About OICR
The Ontario Institute for Cancer Research (OICR) is Ontario's cancer research institute. We bring together people from across the province and around the world to improve the lives of everyone affected by cancer. We take on the biggest challenges in cancer research and deliver real-world solutions to find cancer earlier and treat it more effectively. We are committed to helping people living with cancer, as well as future generations, live longer and healthier lives.
Launched in December 2005, OICR is an independent institute funded by the Government of Ontario through the Ministry of Colleges and Universities.
Job Details
Position: Associate Director, Information Security
Location: MaRS Centre, Toronto
Department: Corporate Information Technology
Reports To: Senior Director, IT and Information Security Officer
Salary: Commensurate with level of experience; total compensation includes a competitive benefits plan, plus a defined benefit pension plan (HOOPP)
Hours: 35 hours/week
Job Type: Hybrid (flexible)
Status: Full-time, Permanent
Position Summary
OICR is looking for an Associate Director, Information Security to become a part of the Information Technology team. This leadership position also involves hands-on, expert-level Information Security tasks. The chosen candidate will be part of a team of around 25 IT professionals, with two positions, including this one, dedicated to Information Security. The rest of the team will spend approximately 20% of their time on information security-related tasks. OICR has partnered with a third-party SOC/SIEM provider to handle security events and provide support during major incidents or forensic activities. The OICR IT team provides state-of-the-art on-premises and cloud-based technology services to over 300 local research, lab, and administrative users, as well as thousands of collaborators in Ontario and around the world. OICR's infrastructure includes over 1,000 Linux and Windows servers, a large high-performance compute cluster (GPU and CPU), extensive virtualization platforms, over 10 Petabytes of high-performance storage, and over 1,000 client and lab devices.
OICR is dedicated to upholding a highly effective and mature Information Security Program, with the full backing of the OICR Executive and Board. The new Associate Director of Information Security will work closely with the Senior Director to ensure that institute data, including patient health information and personal information is protected with appropriate measures to prevent unauthorized access, alteration, or removal. As a Prescribed Person under the Personal Health and Information Protection Act, 2004 (PHIPA) for its work with the Ontario Tumour Bank, OICR has an additional responsibility to safeguard data and report on key information security indicators.
OICR is located in the MaRS Centre in Toronto. The successful candidate must be located within reasonable commuting distance as this position may be required to come onsite with short notice during critical events, or to attend scheduled events in person.
Position Responsibilities
- Leadership:
- Demonstrate OICR values in all that you do; lead by example;
- In conjunction with the Senior Director, IT and ISO, lead the Information Security Program, and maintain a “mature” rating;
- Work closely with the Associate Director, Research IT and the Associate Director, Corporate IT, as well as other IT leaders;
- Provide leadership and mentoring to Information Security Administrators and other IT staff;
- Conduct performance management, hiring, team building, and other staff management tasks;
- Manage relationships and deliverables of information security vendors and third party service providers;
- Create and maintain Information Security policies, procedures and practices, in compliance with regulators, standards such as NIST, and industry best practice;
- Create and conduct Information Security related training sessions;
- Create Information Security related reports and key performance indicators;
- Attend meetings with all levels of staff, up to Executive and Board level, to present and answer questions regarding OICR's Information Security program;
- Perform other Information Technology leadership activities as assigned.
- Technical:
- Champion, develop, improve and expand OICR's information security processes, tools and systems;
- Assess information security elements of new technology solutions and cloud services to ensure they align with OICR and industry best practices;
- Be aware of and assess evolving risks and adapt the Information Security Program to safeguard new technologies including AI, LLM and expanding technologies such as containerization and cloud;
- Perform expert level Information Security tasks and act as a point of escalation and coaching for event and incident management, breach management, and forensics;
- Perform and/or supervise in-house or third party audits and assessments including Threat Risk Assessments, Vulnerability Assessments, and Penetration Testing;
- As with all positions in OICR IT, occasional work outside of normal business hours and participating in a critical issue response on-call rotation will be required.
Qualifications
- Bachelor's degree in Computer Science, Information Security, Computer Engineering, or recognized equivalent. A combination of formal education and work experience will be considered.
- CISSP, CISM or similar Information Security certification(s)
- Experience in the field of Information Security, including at experience as a senior leader
- Familiar with all areas of Information Technology both on-premise and cloud-based
- Experience identifying and prioritizing information security threats, and overseeing timely mitigation
- Must have expert level knowledge and working experience in all common areas of Information Security including:
- vulnerability assessment, threat risk assessment, penetration testing
- incident response and incident handling methodologies
- intrusion detection methodologies and techniques
- infrastructure, client device, cloud, application security architecture
- Microsoft Security/Defender or equivalent EDR/MDR/XDR
- Tenable Security Centre or equivalent
- Phishing simulations
- SOC/SIEM, security event logging, rule parsing, and alerting; immutable logging
- Enterprise class next generation firewalls, intrusion detection, intrusion prevention, authentication.
- Exposure to working in a research, academic or health care environment
- Familiarity with adhering to regulations such PHIPA
For more information about OICR, please visit the website at www.oicr.on.ca.
To learn more about working at OICR, visit our career page.
POSTED DATE: May 24, 2024
CLOSING DATE: Until filled
OICR is committed to fostering a climate of equity, diversity, inclusion, and accessibility. This commitment is central to, and mutually supportive of, our research excellence mandate. We welcome and respect the diversity of all members of our community and we support an inclusive culture for all. We welcome all applicants, and encourage applications from racialized persons, Indigenous Peoples, women, persons with disabilities, LGBTQ2S persons, and others who may contribute to furthering a diversity of ideas within our community. OICR is committed to fair assessment of a candidate's abilities, and consideration for diversity of thought, method, and experience. Providing an accessible workplace and recruitment process is important to us, as described in our Accessibility Plan (https://oicr.on.ca/accessibility/). Should you require accommodation during any stage in the recruitment process, please complete the form at the bottom of page https://oicr.on.ca/careers/. Information received related to accommodation will be handled confidentially.
Resume Format: If you elect to apply, please click on the “Apply for this Job” button. You will be required to enter contact details, and to attach your resume to your application. Please attach your resume as a .pdf or .doc file.
The Ontario Institute for Cancer Research thanks all applicants. However, only those under consideration will be contacted.