SENIOR SPECIALIST (ENTERPRISE RESILIENCE & ADVISORY - MS)

• Job ID: 54168
• Job Category: Information & Technology
• Division & Section: Office of the CISO, Cyber Operations
• Work Location: Metro Hall, 55 John Street, Toronto (Hybrid)
• Job Type & Duration: Full-time, Permanent 
• Salary: $122,305.00 -$163,639.00, PSG #TM5099 and wage grade 8. 
• Shift Information: Monday to Friday, 35 hours per week per week
• Affiliation: Non-Union
• Number of Positions Open: 1 
• Posting Period: 24-FEB-2025 to 3-MAR-2025 

The Senior Specialist Enterprise Resilience & Advisory – Microsoft Security (MS) supports the execution of the Chief Information Security Officer's (CISO) mandate, cyber vision, and strategy by providing technical and business advisory services for Microsoft 365 (M365) and other large enterprise solutions across all City divisions, agencies, and corporations.

This position is responsible for defining, developing and supporting cyber programs and initiatives, working collaboratively with teams across the organization to ensure alignment on key projects and the development of execution roadmaps.  Providing subject matter expertise, strategic guidance, and operational support for the Enterprise Resilience & Advisory section, the role will ensure the effective integration of cybersecurity measures within enterprise technologies and cloud-based solutions.

Key responsibilities include developing and implementing cybersecurity plans, policies, and procedures tailored to M365 environments, recommending best practices for securing M365 applications and services, and acting as a strategic advisor on cybersecurity issues.  This involves identifying potential exposures, conducting reviews, ensuring risk mitigation, and staying current on cyber threats and vulnerabilities.  The role serves as the point of contact and subject matter expert on M365 business application resilience, enterprise applications, application architecture, and cybersecurity best practices.  This individual determines cybersecurity requirements for business strategies and provides advisory services, guidance, and technical solutions for M365 cybersecurity and governance.  A crucial aspect is researching cybersecurity trends, developments in enterprise cloud security, corporate policies, and industry best practices, ensuring compliance with evolving regulations.  Collaboration with cross-functional teams is essential to integrate cybersecurity best practices into enterprise solutions, ensuring robust protection across M365.  The role also involves providing ongoing risk assessments, monitoring, and reporting on the cybersecurity posture of M365 environments, ensuring alignment with cybersecurity frameworks and compliance mandates.

The Senior Specialist provides leadership, direction and subject matter expertise to project teams, staff, and contract resources, managing daily operations, performance evaluations, and fostering employee engagement.  They organize and lead multidisciplinary teams across business and technical functions to execute cybersecurity initiatives, communicating effectively with stakeholders, project managers, clients, and executives, ensuring alignment on cybersecurity decisions, risk management strategies, and project outcomes. 

The role involves developing, implementing, monitoring, and maintaining security tools, maintaining up-to-date knowledge of the City's confidential cyber infrastructure, and working with senior management to address cyber threats.  This includes providing confidential assessments of organizational issues and recommending solutions, developing security strategies, and leading the delivery of secure enterprise applications.  A core function is leading security initiatives and delivering enterprise business application projects (e.g., SAP, SuccessFactors, Salesforce, Microsoft), providing high-quality application security implementation and operation capabilities, ensuring thorough security testing, participating in architecture reviews, and providing application security consulting.

The Senior Specialist supports operational security activities, including incident response, vulnerability management, and access reviews. It involves evaluating security solutions, identifying emerging technologies, and contributing to the development of security-focused transformation strategies.

A key responsibility is managing cyber risk by proactively identifying threats, resolving issues, and escalating significant concerns when necessary. The role also leads the implementation and monitoring of security controls in ERP systems, assists with incident remediation, and ensures ERP systems meet security standards.

Additionally, the Senior Specialist participates in audit reviews, oversees cyber risk activities, and provides project management support. This includes effective communication with stakeholders, assisting in policy and procedure development, preparing contractual documents (e.g., RFX), maintaining risk metrics, and fostering relationships with internal and external partners.

Finally, staying informed about cybersecurity trends, emerging threats, and evolving technologies is essential for continued success in this role.

What you bring to the role

• Post-secondary degree in Business, Technology or related discipline and extensive experience in Business Continuity, Crisis Management, Information Security, Information Risk Management, Disaster Recovery or a related field.
• Extensive experience and applied knowledge of architecture and security including Microsoft Security.
• Extensive business applications, infrastructure and data protection experience.
• Extensive network design and support including data center, cloud, server and networking experience.
• Extensive experience with security evaluation/analysis within a technical organization.
• Extensive experience in conducting risk assessments, required controls definition, control procedure appropriateness, security capabilities identification.
• Extensive experience applying security frameworks (e.g. ISO 27001, COBIT), laws and standards (e.g. NIST, GDPR, etc.)

• Experience leading a team (internal or external resources) with strong interpersonal skills to work independently and collaboratively with others in a multidisciplinary team setting.
• Preferred Certifications (any in the list): CISSP, CRISC, Microsoft 365 Security Administration Certification or SAP Certified Technology Professional - System Security Architect.
• Excellent written & verbal communication skills with the ability to communicate effectively at all levels including leadership, business partners, project stakeholders, divisional teams and vendors), translating technical details into easily understood language.
• Ability to assess communications gaps and opportunities and to develop new content strategies that deliver on business objectives.
• Creative, critical, analytical and strategic thinker with the ability to problem, solve and identify solutions to unusual and complex problems.
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Ability to prioritize and effectively manage competing priorities, projects and initiatives while adhering to strict deadlines within a fast paced environment.
• Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
• Self-motivated with desire to go above and beyond required tasks and ability to work extremely well under pressure while maintaining a high level of professionalism
• Transferable skills, including communication and decision-making, are equally important. Being able to think on your feet and show good judgment are especially valuable in this field. Professionals in cyber security must be able to react quicky and strategically to cyber-related incidents.

Notes:

• A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.         
• The successful candidate will be subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

Accommodation

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.