Senior Advisor, Privacy & Information Security Risk

Information Technology

Job Overview

Job title: Senior Advisor, Privacy & Information Security Risk

Job description: Staff – Non Union

Job Category M&P – AAPS

Job Profile AAPS Salaried – Accounting, Level D

Job Title Senior Advisor, Privacy & Information Security Risk

Department Information Support | Privacy and Information Security | Safety & Risk Services | VP Finance and Operations

Compensation Range $6,677.33 – $10,433.50 CAD Monthly

Posting End Date November 5, 2021

Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above.

Job End Date

Job Description Summary

The Senior Advisor, Privacy & Information Security Risk (the Advisor) operates within the Privacy & Information Security Management (PrISM) Safety & Risk Service (SRS) team. UBC’s PrISM program is an ongoing initiative to reduce the risk of a major privacy or information security breach at UBC through security governance, technology advancement, training, awareness and communications, risk management and compliance support, system identification and classification.

The PrISM SRS team is a key component of the PrISM program, delivering UBC’s Privacy Impact Assessment (PIA) service which assesses privacy, operational, application and security risks and threats; campus wide training; and risk advisory services to UBC. The team’s focus is to maintain public trust in UBC, protect personal information of the UBC community and keep UBC confidential information secure, whilst enabling technology-supported business initiatives to succeed.

This is an exciting opportunity to work with a dynamic, risk focused team that collaborates across UBC including with management and staff in other units, such as the Cybersecurity team, University Counsel, Enterprise Risk and Assurance, the Office of the CIO and UBC IT teams.

The Advisor will work with units across the University to identify key privacy and information security risks and determine appropriate risk mitigation activities, maximizing commitments to their completion in a timely manner. They will conduct or oversee PIAs required under FIPPA, including assessments of security risks and controls, utilizing UBC assessment frameworks and tools.

The ideal candidate will be well versed in information security threats, risks, and controls. They will be skilled in facilitation activities to ensure reasonable privacy and information security measures are in place through every phase of the project’s life cycle, and be comfortable driving change through advocacy and influencing. They will be capable of developing strong trusted relationships across UBC at various levels of the organization.

Organizational Status
This position is part of the PrISM SRS team and reports to the Manager, PrISM SRS. The incumbent will collaborate and work closely with management and staff in other units, including Office of the University Counsel, the Office of the CIO, CyberSecurity, Enterprise Data Governance, Records Management Office, UBC IT and Faculty IT teams. It will also involve working closely with other IT functions and data stewards within UBC’s faculties and operational entities.

Work Performed

Conduct or oversee Privacy Impact Assessments, including Security Threat Risk Assessments, utilizing UBC assessment frameworks and tools.

Work with units across the University to identify key privacy and information security risks, determining appropriate risk mitigation activities and maximizing commitment to their completion in a timely manner.

Provide privacy and information security technical expertise and mentoring to project teams and other advisors to ensure reasonable privacy and information security measures are in place through every phase of the project’s life cycle including project planning, architecture, requirements definition, procurement, implementation, and operationalization of modern technology services.

Engage broadly (through training, workshops and relationship building) within assigned projects to raise awareness of privacy and information security risk and mitigations.

Own relationship with clients to ensure technology solutions comply with applicable privacy legislation and regulations, UBC policy and information security standards, whilst enabling business initiatives.

Provide updates and formal reports to the relevant committee and stakeholders, including the PrISM Executive Team and program/project governance bodies as required.

Conduct formal reviews with project sponsors at project completion to confirm acceptance and satisfaction.

Select and follow project management methods, procedures, and quality objectives, and tracks metrics for assessing progress on privacy and security risk assessments throughout assigned projects.

Assess variances from the assessment project plans, budgets and schedules, develop and implement changes as necessary to ensure that the project remains within specified scope and is within time and quality objectives, and keeps management aware of the situation.

Develop relevant content to inform PrISM SRS clients and risk advisors on acceptable use of UBC tools.

Acquire and maintain a working knowledge of the University’s technical and business environment in order to better understand the business and their priorities. Based on client feedback, develop recommendations and present options for security improvements.

Build and maintain strong and productive working relationships with team members, stakeholders, UBC IT, and other vendors / consultants.

Maintain appropriate professional designations and up-to-date knowledge of current information security frameworks such as ISO 27000 series and NIST Cybersecurity Framework, methods, techniques and tools.

Consequences of Error/Judgement

UBC is a complex organization that collects and uses information to support its mandate. An information breach (especially relating to personal or other high-risk information) could have a significant financial and reputational impact on the University. The Senior Privacy and Information Security Risk Advisor plays a critical role in the identification of key privacy and information security risks, and providing appropriate recommendations to reduce these risks to an acceptable level.

Sound judgment must be exercised. Lack of good judgment and / or inability to adopt sound risk management techniques may result in the failure to detect significant privacy and information security related exposures to confidential UBC information.

Supervision Received
The Senior Privacy and Information Security Risk Advisor receives direction from the Manager, PrISM SRS on the work performed. The incumbent must be able to work independently as well as contribute actively and collaborate openly as a team member.

Supervision Given
Plans, directs, and supervises work of project team members, such as other consultants and staff assigned to the project.

Preferred Qualifications

Professional designation in information security, control and governance (e.g. CISSP, CISA, CISM, CIPP, CRISC, CGEIT, GIAC, CPA, PMP) are desirable.

Experience in cybersecurity technology and architectural assessments, as well as security threat and risk assessments.

Knowledge of security activities and deliverables within the system development life cycle.

Knowledge of information security frameworks, models and standards such as OWASP, SAMM, NIST, COBIT and ISO 27001/2.

Knowledge of application architecture and security in cloud-based environments, such as AWS and Microsoft Azure, is an asset.

Self-motivated with a strong commitment to providing high quality services, together with a thorough understanding and awareness of information security best practices and the ability to translate them into meaningful and value added University-wide and local solutions.

Knowledge of Freedom of Information and Protection of Privacy Act (FIPPA), particularly as it relates to implementing ‘reasonable security arrangements’ over PI under the University’s control or in its custody.

Ability and desire to always take the initiative, tempered with the ability to exercise judgement about seeking input and advice from others.

Ability to work independently, as part of a team, and cross functionally.

Strong interpersonal skills used to lead, enthuse, motivate, influence, and educate others at all levels to drive change across the University.

Demonstrated ability to communicate with diverse audiences (management, senior leadership, technical) using a variety of delivery mechanisms (written, oral, presentations etc.)

Ability to effectively facilitate multi-disciplinary groups to achieve appropriate outcome

Knowledge of project management, quality assurance, change management disciplines and best practices, and development methodologies

Knowledge and ability to effectively use communication and collaboration technologies

Understands key trends and players in the IT industry and higher-education sector

Excellent organizational, planning, and prioritization skills. Able to multi-task and deliver multiple assignments in a fast-paced and changing environment

Demonstrates the willingness, ability, and enthusiasm to learn new processes, methodologies, or technologies

Company: University of British Columbia

Expected salary:

Location: Canada

Job date: Sat, 23 Oct 2021 02:16:59 GMT

Job Source: Careerjet.ca

Apply for this job
Share:

A job board that helps you to get the right job based on your skills and experience.

T&C

Terms & Conditions

Contact Us

info@firstnationswork.com