Information Security Risk and Compliance Lead

University of Guelph. Guelph.ON

Closing Date October 6, 2021 Location Guelph, ON
Work Type -
Salary Range


Experience Level  - Job ID -
Job Description

A unique opportunity to influence strategy while supporting tactical operations – Guelph, ON

Computing and Communications Services (CCS), the central IT department on campus, provides core IT services and technology solutions to the University of Guelph community. As a champion of best practices in information security, you’re eager to take on a role where you’ll make valuable strategic contributions to the University’s security policy, risk assessment and awareness efforts.

Reporting to the Chief Information Security Officer (CISO) within the CCS department, you’ll not only provide subject-matter expertise on information security policy, risk, compliance and awareness, but also be expected to influence direction and lead the execution of initiatives in these areas to support the overall security roadmap of the University. Leveraging your solid technical background, you’ll be an integral member of the Security Operations Centre (SOC) team that assists with incident management, and mentoring of junior SOC team members.

Working in conjunction with other members of the Information Security team, other technical teams on-campus, management, faculty and staff, you will:

  • Regularly assess and proactively monitor the security and risk posture of University information systems, networks, technical infrastructure, accounts, and data.
  • Provide subject-matter expertise and consultation services to University departments on risk management, standards compliance, data security, and systems security.
  • Assess the security and risk associated with proposed new platforms and applications, including cloud-based services.
  • Prepare monthly metrics dashboard for management and internal audit, and work with campus groups and auditors to ensure we maintain certifications, e.g. annual PCI compliance certification.
  • Manage investigations into information security incidents, events and violations of University information security policies.
  • Lead cyber security awareness initiatives to educate students, staff and faculty on safe computing practices, from presentations to campus groups to new employee orientation.
  • Oversee the response and remediation of security vulnerabilities with system owners and campus IT representatives as part of the information security systems assurance service.
  • Audit and formulate all aspects of information security standards, policies and procedures.
  • Participate in evaluating, acquiring and implementing security-related technologies.


To assume the role of Information Security Risk and Compliance Lead, you must have a profile that includes:

Ÿ  Bachelor’s degree in Computer Science, Information Technology, Math, Business Administration, or a related field, and at least ten (10) years’ related work experience in increasingly responsible roles on an information security team

Ÿ  Expert-level knowledge of information security analysis, and recognized information security standards and best practices

Ÿ  Prior experience in IT risk assessment, vulnerability and threat analysis, and development and communication of security best practices

Ÿ  Comprehensive knowledge and understanding of all information security domains

Ÿ  Strong technical background, knowledge and experience in:

o   Computing infrastructure and technical environments

o   Risk and compliance methodologies and frameworks

o   Systems analysis, project management, network/communications analysis

o   Operating Systems secure configuration practice, patch management

o   Hardware and software configuration and implementation

o   Network protocols, encryption technologies, intrusion detection software

o   Disaster Recovery and Business Resumption planning

o   Application development methodologies (SDLC)

o   Security event and incident troubleshooting, investigation protocols and escalation

Ÿ  Familiarity with relevant Canadian and International privacy legislation and international standards such as ISO 27001, FIPPA, PHIPA, and PCI-DSS

Ÿ  Strong ability to analyze and interpret data

Ÿ  Strategic thinking with proven analytical and problem-solving skills

Ÿ  Demonstrated ability to exercise sound and ethical judgement

Ÿ  Ability to handle matters requiring a high level of diplomacy, sensitivity and confidentiality

Ÿ  Highly developed skills of collaboration, communication (written and oral) and time management

Ÿ  Ability to explain complex concepts to technical and non-technical members of the University community and to understand client needs

Ÿ  Strong customer service focus and solution orientation

Ÿ  Strong leadership, business analysis and project management skills

Ÿ  Ability to work well under pressure, meet established deadlines and manage conflicting priorities 

Ÿ  Ability to work individually and as an integral member of a high-performance team

The following skills and experiences will set you apart as an ideal candidate:

Ÿ  Industry-recognized information security certifications, e.g. CISSP, CISM, GIAC, PCIP, etc.

Ÿ  Previous experience in higher education

Ÿ  Familiarity with the information technology needs of a university community, and an understanding of the work environments, policies, and governance structures of a university

Ÿ  Prior experience in supporting users in a large, complex, institutional information technology environment, in the area of information security.

How to Apply

NOTE: This appointment is regularly performed on-campus but, due to the COVID-19 pandemic, will be initially fulfilled remotely (off-campus) until the University resumes its regular operations.

The University of Guelph ( is one of Canada’s leading research-intensive comprehensive institutions, with a record of outstanding scholarship in the arts, humanities, social sciences, life sciences, physical and engineering sciences, agriculture and veterinary sciences. This is your chance to join us in our endeavour to improve life.

To view a detailed posting for the role of Information Security Risk and Compliance Lead, including application instructions, please go to our website at Applications, quoting Hiring #2021-0402, must be sent to:

At the University of Guelph, fostering a culture of inclusion is an institutional imperative. The University invites and encourages applications from all qualified individuals, including from groups that are traditionally underrepresented in employment, who may contribute to further diversification of our Institution.