Job Title

Job Opening Number: 107070 Job Requisition Number: 236 Number of Positions: 1 Job Type: Management and Administration Department: CORPORATE SUPPORT SERVICES Division: Information Technology Hiring Salary Range: $100,277 - $112,812 per annum Maximum of Salary Range: $125,346 per annum Job Grade: 006 Job Status and Duration: Full Time (FT), Regular (R), vacancy Hours of Work: 35 Hour work week Location: West Tower Posting Date: 03/16/2026 Closing Date: 03/27/2026 Notice to Internal Applicants: To ensure your application is processed as internal, please submit your application using your City of Brampton work email address. External and internal applicants are now being considered. Area of Responsibilities This role is responsible for providing advisory subject matter expertise, offering solutions and strategies, and recommending ways to ensure all program policies and procedures related to Cyber Security and Information Risk Management within the Corporation are communicated and implemented to meet organizational effectiveness and corporate service standards. As part of a small IT Security and Risk team, the role will handle a broad range of information security work including supporting Information Security tooling (IDS/IPS, AntiVirus, Malware Detection, URL Filtering, Threat Hunting, DLP on Endpoints, Network Devices, and 0365/Azure Cloud), managing operational support for Mail Gateway, AD PAM, Certificate Management/Provisioning, IAM Onboarding, providing security assessments on inhouse and procured products, participating in enterprise and project risk management activities, researching, defining evaluation criteria and recommending information security controls and procedures, developing information security standards, policies and procedures, establishing metrics, gathering data and preparing reports, participating in the information security incident response process, and championing and communicating the future state of the City of Bramptons cyber security awareness program. Key Responsibilities OPERATION SUPPORT Support projects and security tools by providing governance and operational delivery of information security services. Conduct security and threat risk assessments and security evaluations. Conduct product reviews to identify potential vulnerabilities and risks. Review IT operational processes, identifying potential security concerns and risks and developing mitigation measures. Participate in enterprise and project risk management activities. Proactively conduct IT security risk and vulnerability assessments for new and existing IT infrastructure elements (network/systems/applications/services). Consult with the Corporations Technology Services teams to research, define evaluation criteria, and recommend information security controls and procedures. Participate in the information security incident response process. ARCHITECTURE FOCUSED ROLE Liaise with the Enterprise Information Architecture team as the source of trusted security expertise for various programs and projects. Develop, evolve and maintain security in balance with user, business, and system goals. Assist with security reviews for conformance to solution architecture. Collaborate with development services in the development, review, and documentation of detailed security design and reusable security design patterns. STAFF GUIDANCE AND DIRECTION Support staff, prioritize and organize daily work to meet operational effectiveness. Coach, mentor and provide guidance as required to meet operational effectiveness. Participate in recruitment and hiring process as required to meet operational effectiveness. Provide input into performance reviews as required. CUSTOMER SERVICE Serve as a source of trusted information security expertise for various programs and projects. Escalate complex issues to appropriate level. Liaise with stakeholders to understand business needs and recommend solutions. Build and maintain relationships with internal and external stakeholders, departments and team members to achieve common goals. COMMUNICATION AND REPORTING Establish information security metrics, gather data and prepare reports. Champion and communicate the future state of the Citys cyber security program. Present and convey complex concepts to stakeholders; develop reports, proposals and make recommendations to management for effective decisionmaking. Keep management informed of activities and initiatives; recommend solutions for effective decisionmaking. CORPORATE CONTRIBUTION Develop information security standards, policies and procedures. Ensure proper documentation standards are adhered to and kept up to date. Promote security awareness and good data protection practices to safeguard information assets. Help shape strategic technical direction and standards for the organization. Stay abreast of new technology trends, information security and cyber risks and standards development to recommend solutions that improve business processes. Maintain knowledge of collective agreements, City policies and practices, legislation, regulations and standard operating procedures. BUDGET SUPPORT Use effective resource and expense management at all times to meet corporate policies and guidelines. TEAMWORK AND COOPERATION Participate