Lead Analyst, IT Security Risk and Compliance (Ottawa)

Follow us on LinkedIn Posting Reason: Temporary replacement of a regular position Job Type: Employee Anticipated Duration in Months (for contracts and temporary assignments): 24 Job Family: IT Security # of Open Positions: 1 Faculty/Service - Department: Information Security Campus: Main Campus Union Affiliation: N/A Date Posted (YYYY/MM/DD): 2026/05/27 Applications must be received BEFORE (YYYY/MM/DD): 2026/06/08 Hours per week: 35 Salary Grade: Non-Union Grade NM1 Salary Range: $107,503.00 - $134,379.00About Information Technology: Information Technology is a dynamic and collaborative environment. We are focused on prioritizing and optimizing technological investments that facilitate the best student experience, as well as the activities of faculty, researchers and staff. Our greatest strength are the people working with us. People like you, professionals eager to flex their intellectual muscle and achieve new heights in their career. Working here gives you access to a great IT setting, rich with a diverse range of platforms, products, and services. This is a place where innovative ideas are welcome. In a nutshell: working here is challenging and rewarding. It’ll bring out the best of you. We want people that have the drive to advance IT in higher education. We have the technologies to keep your inner fires burning, and benefits that can help you sustain a better lifestyle. And all this minutes away from gyms, the Byward Market, downtown, and the Rideau Canal at lunch time for runners and skaters. Position Purpose - Security Risk Management: Manages the process of gathering, analyzing, and assessing the current and future threat landscape. Conducts information security risk assessments across the organization at suitable intervals. Ensures key risks are understood, communicated, and tracked on the risk register. Analyzes the financial, reputational, and legal impacts to the University when information security risks occur and provides guidance and recommendations on how to best mitigates these risks. - Compliance Management: Manages the process of ensuring information technology projects, initiatives, and external vendor contracts are compliant with the established information security policies, standards, and procedures of the University. Collaborates closely with stakeholders to ensure security is factored into the evaluation, selection, installation, and configuration of hardware, software, and applications. Conducts periodic reviews of vendor environments to ensure information security controls continue to remain compliant with established contracts. - Monitoring and Reporting: Responsible for monitoring and reporting on various information security risk and compliancy metrics. Provides regular updates to key stakeholders and executive leadership offering a realistic overview of risks and threats throughout the organization. - Policies and Standards: Create and keep up to date new and existing information security policies and procedures to ensure operating efficiency and regulatory compliance. Coordinates the development and implementation of technical controls and configurations to align with security policies and legal, regulatory, and audit requirements. Responsible for ensuring policies and procedures are enforced in a consistent manner across the University. - Education and Awareness: Act as a subject matter expert in order to provide support, education, and training to staff with the goal of building risk awareness within the University. Actively participating by providing inputs and content towards the University’s information security awareness program. - Operations and Maintenance: Provide advisory support to operational teams in strengthening the University’s overall information security posture. Periodically review audit trails, system logs, and other monitoring data sources to ensure they are in compliance with policies, standards and audit requirements. Evaluate and documents requests for exceptions to policies, ensuring sufficient mitigating controls are in place. Ensure that internal and external audits are supported in development of an annual strategic audit plan. Continually review the operational components of the security incident management processes to ensure they comply with the established incident response plan. Formally documents risk assessment results and provide regular updates to management. What you will bring: - University degree in Computer Science or Information Technology or a related field or an equivalent combination of education and experience. - Minimum of seven (7) years of information security, IT audit and/or IT Risk Management experience. - Expert understanding of NIST and ISO Risk Management Frameworks, ITSG-33, NIST CSF, ISO 27002, COBIT, SOC 2, and other relevant frameworks. - Experience with security assessments (AI, Cloud, SaaS, etc.). - Experience with risk discovery and assessment, as well as appropriate mitigation and controls. - Good knowledge of the latest trends in information security and risk management, e.g. evolving technologies, cyber risk mitigation, etc. - Experience of auditing IT environments, either through an internal or external audit role. - Broad knowledge of IT architecture and underpinning technologies including but not limited to: identity and access management, cloud hosting providers, database administration. - Experience designing and supporting large-scale, end-to-end information security systems in a complex, both on-premises and cloud hosted, multi-platform environment. - Knowledge of security technologies such as various monitoring and log aggregation platforms, penetration testing frameworks, operating systems, vulnerability scanners, and endpoint security solutions. - Leadership skills, ability to coach and mentor other IT professionals. - In-depth analytical skills for complex problem solving – identification, diagnosis, resolution. - Knowledge of the University’s information technology and security policies, procedures and standards would be considered an asset. - Experience in project management and meeting strict deadlines. - Positive communication skills to interact with team members, support personnel, and provide technical guidance and expertise to clients and management. - CISSP or CRISC or other information security certifications is an asset. - Ability to work a flexible schedule including occasional weekends and evenings. - Bilingual: French and English (spoken and written). Key Competencies at uOttawa: Prior to May 1, 2022, the University required all students, faculty, staff, and visitors (including contractors) to be fully vaccinated against Covid-19 as defined in Policy 129 – Covid-19 Vaccination. This policy was suspended effective May 1, 2022 but may be reinstated at any point in the future depending on public health guidelines and the recommendations of experts. Apply on Kit Job: kitjob.ca/job/2ps1cn