Specialist, Cybersecurity and Privacy Awareness, Information Technologies

Position Overview

The Department of Architecture and Security in Information Technologies is currently seeking a Full-time Regular Specialist, Cybersecurity and Privacy Awareness .

This position reports to the Manager, Governance, Risk and Compliance, but will also work closely with the Privacy Office in Legal Services and will take direction from the FOIP Coordinator as it relates to privacy initiatives.

This position is responsible for the planning and delivery of required cybersecurity and privacy education and awareness initiatives and training across the University.

These initiatives are intended to educate staff, students, researchers, and management of the University on cybersecurity and privacy risks and compliance as it relates to their work and University operations, and to change behaviour as it relates to cybersecurity and privacy practises across the organization.

Position Description

Summary of Key Responsibilities :

Launch operational roll out of required cybersecurity and privacy education across the organization, including tracking compliance, and liaising with Human Resources as needed.

Assist in monitoring, identifying, and supporting compliance related to cybersecurity and privacy across the organization.

• Promote a culture of data protection and compliance across all units of the organization.
• Monitor effectiveness of awareness initiatives by evaluating cybersecurity and privacy behaviours, metrics, and trends of staff, students, and researchers, and adjust the program as required.
• Identify and collaborate with security champions in our community to develop awareness strategy while broadening the cybersecurity and privacy teams reach across the organization in all aspects of its operation.
• Partner with key business areas, in particular the IT Project Management Office, to ensure data security issues are considered at the outset of new projects, products and initiatives.
• Lead in the creation and procurement of cybersecurity awareness content, leveraging the various channels available in the University.

Support the Privacy Office in Legal Services in its development of privacy awareness content

• Participate and contribute to projects, communications initiatives, and incidents related to cybersecurity and privacy.
• Assist in providing end user support to the enterprise, problem identification and resolutions in cybersecurity awareness related activities : such as newsletters, awareness campaigns, enterprise learning management, phishing simulations, etc.
• Assist in responding to ad-hoc cybersecurity and privacy awareness requests from the IT and privacy teams.
• Participate in activities relating to cybersecurity incidents, including tracking, trend identification, and preparation of reports relating to findings and training recommendations.
• Identify and generate executive summaries on key performance indicators for awareness activities.
• Assist in the preparation of IT Knowledge Base articles to ensure policies / practices are understandable.
• Monitor the industry landscape to keep visibility on evolutions, trends, and best practices related to cybersecurity. Leverage this information to identify top awareness risks in the organization and build a strategy and plan to address them with creative methods.
• Create short term and long-term plans working with central communications regarding cyber security and privacy awareness initiatives.
• Develop and maintain cybersecurity awareness programs and resources, including training materials, videos, articles, and infographics.
• Provide tier 2 end user support for the training modules in Enterprise Learning Management (ELM). Experience with SKORM file and ELM module creation is an asset.

Qualifications / Requirements :

• Bachelor's degree in behavioural science / psychology, education, communications, cybersecurity / privacy studies, information technology, or a related field.
• Minimum of 5+ years relevant work experience in one or more of the following fields : psychology, technical, cybersecurity or privacy, education / training, or communications
• Experience building education and awareness training initiatives and communication campaigns.
• Possesses an understanding of cybersecurity and privacy issues, with the ability to learn and complete tasks independently while providing guidance and innovation.
• The ability to communicate with leadership, business / application owners, end users and technology professionals is important.

This role fosters a culture of innovation and educational learning while providing continuous improvement in their area of responsibility.

• Excellent oral and written communication and interpersonal skills with a high degree of confidentiality, tact, diplomacy, and persuasiveness.
• Comfortable with simultaneously managing concurrent projects and conflicting priorities in an autonomous manner.
• Creative thinking and understanding of audience to produce engaging materials in a variety of formats and media, including storyboards, user guides, and gamification elements.
• Passionate about customer service excellence.
• Ability to translate technical jargon into business-friendly language.
• Strong knowledge of Microsoft Office products.
• Ability to maintain confidentiality with having routine access to sensitive information and maintaining confidence of the organizations information.
• Understanding of cybersecurity risk management and risk mitigation strategies.
• Experience running and supporting simulation-based training campaigns such as phishing and other elicitation is considered an asset.
• Web content creation experience with Drupal or another content website content management system is considered an asset.
• A knowledge of industry standards relating to data classification, handling, and retention is considered an asset.
• Working knowledge of the Freedom of Information and Protection of Privacy Act (FOIP), and Health Information Act (HIA) is considered an asset.
30+ days ago