Share this Job



Job ID: 17672

Division & Section: Office of the CISO, Business Application Resilience

Work Location: METRO HALL, 55 John Street

Job Type & Duration: Permanent, Full Time

Salary: $112,075.60 - $131,677.00 TM5099, Wage Grade 8 (2022 rate) 

Shift Information: Monday to Friday, 35 hours per week

Affiliation: Non-Union

Number of Positions Open: 1 

Posting Period: 05-DEC-2022 



Job Summary:


To support the execution of the Chief Information Security Officer's (CISO) mandate, cyber vision and strategy, providing strategic business advice, senior level guidance, technical and operational support and services on Business Application Resilience cyber programs and initiatives to all City divisions, agencies and corporations. To define, develop and support Business Application Resilience cyber programs and initiatives and to engage with teams across the organization to build alignment on key projects and initiatives and develop execution roadmaps.



Major Responsibilities:


  • Develops and implements detailed plans and recommends cyber security policies/procedures regarding program specific requirements.
  • Supervises, motivates and trains assigned project staff and contract resources, ensuring effective teamwork, high standards of work quality and organizational performance, continuous learning and encourages innovation in others. 
  • Supervises the day to day operation of all assigned project staff and contract resources, including the scheduling, assigning and reviewing of work. Coordinates vacation and overtime requests. Monitors and assists in evaluating staff performance, hears grievances and recommends disciplinary action when necessary. 
  • Provides direction, leadership and guidance to project teams, assigned project staff and contract resources. Oversees and reviews their work. 
  • Provides leadership to influence employee engagement to the organization, to the team, and to their role. 
  • Conducts research into assigned area ensuring that such research takes into account developments within the field, corporate policies and practices, legislation and initiatives by other levels of government. 
  • Provides input into assigned project budgets, ensuring that expenditures are controlled and maintained within approved budget limitations.
  • Provides subject matter expertise and strategic advice on cyber security issues affecting the organization, identifying potential exposures, and conducting reviews to ensure that undesirable effects are detected, mitigated and/or corrected, and providing pragmatic advice to clients to ensure that cyber risks are managed appropriately.
  • Serves as the internal/external point of contact and subject matter expert in business application resilience cyber programs and initiatives, enterprise applications, application architecture and design, and best practices. 
  • Determines cyber security requirements of business strategies to provide appropriate advice, guidance, and technical solutions. 
  • Deals with confidential information affecting the organization and its resources. Prepares and presents reports to management supporting recommendations on changes/improvements in business processes, training and services, standards that impact appropriate staffing levels and resource allocation. Makes recommendations based on investigation results which could lead to the discipline or dismissal of staff. 
  • Participates in the development, implementation, administration, monitoring and maintenance of security tools collecting confidential information on infrastructure and application weaknesses Maintains up to date knowledge of City's confidential cyber infrastructure. 
  • Works with senior management within the division to address active internal/external cyber threats to the City.
  • Attends senior management meetings, makes recommendations to mitigate the threats, and takes appropriate urgent action as needed. 
  • Provides a confidential assessment of organizational issues and makes recommendations for next steps, including policy, procedural and structural change.
  • Develops, reviews, and ensures approvals of security strategies within industry-accepted frameworks. 
  • Leads the delivery of secure enterprise applications. Provides leadership around application development best practices and governance to strengthen the City's applications and systems security posture. 
  • Leads security related initiatives and the delivery of enterprise business application projects (i.e SAP, SuccessFactors, Salesforce, Microsoft, etc.). 
  • Provides high quality application security implementation and operation capabilities for enterprise applications. 
  • Ensures applications are thoroughly security-tested using industry best practices prior to promotion to production. 
  • Participates in application architecture and design reviews. 
  • Leads security testing to assess and validate application security. Leads project risk assessments from a technical security and information risk management perspective and advises management on risks. 
  • Explains and demonstrates vulnerabilities to application/system owners, and provides recommendations for mitigation. 
  • Provides application security consulting services to Technology Services and other relevant partners and clients. 
  • Supports operational security activities including oversight of ongoing segment specific security processes (e.g., incident response, ad hoc queries, periodic access reviews, and vulnerability management). 
  • Provides leadership in the evaluation, selection and recommendation of technical solutions and professional services. Identifies and evaluates emerging security technologies. 
  • Anticipates, analyzes and identifies organizational impacts of emerging requirements; recommends and coordinates innovative solutions using conflict resolution and negotiation skills to successfully manage sensitive and controversial matters. 
  • Participates in the development of transformation strategies focused on security, integrating and managing new or existing technology systems to deliver continuous operational improvements and detect, respond, and remediate threats. 
  • Resolves cyber risk issues. Escalates significant cyber risk matters to senior management when required. 
  • Takes a proactive approach to identify gaps and opportunities for improvement to mitigate risk. 
  • Leads the implementation and monitoring of security controls in Enterprise Resource Planning (ERP) systems and assists in mitigation and remediation of ERP incidents. 
  • Provides direct support and assistance in assessing gaps in current ERP processes and procedures from security domain. 
  • Provides recommendations and guidance to help improve overall security in ERP. 
  • Reviews new and existing ERP systems in terms of adequacy of security controls. 
  • Participates and represents the division in audit reviews and other relevant meetings. Organizes and works with multidisciplinary business and technical teams from across the organization to formulate and execute project plans and tasks according to established project management principles and methodologies. 
  • Oversees and monitors cyber risk activities performed by project teams. Reviews and supports implementation of processes and controls by various teams as outlined in the information risk policy and related operating directives, standards and procedures.
  • Provides project coordination and management support, and ensures comprehensive and effective information communication across various functional and project teams.
  • Communicates effectively to stakeholders, clients, project managers, and team members regarding any business and technical decisions and actions that may impact solution delivery, staff performance, business processes, management workflow and technical support of public services. 
  • Provides support in the design, implementation, maintenance, and enforcement of policies, procedures, and controls. 
  • Plans, prioritizes and coordinates internal and/or external assigned project resources to meet project objectives. 
  • Prepares and/or supervises the preparation of various formal contractual documents such as Request For Information/ Proposal/Quotation , Statement of Work, Memorandum of Understanding and Service Level Agreements. 
  • Maintains accurate reporting of key risk metrics and associated measurements in alignment with the cyber risk appetite. 
  • Prepares regular cyber risk management reports, briefing notes, and presentations as required, leveraging cyber risk subject matter expertise. 
  • Builds and maintains strong relationships with internal and external stakeholders. Establishes relationships with strategic partners, collaborating on the advancement of cyber programs. 
  • Participates in meetings with executive leadership and strategic partners to review City's cyber security posture. 
  • Maintains an up-to-date and in-depth knowledge of cyber security, emerging threats, trends, and associated techniques and technologies as well as key business drivers and opportunities.