on project initiatives as a subject matter expert. Work well within diverse groups to achieve common goals and objectives. Participate as a member of crossfunctional teams. Demonstrate corporate values at all times. Selection Criteria Education Postsecondary degree or diploma in Information Technology, Computer Science, Engineering, Business or related field is required. Professional security and privacy certifications (one or more of the following is preferred): Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA). Information security specific coursework is an asset. Experience 7+ years of broad and progressive information security experience in an enterprise environment, including security tooling support, program development, risk and vulnerability analyses, system design and architecture. Minimum of 3 years in a senior information security position in a medium to large organization. 3-5 years supervisory experience is an asset; ability to guide and motivate staff. Other Skills And Assets Practical knowledge of municipal, regional, provincial and federal governments and applicable legislations is an asset. Experience with security reviews, implementation of recommendations, analysis of technical controls and application of security standards. Experience in public cloud environment (MS Azure and AWS preferred) and analyzing existing cloud structures. Knowledge of and experience with Cloud Access Security Broker, Endpoint Detection and Response, Next Generation Firewall, Privileged Access Management, IAM, SIEM, MultiFactor Authentication, Vulnerability Management, Penetration Testing, etc. Understanding of certificate management, PKI and commercial Certificate Authorities. Experience presenting analyses and presentations to internal and external audiences. Strong understanding of information security controls, strengths, weaknesses, and application to mitigate threats. Broad understanding of Microsoft and Oracle technology stacks. Exceptional knowledge of application, network and operating system security, architectures and privacy controls. Strong understanding of cloud computing concepts, virtualization and software architecture patterns. Azure knowledge highly preferred. Ability to translate strategic, tactical and operational business requirements into effective architectures and designs. Ability to work autonomously and set objectives based on management direction. Collaboration with teams in managing expectations and tracking progress. Ability to develop detailed documentation tailored to specific audiences. Exceptional communication skills; ability to interact with experts from multiple disciplines. Strong presentation skills; facilitate and convey concepts clearly. Strong customer service and people management skills; interface with stakeholders and resolve issues. Strong organizational and analytical skills for complex problem solving. Additional Information Our recruitment process may be completed with video conference technology. Various tests and/or exams may be administered as part of the selection criteria. As part of the corporations Modernizing Job Evaluation project, this position will undergo an evaluation which may result in a change to the rate of compensation. Any changes affecting this position will be communicated as information becomes available. If this opportunity matches your interest and experience, please apply online by clicking the apply now button by (03/27/2026) and complete the attached questionnaire. We thank all applicants; however, only those selected for an interview will be contacted. The successful candidate(s) will be required, as a condition of employment, to execute a written employment agreement. A criminal record search will be required of the successful candidate to verify the absence of a criminal record for which a pardon has not been granted. As part of the application process, applicants will be invited to complete a selfidentification survey. The survey is voluntary. Participation will have no impact on hiring decisions. All information collected is confidential and will not be shared with the hiring manager. The surveys will be anonymized and kept separate from applicant or employee files, so individuals who completed the surveys will not be identifiable. The results will assist in the analysis of disaggregated metrics for organizational planning and the Citys commitment to advance and promote diversity, equity and inclusion. The City may use anonymized data to produce aggregate reports for internal or external use. The City of Brampton uses email to communicate with applicants for open job competitions. It is the applicant''''s responsibility to include an updated email address that is checked daily and accepts emails from unknown users. Timesensitive correspondence is sent via email (i.e. testing bookings, interview dates) and it is imperative that applicants check their email regularly. If we do not hear back from applicants, we will assume that you are no longer interested in the employment opportunity and your application will be removed from the competition. If you would like to request content in an alternate format, please contact the Accessibility office by submitting a new Alternate Format Request. #J-18808-Ljbffr