Website The University of British Columbia
The Safety & Risk Services team is a key component of the PrISM program, delivering Privacy Impact Assessments (PIA) including information security reviews, campus wide training and risk advisory services to UBC. The team’s focus is to maintain public trust in UBC, protect personal information of the UBC community and keep UBC confidential information secure, whilst enabling technology-supported business initiatives to succeed.
- Lead special projects relating to privacy and information security risk assessment e.g. investigations into emerging risk areas e.g. Internet of Things, writing briefing notes for the PrISM Executive Leadership Committee, responding to special requests for process and technology review.
- Support the continued alignment of UBC information security policy and standards with standards, e.g. ISO, NIST. Ensure methods reflect current information security frameworks, techniques and tools.
- Define interfaces between the PIA process and CISO architectural review services to embed a common methodology, ensure coverage and improve client experience.
- Work with subject matter experts to develop and continually refine privacy and information security risk assessment methods, processes and tools for high-risk/frequent utilization cloud services e.g. infrastructure and platform as-a-service, object- based storage or orchestration service in collaboration with the information security standards working group, architects and other subject matter experts
- Select and follow project management methods, procedures, and quality objectives, and tracks metrics for assessing progress on privacy and security risk assessments throughout assigned projects
- For large, complex and high-risk projects, conduct or oversee Privacy Impact Assessments and Security Threat Risk Assessments, utilizing assessment frameworks and tools.
- Provide updates and formal reports to the relevant committee and stakeholders, including the PrISM Executive Team and program/project governance bodies as required.
- Work with the CISO office, UBC IT, Procurement and project teams to embed privacy and information security activities, including privacy and security requirements, architectures, testing and risk assessments, in project lifecycles.
- Develop relevant content to inform PrISM SRS clients and risk advisors on acceptable use of UBC tools
- Assesses variances from the assessment project plans, budgets and schedules, develops and implements changes as necessary to ensure that the project remains within specified scope and is within time, cost, and quality objectives, and keeps management aware of the situation.
- Engage broadly (through training, workshops and relationship building) within assigned projects to raise awareness of privacy and information security risk and mitigations.
- Provide highly specialized privacy and information security technical expertise and mentoring to project teams, and PIA Risk Advisors to ensure reasonable privacy and information security measures are in place through every phase of the project’s life cycle including project planning, requirements definition, procurement, implementation and operationalization of new technology services.
- Demonstrates the willingness, ability, and enthusiasm to learn new processes, methodologies or technologies
- High level of interpersonal skills used to lead, enthuse, motivate, influence, and educate others at all levels to drive change across the University.
- Experience in information security frameworks such as COBIT and ISO 27002.
- Self-motivated with a strong commitment to providing high quality services, together with a thorough understanding and awareness of information security best practices and the ability to translate them into meaningful and value added University-wide and local solutions.
- Demonstrated ability to communicate with diverse audiences (management, senior leadership, technical) using a variety of delivery mechanisms (written, oral, presentations etc.)
- Excellent organizational, planning, and prioritization skills. Able to multi-task and deliver multiple assignments in a fast-paced and changing environment
- Experience of working with, designing and implementing risk based information security assessment tools.
- Understands key trends and players in the IT industry and higher-education sector
- Demonstrates knowledge of Freedom of Information and Protection of Privacy Act (FIPPA), particularly as it relates to implementing ‘reasonable security arrangements’ over PI under the University’s control or in its custody.
- Experience in carrying out Privacy Impact Assessments relating to complex integrated enterprise solutions in a higher education and/or public sector environment
- Knowledge of project management, quality assurance, change management disciplines and best practices, and development methodologies
- Ability to effectively facilitate multi-disciplinary groups to achieve appropriate outcome
- Professional designation in information security, control and governance (e.g. CISA, CISSP, CISM, CIPP, CRISC, CGEIT, CPA, PMP) are desirable.
- Knowledge and ability to effectively use Communication and Collaboration Technologies
Qualification & Experience:
- Undergraduate degree in a relevant discipline. In-depth knowledge of applications and the business requirements supporting them.
- Minimum of five years of related experience, or the equivalent combination of education and experience.
Company: The University of British Columbia
Vacancy Type: Full Time
Job Location: Vancouver, BC, USA
Application Deadline: N/A