Working under the direction of SciNet’s Chief Technical Officer (CTO) in coordination with the University of Toronto’s Chief Information Security Officer (CISO), the Manager, Information Systems Security is responsible for working with Information Technology staff and resources at SciNet and the wider Compute Canada federation to minimize risk of the compromising of information, data, servers, and server-based applications. Work is done in the context of existing policy, guidelines and applicable legislation in a fluid, consultative environment.
The Manager, Information Systems Security assumes responsibility for the strategic and tactical planning and provision of systems security, confidentiality, privacy and risk management in the areas of systems administration, server and service design, implementation, operation and support. The Manager, Information Systems Security is responsible for developing, updating, implementing, promoting and training the community on SciNet’s Information Security Program. The Manager, Information Systems Security is instrumental in ensuring reliable and robust access controls, service availability, and activity / incident reporting. The Manager, Information Systems Security applies known security standards as well as establishes new security standards and best practices related to the use and operation of information technology solutions, systems, servers, network services solutions and proposes strategies by which those standards and best practices are implemented, tested and confirmed on a regular basis.
The Manager, Information Systems Security works to support and undertake forensic audits of IT systems and services whose access control mechanisms have been compromised or circumvented, both within and from outside of the University working with the I+TS Information Security and Enterprise Architecture (ISEA) unit as well as external auditors when required. The Manager, Information Systems Security reviews and performs detective auditing of the SciNet Systems Administrators and other privileged IDs for all SciNet systems and servers, actively monitors threats; works to ensure systems, servers and computing solutions administered by the SciNet are secure, with uncompromised access.
The Manager, Information Systems Security acts as a project manager for IT projects that fall within areas related to Information Security or projects, which include confidential and restricted information following the security standards and best practices for Identity and Access Management, Information Disclosure, Information Integrity, Business Continuity and Protection of Privacy.
The Manager, Information Systems Security reviews the performance of security controls, and effectiveness of projects to achieve the security goals of SciNet, in the context of the University, and the wider Compute Canada Federation. The Manager, Information Systems Security is also responsible for the initiation, specification and assessment of a wide variety of contracts covering information security related hardware, software, support and services. The Manager tables proposals to augment and/or improve services delivered and participates in reviewing proposals from others, using in-depth technical expertise and team work approach to organizational issues in daily in day-to-day developments and in tactical and strategic planning efforts.
University degree in a relevant field, (e.g. Computer Science, Engineering), or equivalent combination of education and experience.
Six years working in an Information Technology environment, including at least two years working with Information Security as a significant focus of activity. Requires broad and in depth knowledge of industry innovations and state-of-the-art technology in both computing and networking arenas. IT Security certifications held or in progress is an asset. High performance computing systems management and networking is highly desirable. Expert understanding of client and server application deployment and support. Strong understanding of client and server activity tracking. Strong understanding of IT Architecture concepts and security methodologies. Experience auditing systems for compliance (PCI-DSS, PA-DSS, etc.). Experience drafting information security standards and guidelines, assessing risk management and determining controls. Experience in administering enterprise-level Unix-based server applications. Strong Scripting skills required including Shell and interpreted languages. Experience with application / scripting tools (bash, Python). Experience configuring databases and database-backed applications (SQL Server, MySQL). Extensive experience using network and security analysis tools. Extensive experience with intrusion detection and prevention – host and network, active and passive. Experience in selecting, configuring and deploying service mis-use detection and prevention technologies (Anti-Spam, Anti-Virus, Anti-DDOS, etc.). Experience running penetration testing and vulnerability scanning (Metasploit, Nessus, etc.). Experience with deploying, configuring and securing virtualized environments, and services running in it.
Expert level understanding of the Linux operating systems at both server and client level. Comprehensive knowledge of TCP/IP networking and client-server architecture and protocols. Strong understanding of network configuration, hardware and next-gen firewall/IPS technologies (Cisco ASA, Juniper, Fortinet, Palo Alto)
Expert level understanding of the following access control technologies – LDAP and Kerberos. Expert knowledge of Virtual Private Networks (VPNs). Expert knowledge of Encryption technologies at network, file and file-system levels. Strong understanding of cryptographic certificates and the operation of certificate authorities.
Excellent communication, instruction and presentation skills. Able to describe a variety of complex technical concepts or policies to users and senior leadership at all technical experience levels and to deliver security awareness and education content to faculty, staff and students.
Ability to work under pressure of high volume and expectations, while meeting multiple deadlines for multiple projects; strong service orientation coupled with ability to recognize and assess the operational significance of a problem, control/mitigate the risk and set priorities accordingly. Strong ability to assess risks and controls of computing systems and operations. Demonstrated broad knowledge of information technology, network technologies, databases and application development. Strong ability and willingness to work effectively as a team leader and team member; must be able to collaborate and cooperate with team members, project sponsors, other stakeholders. Ability to lead team members of varying levels and skills. Must be able to deal calmly and effectively with a variety of people. Demonstrated ability to exercise sound judgment, tact and diplomacy. Ability to effectively navigate a professional and political climate including assessing the requirement to escalate and issue to more senior levels of management or resources; ability to maintain a high level of confidentiality. Ability and willingness to learn new systems, technologies and project management methods and tools.