Manager, Information Systems Security

University of Toronto - Toronto, ON (30+ days ago)

Apply Now

The Leslie Dan Faculty of Pharmacy (LDFP) at the University of Toronto is Canada’s leading pharmacy school and has a world class reputation in both pharmacy practice and pharmaceutical sciences education and research. Named the top pharmacy school in Canada and in the top 10 internationally, we offer innovative education programs and conduct cutting-edge research that is multidisciplinary and encompasses all aspects of patient care and drug therapy.

The LDFP main building sits at the heart of Toronto’s official Discovery District, a nexus of government, scientific innovation, academic teaching hospitals, and entrepreneurial creativity. Our building is an iconic landmark representing the contribution of pharmacy practice and pharmaceutical sciences to the improvement of patient care. Visit us at

As the Manager of Information Systems Security at the Faculty, you will play a vital role in ensuring the continued success of the Faculty at a strategic and operational level by:

Developing and enacting a robust information security framework in alignment with University strategies
Providing leadership in incident response
Enforcing best practices in information security for systems and increasing stakeholder awareness in current information security risks and mitigation strategies
Managing projects

In addition, you will propose and implement vital information security related projects and utilize existing assessment tools to help strategically prioritize activities in information security.

This position will have a dual reporting relationship to the Director of Information and Learning Technology at LDFP, and to the Chief Information Security Officer for the University, leveraging both relationships to create and develop synergies beneficial to the University and the Faculty.

To be successful in this role you will be:
Detail oriented
Able to assess situations and propose solutions in short timeframes
Build and leverage personal networks
Manage multiple projects and competing timelines
Able to work with a variety of stakeholders both within and external to the Leslie Dan Faculty of Pharmacy


University degree in a relevant field, (e.g., Business, Computer Science, Engineering), or equivalent combination of education and experience.

Four years working in an Information Technology environment, including at least two years working with Information Security as a significant focus of activity. Expert understanding of client and server application deployment and support. Strong understanding of client and server activity tracking. Strong understanding of IT Architecture concepts and security methodologies. Experience auditing systems for compliance (PCI-DSS, PA-DSS, etc.). Experience drafting information security standards and guidelines, assessing risk management and determining controls. Experience in administering enterprise-level Microsoft and Unix-based server applications (Microsoft System Centre, MBAM, Advanced Threat Analytics, etc.) Strong Scripting skills required including Shell and interpreted languages. Experience with application / scripting tools (Powershell, Python). Experience configuring databases and database-backed applications (SQL Server, MySQL). Extensive experience using network and security analysis tools. Extensive experience with intrusion detection and prevention – host and network, active and passive. Experience in selecting, configuring and deploying service mis-use detection and prevention technologies (Anti-Spam, Anti-Virus, Anti-DDOS, etc.). Experience running static and dynamic penetration testing and vulnerability scanning (Metasploit, Nessus, etc.). Experience with deploying, configuring and securing virtualized and cloud (IaaS, SaaS, PaaS, VMWare) environments, and services running in it. Experience with federated access control (i.e. Shibboleth, Active Directory Federation Services (ADFS) or similar services.

Expert level understanding of Windows and a variety of Unix-like operating systems (Solaris, Linux, OpenBSD, OS X), at both server and client level. Comprehensive knowledge of TCP/IP networking and client-server architecture and protocols. Strong understanding of network configuration, hardware and next-gen firewall/IPS technologies (Cisco ASA, Juniper, Fortinet, Palo Alto, FireEye, etc). Expert level understanding of the following access control technologies – LDAP, Kerberos, and Active Directory. Expert knowledge of Virtual Private Networks (VPNs) and Multi-Factor Authentication (MFA) tools. Expert knowledge of Encryption technologies at network, file and file-system levels. Strong understanding of cryptographic certificates and the operation of certificate authorities. Excellent communication, instruction and presentation skills. Able to describe a variety of complex technical concepts or policies to users and senior leadership at all technical experience levels and to deliver security awareness and education content to faculty, staff and graduate students.

Ability to work under pressure of high volume and expectations, while meeting multiple deadlines for multiple projects; strong service orientation coupled with ability to recognize and assess the operational significance of a problem, control/mitigate the risk and set priorities accordingly. Strong ability to assess risks and controls of computing systems and operations. Demonstrated broad knowledge of information technology, instructional technology, classroom technology, audiovisual technologies, digital signage, network technologies, databases and application development. Strong ability and willingness to work effectively as a team leader and team member; must be able to collaborate and cooperate with team members, project sponsors, other stakeholders. Ability to supervise team members of varying levels and skill sets including Professional/Managerial as well as staff. Must be able to deal calmly and effectively with a variety of people. Demonstrated ability to exercise sound judgment, tact and diplomacy. Ability to effectively navigate a professional and political climate including assessing the requirement to escalate and issue to more senior levels of management or resources or bodies outside the Faculty; ability to maintain a high level of confidentiality. Ability and willingness to learn new systems, technologies and project management methods and tools.

Travel: None