HiringCafe
Posted 1d ago

Information Security & Risk Management Analyst (Toronto, ON, CA)

@ University of Toronto
View All Jobs
Toronto, Ontario, Canada
OnsiteFull Time
Responsibilities:Analyse risks, Conduct assessments, Prepare documentation
Requirements Summary:Bachelor's degree or equivalent; 4+ years in information security/risk management; vulnerability assessment and privacy knowledge; familiarity with FIPPA; strong communication; IT security frameworks.
Technical Tools Mentioned:Threat Risk Assessment, Privacy Impact Assessment, Enterprise identity and access management, Vulnerability assessment, Penetration testing
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Date Posted: 09/02/2025
Req ID: 45029
Faculty/Division: VP - Division of University Advancement
Department: Advancement Services
Campus: St. George (Downtown Toronto)
Position Number: 00058708

 

Description:

 

About us:

The Division of University Advancement (DUA) aims to sustain and enhance the University’s academic mission, leadership, and worldwide impact, by engaging alumni and private sector constituents meaningfully in the mission of the University, building mutually beneficial relationships of increasing value and satisfaction over time.

DUA at the University of Toronto is engaged in a transformative agenda deeply rooted in the University’s vision for growth and innovation. We are focused on growing fundraising efforts; enhancing the effectiveness and satisfaction of alumni engagement and programs; building advancement talent capacity within and across divisions and creating an organization and culture that fosters diversity and inclusiveness.

Your opportunity:

The Information Security & Risk Management Analyst will join a dynamic and innovative team focused on delivering technology solutions with comprehensive analysis in support of DUA’s information systems and program initiatives.

The incumbent analyzes complex projects, business/operational practices, digital platforms, services and devices, for information security aspects such as disaster recovery, business continuity, and use of standard architecture design patterns and services such as enterprise identity and access management and standards-based application deployment. This work is realized by the execution of a Threat Risk Assessment (TRA). The incumbent reviews the storage, use, transmission and or modification of information within division and across the Advancement community, including restricted, confidential and public information, and other definitions as required by the business unit or project. The identification of potential information security and privacy risks is done through a Privacy Impact Assessments (PIA).

The incumbent helps develop and deliver outreach and awareness campaigns and contributes to guidelines and practices to implement University policy on the protection of digital assets, and information risk. The incumbent will bring highly developed interpersonal skills, and a strong information security posture to the team, in pursuit of information security goals. The responsibilities are designed to address information security and privacy risks to all types of assets, including the convergence of people, process, regulatory and technology risks.

The incumbent has frequent interaction with all levels of University Advancement community, including stakeholders in divisions and departments; and central departments such as FIPP Office. As a privacy subject matter expert, the incumbent provides guidance to stakeholders to help them assess and understand potential privacy risks. The incumbent will engage with stakeholders to understand current business processes and identify optimal strategies for transitioning these processes, workflows, and data to existing or new systems as well as leading complex system integration projects.

Your responsibilities will include:

 

  • Analysing projects or business practices to identify potential privacy and security risks through Threat/Risk Assessments (TRA) and Privacy Impact Assessments (PIA)
  • Conducting application vulnerability assessments and/or penetration testing and interpreting the results for business unit staff
  • Preparing documents for the protection of restricted or confidential information, or need thereof, and the reduction of service risks such as loss of availability due to inadequate service design, compromise of services due to inadequate design or maintenance procedures through the application of University, industry and regulatory standards, guidelines and procedures
  • Analysing and recommending options for risk management based on the assessment and knowledge of current and emerging information security threats to project owners or business units
  • Training data users on privacy principles as they relate to their duties. Providing education and awareness to end-users units in understanding the University’s information security procedures, standards and guidelines.
  • Implementing risk management plans and processes
  • Keeping well-informed on changes to applicable regulatory and legislative requirements
  • Advising clients and technical subject matter experts on best practice for documenting system requirements

 

Essential Qualifications:

 

  • Bachelor's Degree or acceptable combination of equivalent experience.
  • Minimum four years of related experience working in a similar capacity, with demonstrated experience in information security and risk management, and/or risk analysis.
  • Experience in analysis of information system hardware, operating systems, middleware, application software, and network devices to find vulnerabilities or risks and provide recommendations on risk mitigations.
  • Strong knowledge of privacy and security concepts, trends, and issues; including an understanding of their impact on business processes, as well as skills with interpretation and communication of principles and compliance requirements.
  • Knowledge of applicable legislation such as Freedom of Information and Protection Act (FIPPA).
  • Ability to interpret and apply University guidelines pertaining to access to records and the protection of privacy.
  • Strong knowledge of information security frameworks, incident response practices, industry standards, trends, and issues.
  • Experience and familiarity with a broad range of technologies (operating systems, networking, cloud and on-prem services, etc.) with the ability to find vulnerabilities provide recommendations for mitigation.
  • Experience of Threat-Risk Assessment and Privacy Impact Assessment processes.
  • Demonstrated strong analytical ability, attention to detail and problem-solving skills.
  • Good organizational skills and the ability to work accurately and quickly under pressure with frequent interruptions.
  • Demonstrated ability to exercise initiative, respond to changing priorities.
  • Demonstrated effective oral and written communication skills including both technical and business writing, documentation and presentation skills.
  • Ability to explain technical concepts to a wide range of non-technical users, both orally and in writing.
  • Strong time management and organizational skills with the ability to work within tight timelines.
  • Strong commitment to equity, diversity, inclusion, and the promotion of a respectful and collegial learning and working.


Assets (Nonessential):

 

  • An appreciation for / exposure to information security and threat/risk analysis activities.
  • Ability to identify areas of vulnerability in the use, storage or modification of personal information.
  • Understanding of project management and procurement processes.
  • Security and/or privacy certifications, or progress in their pursuit.
  • ITIL foundations level (or higher) certification.
  • Familiarity with the University environment, governance, and policies.


To be successful in this role you will be:

 

  • Communicator
  • Motivated self-learner
  • Organized
  • Perceptive
  • Problem solver
  • Resilient

 

Closing Date: 09/11/2025, 11:59PM ET
Employee Group: USW 
Appointment Type: Budget - Continuing 
Schedule: Full-Time
Pay Scale Group & Hiring Zone:
USW Pay Band 12 -- $81,312. with an annual step progression to a maximum of $103,986. Pay scale and job class assignment is subject to determination pursuant to the Job Evaluation/Pay Equity Maintenance Protocol. 
Job Category: Information Technology (IT)
Recruiter: Fiona Chan

Lived Experience Statement
Candidates who are members of Indigenous, Black, racialized and 2SLGBTQ+ communities, persons with disabilities, and other equity deserving groups are encouraged to apply, and their lived experience shall be taken into consideration as applicable to the posted position.