Calgary, ABReporting to the Vice President, Information Technology and Chief Information Officer (VPIT/CIO), the Chief Information Security Officer (CISO) is responsible for AU’s Information Security Program, based on the NIST Cybersecurity Framework. This accountability includes implementing and auditing cybersecurity policies, procedures, standards and processes that protect all Athabasca University technology systems. The CISO is responsible for leading and managing the ongoing Managed Security Services contract that includes the provisioning of the Security Operations Center. The CISO is accountable for chairing the InfoSec subcommittee of AU’s Digital Governance committee, performing risk assessments and audits; for investigating, analyzing and reporting on cybersecurity incidents; for promoting awareness of cybersecurity throughout the University; and for developing training strategies on cybersecurity matters to end users of University digital technology assets. The CISO is the chief contact for AU’s Managed Security Services provider, as well as for its cybersecurity firm on retainer and also liaises with AU IT leaders, management and technical staff to review and approve implementation of security standards, processes, template and protocols in AU’s cloud architecture, on-premise virtualized infrastructure and its applications. The CISO is a member of the Senior IT Leadership Team and leads internal cybersecurity investigations as well as any external cybersecurity investigations requests as requested by Office of the Auditor General, police and intelligence requests and FOIP requests. The CISO participates in and makes recommendations regarding highly confidential planning and operational information; participates in the development of the IT Division financial and budgetary planning. The CISO provides confidential reports and recommendations to applicable stakeholders, including, but not limited to, the VPIT and CIO, Chief Human Resources Officer, Executive Officers and University President; and represents the interests of Management in the application of Collective Agreements. Qualifications A related University degree plus at least 10 years experience, including at least six years experience managing and/or directing an IT functional area plus at least four years’ experience managing an IT security function. Certified Information Systems Security Professional (CISSP) Certification required and Certified Information Security Manager (CISM) Certification desirable • Proven experience in IT security planning and development, project management, and policy development. Excellent knowledge of general trends and developments in the area of information security and risk management. Excellent knowledge of contemporary risks, threats and vulnerabilities related to IT operations, particularly for a cloud-first organization. Broad knowledge of and experience with firewalls, anti-virus solutions, intrusion detection/intrusion prevention solutions, data loss prevention systems, virtual private networks, remote access systems, network zoning, centralized monitoring, and application scanning. Excellent knowledge of IT security related vendors and their products and services. Good knowledge of information security and risk control frameworks such as COBiT, ISO 27001, ITIL, and ISO 31000 is preferred. Good knowledge of business continuity and IT disaster recovery frameworks such as ISO 22301 and ISO 27031 is preferred. Experience in leading the response to incidents, crises, and investigations with sensitivity, tenacity with a focus on attention to detail. High degree of sensitivity, tact and discretion in dealing with investigations of alleged inappropriate user behaviour. Deep understanding of enterprise information security architecture, processes, concepts, and best practices. Experience with IT security considerations for systems design and development. Good knowledge of business theory, business processes, management, budgeting, and business office operations. Experience developing and managing a program of continuous security awareness for end users. Experience dealing with security issues in environments with external users. Experience working with law enforcement or government cyber security agencies preferred. Good knowledge of applicable laws and regulations as they relate to IT security and protection of personal information. Strong understanding of human resource management principles, practices, and procedures. Strong leadership skills. Strong facilitation skills and a clear ability to build relationships with stakeholders at all levels, including executive management. Excellent written, oral, and interpersonal communication skills. Excellent interpersonal, influencing and negotiation skills. Ability to present complex technical ideas in business-friendly and user-friendly language. Highly self-motivated, self-directed, and attentive to detail. Ability to effectively prioritize and execute tasks in a high-pressure environment. Extensive experience working in a team-oriented, collaborative environment. An equivalent combination of education and experience may be considered. The full job description can be viewed at Chief Information Security Officer For further information regarding this position, contact Ashley Osachoff at 780-509-7610 or via email at email@example.com Athabasca University (AU) shapes and enables mutually supportive communities, regardless of where those communities exist. One of the strategic themes under AU’s Strategic plan, IMAGINE: Transforming Lives, Transforming Communities (http://imagine.athabascau.ca/) is Moving Beyond Place. Therefore, as AU is a semi-virtual organization anchored by three administration hubs across Alberta, this role has the option of being located in Athabasca, Calgary or Edmonton. Where applicants have equal skills, abilities, and experience, candidates who are willing to relocate within the County of Athabasca will be given preference. The vibrant town of Athabasca is located in the heart of Alberta’s boreal forest on the banks of the Athabasca River. The community offers modern services, affordable housing, excellent public schools, and a variety of recreational activities to suit everyone’s lifestyle.