10 Oct
City of Toronto

10 Oct

City of Toronto


Job Category:

 Information & Technology

Division & Section:  Office of the CISO

Work Location:  Metro Hall, 55 John Street

Job Type & Duration:  Full Time, Permanent

Salary: $ 103,313.60 - $121,368.00, Wage Grade 7.5

Shift Information:  Monday to Friday, 40 Hours per Week

Affiliation: Non-Union

Number of Positions Open:  1

Posting Period: Oct-9-2020 - Oct-23-2020

To provide expertise, guidance, advice, and operational support for the development, deployment and management of Threat Management programs to ensure the City is adequately protected from cyber security threats and to support the execution of the Chief Information Security Officer's (CISO) mandate, cyber vision and strategy.

To design and implement security systems to protect the City's computer networks from cyberattacks, and set and maintain security standards.

To provide senior level technical and business advice, support and services to all City's divisions and Agencies and Corporations for Application Security.

Major Responsibilities

- Participates in and leads a range of application security assessment activities. Performs assessments, analyzes findings, and provides advice for remediation.

- Ensures applications are thoroughly security-tested using industry best practices prior to promotion to production.

- Investigates and responds to incidents related to application security.

- Plays an active role in improving application security practices based on security assessments and industry best practices.

- Implements security testing procedures (manual, or automated).

- Provides application security consulting services to technology teams, project teams, and other relevant partners and clients.

- Assists in the development, evaluation, and implementation of application penetration testing processes and tools.

- Develops and implements detailed plans and recommends cyber security policies/procedures regarding program specific requirements.

- Leads, coordinates, and executes assigned projects, ensuring effective teamwork and communication, high standards of work quality and organizational performance and continuous learning.

- Supervises the day to day operation of all assigned project staff and contract resources including the scheduling, assigning and reviewing of work. Motivates and trains assigned staff. Coordinates vacation and overtime requests. Monitors and assists in evaluating staff performance, hears grievances and recommends disciplinary action when necessary.

- Provides guidance, advice, and direction to assigned project teams and contract resources to meet objectives.

- Works with Senior Specialists on large, complex projects, providing project coordination support, technical advice and guidance.

- Conducts research into assigned area ensuring that such research takes into account developments within the field, corporate policies and practices, legislation and initiatives by other levels of government.

- Ensures that project expenditures are controlled and maintained within approved budget limitations.

- Provides expertise in identification, analysis, testing, and remediation of cyber threats.

- Monitors, identifies, and analyzes events to ensure cyber threats are reported and remediated.

- Assesses cyber security requirements of business strategies in order to provide appropriate advice, guidance, and technical solutions.

- Reviews, and facilitates approvals of security strategies within industry-accepted frameworks.

- Provides guidance in the evaluation, selection and recommendation of technical solutions and professional services. Identifies and evaluates emerging security technologies.

- Resolves cyber risk issues. Escalates significant cyber risk matters to senior management when required.

- Deals with confidential information affecting the organization and its resources. Prepares and presents reports to management supporting recommendations on changes/improvements in business processes, training and services standards that impact appropriate staffing levels and resource allocation. Makes recommendations based on investigation results which could lead to the discipline or dismissal of staff.

- Provides a confidential assessment of organizational issues and makes recommendations for next steps, including policy, procedural and structural change.

- Participates in the development, implementation, administration, monitoring and maintenance of security tools collecting confidential information on infrastructure and application weaknesses Maintains up to date knowledge of City's confidential cyber infrastructure.

- Works with senior management within the division to address active internal/external cyber threats to the City. Attends senior management meetings, makes recommendations to mitigate the threats, and takes appropriate urgent action as needed.

- Maintains an up-to-date and in-depth knowledge of cyber security, current and emerging application security threats, trends, and associated techniques and technologies as well as key business drivers and opportunities. Identifies, manages, and mitigates cyber security risks in applications.

- Participates in the preparation of various formal contractual documents such as Request For Information/ Proposal/Quotation, Statement of Work, Memorandum of Understanding and Service Level Agreements.

- Anticipates, analyzes and identifies organizational impacts of emerging requirements; recommends and coordinates innovative solutions using conflict resolution and negotiation skills to successfully manage sensitive and controversial matters.

- Provides project coordination and management support, and ensures comprehensive and effective information communication across various functional and project team.

- Organizes and works with multidisciplinary business and technical teams from across the organization to formulate and execute project plans and tasks according to established project management principles and methodologies.

- Maintains accurate reporting of key risk metrics and associated measurements in alignment with the cyber risk appetite.

- Prepares regular cyber management reports leveraging cyber analytics subject matter expertise.

- Communicates effectively to stakeholders, clients, project managers, supervisors and team members regarding any business and technical decisions and actions that may impact solution delivery, staff performance, business processes, management workflow and technical support of public services.


- Post-secondary degree in Business or Technology or a related discipline, and/or equivalent experience

- Considerable experience in application security.

- Considerable experience with agile development processes and experience integrating secure development practices into the model.

- Considerable experience with application security best practices such as secure coding, security testing techniques.

- Experience in software development.

- Experience with Static and Dynamic Application Security Testing Tools

- Strong understanding of web and mobile application architecture and development principles.

- Strong knowledge of all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25.

- Ability to lead efficient communication between all project stakeholders, including internal teams and clients.

- Ability to achieve business objectives through influencing and effectively working with key stakeholders

- Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors).

- Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.

- Keen attention to detail and strong organizational skills.

- Strong analytical skills and ability to prioritize and multitask.

- Ability to work in transformative programs.

- Preferred Certifications: CISSP or OCSP

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve.

The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: [nzd-667] - specialist threat management- application security
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert