Senior Specialist (Enterprise Resilience & Advisory - Bcp & Dr)

• Job ID: 54169
• Job Category: Information & Technology
• Division & Section: Office of the CISO, Cyber Operations
• Work Location: Metro Hall, 55 John Street, Toronto (Hybrid)
• Job Type & Duration: Full-time, Permanent 
• Salary: $122,305.00 -$163,639.00, PSG #TM5099 and wage grade 8. 
• Shift Information: Monday to Friday, 35 hours per week per week
• Affiliation: Non-Union
• Number of Positions Open: 1 
• Posting Period: 24-FEB-2025 to 3-MAR-2025 
•  

The Senior Specialist (Enterprise Resilience & Advisory - BCP & DR) supports the execution of the Chief Information Security Officer's (CISO) mandate, cyber vision, and strategy by providing technical and business advisory services for Business Continuity Planning (BCP) and Disaster Recovery (DR) within cyber security across all City divisions, agencies, and corporations.

This position is responsible for defining, developing and supporting cyber resilience programs ensuring alignment with enterprise business continuity and disaster recovery strategies. Providing subject matter expertise, strategic guidance, and operational support for the Enterprise Resilience & Advisory section, the role will ensure the effective integration of cybersecurity measures within enterprise technologies and cloud-based solutions.

As the internal and external subject matter expert on cybersecurity resilience, BCP/DR strategies, and enterprise security best practices, this role assesses business strategies to determine cybersecurity requirements and provides guidance, advisory services, and technical solutions. Researching industry trends, enterprise continuity planning developments, and evolving regulations ensures alignment with corporate policies and government initiatives.

Collaboration with cross-functional teams is essential to integrate cybersecurity BCP/DR best practices into enterprise solutions, ensuring robust protection and rapid recovery from cyber incidents. Additionally, this role is responsible for developing and executing testing strategies for business continuity and disaster recovery plans, ensuring the organization is prepared to respond effectively to cyber disruptions.

The role also involves providing ongoing risk assessments, monitoring, and reporting on the cyber resilience posture of enterprise environments, ensuring alignment with cybersecurity frameworks, regulatory compliance, and industry standards.

The Senior Specialist provides leadership, direction and subject matter expertise to project teams, staff, and contract resources, managing daily operations, performance evaluations, and fostering employee engagement.  They organize and lead multidisciplinary teams across business and technical functions to execute cybersecurity initiatives, communicating effectively with stakeholders, project managers, clients, and executives, ensuring alignment on cybersecurity decisions, risk management strategies, and project outcomes. 

The role involves developing, implementing, monitoring, and maintaining security tools, maintaining up-to-date knowledge of the City's confidential cyber infrastructure, and working with senior management to address cyber threats.  This includes providing confidential assessments of organizational issues and recommending solutions, developing security strategies, and leading the delivery of secure enterprise applications.  A core function is leading security initiatives and delivering enterprise business application projects (e.g., SAP, SuccessFactors, Salesforce, Microsoft), providing high-quality application security implementation and operation capabilities, ensuring thorough security testing, participating in architecture reviews, and providing application security consulting.

The Senior Specialist supports operational security activities, including incident response, vulnerability management, and access reviews. It involves evaluating security solutions, identifying emerging technologies, and contributing to the development of security-focused transformation strategies.

A key responsibility is managing cyber risk by proactively identifying threats, resolving issues, and escalating significant concerns when necessary. The role also leads the implementation and monitoring of security controls in ERP systems, assists with incident remediation, and ensures ERP systems meet security standards.

Additionally, the Senior Specialist participates in audit reviews, oversees cyber risk activities, and provides project management support. This includes effective communication with stakeholders, assisting in policy and procedure development, preparing contractual documents (e.g., RFX), maintaining risk metrics, and fostering relationships with internal and external partners.

Finally, staying informed about cybersecurity trends, emerging threats, and evolving technologies is essential for continued success in this role.

What you bring to the role

• Post-secondary degree in cyber security, information technology or related discipline or the equivalent combination of education and relevant experience.

• Extensive experience in Business Continuity, Crisis Management, Risk Management, Disaster Recovery or a related field.
• Extensive experience with enterprise application cyber security, cloud governance, and risk mitigation strategies.
• Extensive experience with cyber security governance, risk, and compliance (GRC) tools.
• Extensive experience applying cyber security frameworks, risk management, BCP/DR planning, and compliance standards.
• Strong knowledge of automation tools for BCP/DR testing and cyber resilience monitoring.

• Experience leading a team (internal or external resources) with strong interpersonal skills to work independently and collaboratively with others in a multidisciplinary team setting.
• Preferred Certifications: CISSP, CISM, or equivalent.
• Excellent written & verbal communication skills with the ability to communicate effectively at all levels including leadership, business partners, project stakeholders, divisional teams and vendors), translating technical details into easily understood language.
• Ability to assess communications gaps and opportunities and to develop new content strategies that deliver on business objectives.
• Creative, critical, analytical and strategic thinker with the ability to problem, solve and identify solutions to unusual and complex problems.
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Ability to prioritize and effectively manage competing priorities, projects and initiatives while adhering to strict deadlines within a fast paced environment.
• Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
• Self-motivated with desire to go above and beyond required tasks and ability to work extremely well under pressure while maintaining a high level of professionalism
• Transferable skills, including communication and decision-making, are equally important. Being able to think on your feet and show good judgment are especially valuable in this field. Professionals in cyber security must be able to react quicky and strategically to cyber-related incidents.

Notes:

• A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.         
• The successful candidate will be subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

Accommodation

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.