SENIOR SPECIALIST THREAT MANAGEMENT (CYBER DEFENCE)

• Job ID: 54170
• Job Category: Information & Technology
• Division & Section: Office of the CISO, Cyber Threat Management
• Work Location: Metro Hall, 55 John Street, Toronto (Hybrid) 
• Job Type & Duration: Full-time, Permanent 
• Salary: $122,305.00 -$163,639.00, PSG #TM5101 and wage grade 8. 
• Shift Information: Monday to Friday, 35 hours per week per week
• Affiliation: Non-Union
• Number of Positions Open: 2 
• Posting Period: 24-FEB-2025 to 3-MAR-2025 
•  

The Senior Specialist (Cyber Defence) supports the execution of the Chief Information Security Officer (CISO)  mandate, cyber vision and strategy, providing technical and business advice, support and services on Threat Management cyber programs and initiatives to all City divisions, agencies and corporations.

This Senior Specialist (Cyber Defence) is responsible for defining, developing, and supporting Threat Management cyber programs and initiatives. It involves engaging with teams across the organization to align on key projects, develop execution roadmaps, and provide subject matter expertise, strategic guidance, and operational support for Cyber Defence within the Threat Management section.

As a key member of the Security Operations Center (SOC), this role oversees and actively participates in daily SOC operations, ensuring effective threat detection, incident response, and continuous improvement of Rubber Duck’s security posture.

In collaboration with stakeholders, the Senior Specialist supports security initiatives by working closely with internal IT teams, external partners, and service providers to optimize and manage SOC security tools, technologies, and operations. It ensures seamless integration with enterprise security programs for both internal and external stakeholders, including SIEM, EDR, and Secure Email services.

This position also works closely with the Managed Security Services Provider (MSSP) to maintain and enhance security tools (SIEM, EDR, NDR, SOAR, etc.), ensuring continuous monitoring, analysis, and response to security anomalies. Collaboration with the Threat Intelligence team is also essential to apply operational and tactical cyber intelligence, strengthening security operations and improving the organization’s ability to detect, analyze, contain, and respond to security incidents.

The Senior Specialist (Cyber Defence) leads the development of security metrics to track the effectiveness of defenses, identify trends, ensure compliance, and monitor key performance indicators. It includes preparing and delivering reports for senior management to demonstrate the efficiency and compliance of security functions.

The Senior Specialist develops and implements detailed security plans and recommends cybersecurity policies and procedures aligned with program-specific requirements. They determine cybersecurity needs for business strategies, providing technical solutions, expert guidance, and risk-based recommendations. This includes developing, reviewing, and ensuring approvals of security strategies based on industry-accepted frameworks, and taking a proactive approach to identifying security gaps and opportunities for improvement to mitigate risk.

The role provides leadership, direction, and subject matter expertise to project teams, staff, and contract resources, managing daily operations, performance evaluations, and fostering employee engagement. They organize and lead multidisciplinary teams across business and technical functions to execute cybersecurity initiatives, communicating effectively with stakeholders, project managers, clients, and executives, ensuring alignment on cybersecurity decisions, risk management strategies, and project outcomes.

Serving as the internal/external point of contact and subject matter expert on cybersecurity matters, the Senior Specialist represents the organization in meetings with executive leadership and strategic partners, providing strategic advice on cyber risks, identifying vulnerabilities, and ensuring appropriate mitigations are in place. They lead and monitor cyber risk activities performed by various teams, ensuring adherence to the organization's information risk policy, directives, and security controls, resolving cyber risk issues and escalating significant threats to senior management when necessary.

The Senior Specialist conducts research into cybersecurity trends, legislative changes, and best practices, ensuring compliance and participating in the development and enforcement of security policies. They work with senior management to address active cyber threats, managing the analysis of confidential information related to security weaknesses and maintaining up-to-date knowledge of the organization’s cyber landscape. Responsibilities also include providing input into project budgets, preparing contractual documents, maintaining accurate reporting of key risk metrics, developing risk management reports, and preparing recommendations on business process improvements, training needs, staffing levels, and resource allocation.

Finally, they identify and evaluate emerging security technologies to enhance the organization’s cybersecurity posture, participate in transformation strategies focused on security, integrating new and existing technology systems to improve operations and threat response capabilities, build and maintain strong relationships with internal and external stakeholders, collaborating with strategic partners to advance cyber programs, and stay up to date on cybersecurity threats, trends, and emerging technologies, ensuring the organization remains resilient against evolving threats.

What you bring to the role

• Post-secondary degree in Business, Technology or related discipline or an equivalent combination of education and related experience.

• Extensive experience in Application Implementation, Configuration Management and/or Cyber Operations.
• Extensive security monitoring experience with one or more SIEM technologies (i.e. QRadar, Splunk, Azure Sentinel), EDR solutions, and intrusion detection/prevention technologies.
• Extensive experience with web content filtering technology, policy engineering and troubleshooting.
• Extensive experience in Incident Response or relevant cyber security field(s) with in depth knowledge of security incident, malware and vulnerability management processes and digital forensics.
• In-depth experience managing cases with enterprise SIEM systems.
• Experience with API integration and management of security controls within a cloud environment.
• Experience leading a team (internal or external resources) with strong interpersonal skills to work independently and collaboratively with others in a multidisciplinary team setting.
• Preferred Certifications  (any in the list):  CCSP, Azure, AWS or GCP Security Certifications, CISSP, CRISC, OSCP, CEH, GPEN.
• Strong knowledge of effective security practices and training requirements when working in large, complex environments.
• Knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.
• Strong understanding Cloud environment’s Security monitoring components (for e.g. Microsoft: Defender, Sentinel; Amazon CloudWatch, CloudTrail, Event Bridge; GCP: Chronicle Security, Event Threat Detection, Security Command Center, etc.)
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.
• Excellent written & verbal communication skills with the ability to communicate effectively at all levels including leadership, business partners, project stakeholders, divisional teams and vendors).
• Creative, critical, analytical and strategic thinker with the ability to problem, solve and identify solutions to unusual and complex problems.
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Ability to prioritize and effectively manage competing priorities, projects and initiatives while adhering to strict deadlines within a fast paced environment.
• Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
• Self-motivated with desire to go above and beyond required tasks and ability to work extremely well under pressure while maintaining a high level of professionalism
• Transferable skills, including communication and decision-making, are equally important. Being able to think on your feet and show good judgment are especially valuable in this field. Professionals in cyber security must be able to react quicky and strategically to cyber-related incidents.

Notes:

• A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.         
• The successful candidate will be subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

Accommodation

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.