and In-Office) Shift: Monday to Friday, 36.25 hours per week Consider Your Role with Aliant Resources and Client Toronto Community Housing Corporation. About Us Aliant Resources is a dedicated provider of IT staffing services, committed to promoting diversity, equity, inclusion, belonging, anti-racism, and accessibility in all facets of our operations. We work directly with TCHC for recruitment services. Make a Difference Are you passionate about Cyber Security and Information Risk Management and interested in having a positive impact on your local community? If so, the Supervisor, Information Security Operations & Defense position at Toronto Community Housing may be for you! The Senior Manager Governance, Compliance and Risk is accountable for ensuring all aspects of the security of TCHs IT systems and assets. Activities in this strategic role include conducting Governance, Compliance and Risk assessments, incident response, and developing the necessary monitoring and compliance systems, policies, procedures and security controls. This position is accountable for the protection of information and information systems from unauthorized access, inappropriate use, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability. What Youll Do Information Security Defense Management Framework and Strategy for TCHC: Accountable for the management of the information Governance, Compliance and Risk policies, standards and frameworks including but not limited to detection, recovery, protection, and identification of potential threats against TCHC enterprise digital assets and operations including and infrastructure and networks. Supporting compliance and reporting activities with respect to IPC and other regulatory and legislative requirements. Develop Governance, Compliance and Risk strategies that align with TCHC vision, mission and objectives. Plays a proactive role in development of annual Information Security operational plans. Provide tactical and strategic recommendations to Senior Management - related to Governance, Compliance and Risk for Information Security, Cyber threats and risk management, disaster recovery and associated Information Management and IT/OT Security controls. Analyse proposed Governance, Compliance and Risk solution, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance Governance, Compliance and Risk solutions and business processes. Proactively provides internal recommendations on related governance requirements, baselines, standards and best practices. Balance the Governance, Compliance and Risk for Information Security controls with the requirements of the Business and make implementable recommendations versus business operations. Identify, analyze, and recommend Governance, Compliance and Risk options for risk management at appropriate levels within the enterprise and municipalities and associated agencies. Acts as the Governance, Compliance and Risk expert and take on more complex work in developing TCHCs Governance, Compliance and Risk program, and interacting with key internal partners and their confidential information. Play a mentorship role as a senior subject matter expert in information Governance, Compliance and Risk management and provide training and guidance to staff wherever needed. Research and maintain Governance, Compliance and Risk techniques, countermeasures and trends in computer and network vulnerabilities, data hiding, encryption and cyber security. Recommends technology changes in order to mitigate Governance, Compliance and Risk or implement and operationalize new or enhanced Governance, Compliance and Risk trends. Collaborates with other City of Toronto agencies to align Governance, Compliance and Risk standards. Daily IT Security Governance, Compliance and Risk Operations Activities: Provides expert Governance, Compliance and Risk standards and guidance to staff directly and indirectly in the secure operation of all IT services. Handles Governance, Compliance and Risk incidents and exceptions often of a confidential nature incorporating highly technical concepts to business stakeholders. The information if miscommunicated or incorrectly assessed or analysed might harm the reputation of TCHC and might lead to incorrect Management actions. Leads and coordinate confidential investigations alongside TCHC MSSP and Incident Responder and reports the results to Upper Management. Leads TCHCs end-to-end Governance, Compliance and Risk program. Ensure the Governance, Compliance and Risk of Corporate Identity and Access Management (CIAM) Program. Work with IT, Enterprise Solutions & Data, and all other TCHC Enterprise teams to establish appropriate Governance, Compliance and Risk processes, controls and ensure compliance with security policies. Manage the Governance, Compliance and Risk of TCHC data with multiple partners such as MSSP and security related projects simultaneously, and present status updates to upper management. Conducts internal information systems Governance, Compliance and Risk reviews. Reviews IT and business process changes for potential Governance, Compliance and Risk issues and compliance to standards. Analyze Governance, Compliance and Risk solution, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of corporate information. IT and IT Security audit and internal control Compliance and Governance, Compliance and Risk: Participates and co-ordinates all internal and external information technology Governance, Compliance and Risk compliance and remediation activities. Manages the Governance, Compliance and Risk responses with their team, implementation plan completions, time frames and remediation activities. Documents and manages the implementations of necessary IT Governance, Compliance and Risk and security controls to address the management responses. Crafts draft management responses. Works with internal and external auditors to confirm findings. Give recommendations on the day-to-day management and testing of internal Information Security Governance, Compliance and Risk standards. Develops Governance, Compliance and Risk procedures to meet Internal control perspectives and tests or verifies procedures are followed according to acceptable control standards. Monitors internal Governance, Compliance and Risk controls to ensure appropriate access levels are maintained, recommend access controls and roles consistent with the principle of least privilege security rules. Proactively recommends Governance, Compliance and Risk changes to IT and TCHC information systems, business processes and procedures to address potential Governance, Compliance and Risk control deficiencies. What Youll Need Preferred university degree, or equivalent, in computer science, engineering or a relevant technical discipline. 7- 9 years of broad and deep information security and Governance, Compliance and Risk experience. IT Security Designations CISSP. Specific strengths in multiple areas including Application Security, Network security, server and database security, cloud security, identity and access management, incident response and disaster recovery and business continuity planning, data leakage prevention, CISSP, IT Security Architecture, Threat Management Lifecycle Management experience. Excellent communication skills in written and spoken English. Nice to Have: CIPP.C, CIPM, IAPP (CIPP/C), SANS Certification e.g. GCIH, CISA, CRISC, CISM, GCIH or similar certification and training. Strong understanding of IT, Governance, Compliance and Risk, and Compliance frameworks (NIST, ISO 27001, CoBit, SOC2, CIS, Cloud Security Alliance (CSA)). Expert knowledge of Third-Party Risk Management, Security Risk Reporting, Zero Trust Assessment (ZTA) etc. Diversity Statement At Aliant Resources, we are committed to building a workforce that reflects the communities we serve and to promoting a diverse, anti-racist, inclusive, accessible, merit-based, respectful and equitable workplace. Accessibility Statement Aliant Resources is dedicated to making our recruitment process accessible to everyone with or without a disability. We adhere to workplace accessibility standards to ensure that individuals with disabilities can fully participate in employment opportunities. We understand the importance of identifying and removing barriers and we strive to provide an inclusive experience for all candidates. Workplace Accommodations We offer workplace accommodations throughout the recruitment process and all aspects of employment consistent with the requirements of the AODA. If you require workplace accommodations due to a disability, injury, illness, or any other condition that may affect your ability to apply online or perform essential job functions, please reach out to us at . Your request will be answered and we will collaborate with you to provide appropriate workplace accommodations as appropriate. AI Usage Disclosure: AI is utilized for initial screening of resumes. Screening, assessment and selection is furthered by human resource professionals. How to Apply You must apply online here on LinkedIn only. Your resume should not exceed four (4) pages, in Microsoft Word or PDF format only.