Senior Manager, Cybersecurity

Job Description

<p><h3>About the Organization</h3><p>York Region (The Regional Municipality of York) – Almost 1.2 million residents. The region spans about 1,800 square kilometers over nine municipalities and operates within a two-tier local government structure to provide residents and businesses access to services and resources.</p><h3>What We Offer</h3><p>Consistently named one of Canada’s Best Employers by Forbes, we offer a collaborative, progressive workplace that is committed to psychological health and safety in the workplace and to building strong, caring, safe communities.</p><ul><li><b>Defined Benefit Pension Program</b> - Ontario Municipality Employees Retirement System (OMERS) defined benefit pension plan with employer-matched contributions.</li><li><b>Employer of Choice</b> - Recognized as the highest-ranking government employer in Canada and fourth overall among 300 organizations.</li><li><b>Benefits and Wellness</b> - Employer-paid benefits including extended health, dental and life insurance, Employee and Family Assistance Program, and corporate discounts.</li><li><b>Inclusive and Diverse Workforce</b> - Commitment to diversity, inclusion, equity and accessibility, recognized by UN and others for leadership.</li></ul><h3>About the Role</h3><p>Reporting to the Director, Information Technology Services, the Senior Manager, Cybersecurity is responsible for providing senior cybersecurity leadership, establishing York Region’s cybersecurity strategy and program to safeguard critical technology infrastructure, information systems, OT, and data. Responsibilities include governance and policy development, risk assessments, and ensuring regulatory compliance (e.g., GDPR, PCI, NIST). Works with departments to integrate cybersecurity into business processes to protect digital assets and infrastructure from cyber threats.</p><h3>What You’ll Be Doing</h3><ul><li>Lead development and implementation of a comprehensive information security strategy aligned with business objectives and best practices, including policy development, threat intelligence, risk management, incident response, training, and data protection.</li><li>Establish security architecture principles (e.g., zero trust, micro-segmentation) with Enterprise Architecture to guide design of resilient, scalable infrastructures.</li><li>Develop and integrate identity and access management policies, including federated identity, multi-factor authentication, and RBAC across systems.</li><li>Lead cloud security strategies with robust access controls and monitoring for cloud environments.</li><li>Monitor emerging threats and advise senior leadership on maintaining a robust cyber posture.</li><li>Develop and implement a continuous security assessment framework with independent audits, vulnerability testing, and red-teaming.</li><li>Evaluate emerging security technologies and drive adoption of solutions aligned with the organization’s risk tolerance.</li><li>Establish KPIs and metrics to track security program effectiveness and report to senior leadership.</li><li>Lead design and selection of security platforms, automation, and operational use cases for security operations.</li><li>Develop strategies for endpoint detection and response, API and network security, container security, vulnerability management, and IaC security.</li><li>Maintain security vendor contracts and procurement to ensure high system availability.</li><li>Collaborate with development teams to integrate security into the Software Development Life Cycle (SDLC).</li></ul><h3>What We’re Looking For</h3><ul><li>University degree in a related field or approved equivalent combination of education and experience.</li><li>Certifications such as CISA, CISSP, CISM, CEH or equivalent.</li><li>Minimum seven (7) years of experience in cybersecurity or information security, including at least three (3) years leading cybersecurity teams and projects.</li><li>Strong understanding of networking and cybersecurity architecture in on-premises and cloud environments.</li><li>Solid understanding of programming or scripting (e.g., Python) for automation.</li><li>In-depth knowledge of container security, API security, endpoint management security, and IaC.</li><li>Leadership ability to motivate staff and foster a security-aware culture.</li><li>Supervisory and HR management skills, including knowledge of collective agreements, labor relations and employment legislation.</li><li>Ability to make decisions under pressure and tight timelines.</li><li>Demonstrated knowledge of relevant legislation, standards, acts, and regulations.</li><li>Ability to demonstrate the Region’s leadership and core competencies.</li></ul><h3>Seniority level</h3><ul><li>Executive</li></ul><h3>Employment type</h3><ul><li>Full-time</li></ul><h3>Job function</h3><ul><li>Information Technology, Management and Other</li><li>Industries: Government Administration</li></ul></p>
#J-18808-Ljbffr