  1. Post-secondary degree in Business or Technology or a related discipline.
  2. Extensive experience in business application protection.
  3. Extensive experience in SAP and cyber.
  4. Experience with circulation and commenting software.
  5. Extensive experience with security evaluation/analysis within a technical organization
  6. Extensive experience with a combination of relevant technical disciplines in the field of Information
  7. Security and Information Risk Management.
  8. Extensive experience in conducting risk assessments, required controls definition, control procedure appropriateness, security capabilities identification.
  9. Extensive experience applying security frameworks (e.g. ISO 27001, COBIT), laws and standards (e.g. NIST, GDPR, etc.)
  10. Preferred Certifications (any in the list): CISSP, CRISC, Microsoft 365 Security Administration Certification or SAP Certified Technology Professional - System Security Architect




  • Ability to work in transformative programs.
  • Ability to lead efficient communication between all project stakeholders, including internal teams and clients.
  • Ability to achieve business objectives through influencing and effectively working with key stakeholders.
  • Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors).
  • Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
  • Keen attention to detail and strong organizational skills.
  • Strong analytical skills and ability to prioritize and multitask
  • Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
  • Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
  • Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
  • Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
  • Ability to prioritize and effectively manage competing priorities and projects.
  • Ability to manage multiple initiatives while adhering to strict deadlines.
  • Able to work extremely well under pressure while maintaining a high level of professionalism
  • Self-motivated person with desire to go above and beyond tasks
  • Transferable skills, like communication and decision-making, are equally important.
  • Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.






A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.


*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.


Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.



The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.