Associate Director, Cybersecurity and Privacy OperationsCentennial College • Toronto, Ontario, Canada
Associate Director, Cybersecurity and Privacy Operations
Centennial College
- Toronto, Ontario, Canada
- Toronto, Ontario, Canada
Über
Reporting to the Director, Cybersecurity, Privacy, and Delivery, the incumbent oversees day-to-day cybersecurity and privacy operations, including monitoring, incident response, investigations, remediation, and ongoing risk management across the College's technology environment.
The role is accountable for safeguarding the confidentiality, integrity, and availability of digital assets and personal information while ensuring the College operates within an approved and practical level of risk. The incumbent balances regulatory, privacy, and security obligations with the College's academic, administrative, and service delivery needs, recognizing that absolute risk elimination is neither practical nor desirable in a complex educational environment.
Responsibilities
Cybersecurity Operations and Risk Management
• Lead and execute cybersecurity risk assessments and threat analyses across systems, applications, networks, and cloud services.
• Translate risk findings into prioritized remediation actions and actively drive resolution with internal teams and external vendors.
• Continuously monitor the cybersecurity posture using operational monitoring tools, vulnerability assessments, and audits.
• Provide regular cybersecurity risk, threat, and posture reporting to senior leadership.
Incident Response and Investigations (Cyber & Privacy)
• Directly coordinate and execute cybersecurity and privacy incident response activities, including containment, investigation, remediation, recovery, and documentation.
• Work hands-on with internal teams, managed security service providers, and external partners during incidents.
• Conduct post-incident and post-mortem reviews, documenting root cause, lessons learned, and corrective actions.
• Determine escalation requirements, including decisions related to service shutdowns where required to protect the College.
• Manage privacy breaches in accordance with legislative and regulatory requirements, including assessment, notification, and reporting.
Privacy Operations and Management
• Lead the development, implementation, and ongoing maintenance of the College's privacy management framework.
• Oversee privacy operational activities, including Privacy Impact Assessments (PIAs), Freedom of Information (FOI) coordination, and responses to privacy incidents.
• Ensure compliance with applicable legislation, including FIPPA, PIPEDA, and EDSTA.
• Work with academic, administrative, IT, Legal, and Procurement stakeholders to identify and mitigate privacy risks associated with systems, data use, and third-party services.
• Provide privacy advisory support to leadership and staff, promoting responsible handling of personal and sensitive information.
Security Controls, Policy, and Compliance
• Lead the development, implementation, and enforcement of cybersecurity and privacy standards, controls, policies, and procedures.
• Review and approve security configurations, designs, implementations, and change proposals for IT systems and applications.
• Conduct and manage cybersecurity audits, technical reviews, and investigations to validate compliance and control effectiveness.
• Collaborate with Legal, Compliance, and Procurement to operationalize cybersecurity and privacy requirements.
Projects, Change, and Architecture
• Act as a permanent cybersecurity and privacy stakeholder in projects and system changes, defining risks and required controls throughout the project lifecycle.
• Review, validate, and approve cybersecurity and privacy controls prior to deployment or production release.
• Review and sign off on operational change requests to ensure cybersecurity and privacy standards are consistently applied.
• Update threat and risk inventories based on new technologies, services, or architectural changes.
Vendor and Third-Party Risk Oversight
• Oversee cybersecurity and privacy operations performed by managed service providers and vendors with access to College systems or data.
• Assess third-party cybersecurity and privacy risks and ensure appropriate contractual, technical, and operational controls are in place.
• Lead the evaluation, selection, and operational implementation of cybersecurity technologies and services.
Awareness, Training, and Governance
• Develop and deliver cybersecurity and privacy awareness programs, training sessions, and advisory materials.
• Promote a culture of shared responsibility for cybersecurity and privacy across the College.
• Participate in governance forums, committees, and senior leadership discussions related to cybersecurity, privacy, and risk management.
Qualifications/Experience
• Bachelor's degree in Computer Science, Information Systems, Electrical/Computer Engineering, or a related field, or an equivalent combination of education and experience.
• A minimum of seven (7) years of progressive experience in information security management or related functions such as IT risk management or audit.
• Required certifications: CISSP, CISA, CISM, C|CISO, or equivalent.
• Privacy certifications (e.g., IAPP CIPP/C, CIPM, or equivalent) are considered an asset.
• Strong experience with operational cybersecurity functions, including monitoring, incident response, investigations, vulnerability management, and remediation.
• Practical knowledge of privacy legislation and regulatory requirements (e.g., FIPPA, PIPEDA) and their application to systems, data governance, and third-party services.
• Experience advising senior leaders on cybersecurity and privacy risk, compliance trade-offs, and mitigation strategies.
• Demonstrated experience managing vendors and third-party service providers.
• Experience working in a mid- to large-sized organization, preferably in an academic or public-sector environment.
• Experience with ERP systems (e.g., Banner) is preferred.
• Strong leadership, communication, analytical, and problem-solving skills.
• Proven ability to manage multiple priorities and stakeholders in high-pressure environments..
Apply online:
Proof of credentials or equivalencies from accredited regional or federal post secondary institutions and/or their foreign equivalents will be required at the time of job offer.
When applying, your cover letter and résumé must include examples that reflect all of the requested skills and qualifications and must be submitted online by February 20, 2026 at 11:59 PM EST. Please quote Job ID J Misrepresentation of applicant information will be grounds for your exclusion from the competition or for dismissal should you subsequently be hired for the position. We wish to thank all applicants for their interest and advise that only those selected for an interview will be contacted.
We are committed to providing persons with disabilities equal opportunities regarding all employment activities, including access to jobs and accommodations during employment as required, in accordance with the Ontario Human Rights Code (OHRC) and the Accessibility for Ontarians with Disabilities Act (AODA).
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.