Senior Manager, Governance, Compliance, and Risk

Job #:

9634

Division

Information Technology Services

Vacancy Type

Full-time Permanent

Affiliation

Non-Union: Management & Exempt

Grade

Contract Length:

09

# of Vacancies:

1

Salary/Hourly Range

136,097 - 163,316

Hiring Range/wage

136,097 - 149,706

Work Details (Days/hours)

Monday to Friday, 36.25 hours

Posted Date

6/9/25

Existing Or New

New

Deadline To Apply

6/23/25

What We Offer

In addition to a competitive salary and a rewarding career where you can truly make a difference, we offer a comprehensive package that meets the various needs of our diverse employees, including:

• Ability to participate in inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities;
• Minimum four (4) weeks of paid annual vacation days, increasing with years of service;
• Four (4) paid personal days;
• Defined benefit pension plan with OMERS, includes 100-per-cent employer matching;
• Health, dental, and vision benefits, including a health spending account available upon your start date;
• Employee and family assistance program;
• Maternity and parental leave top up (93% of base salary);
• Training and development programs including tuition reimbursement of $1500 per calendar year.
• Fitness membership discount;
  
  

This job offers the opportunity to work from home as part of a hybrid work arrangement. This arrangement will allow you to work some days at a TCHC work location and the rest of the time from home. The amount of time required to work at a TCHC work location is flexible, while considering operational and service delivery requirements.

Make a difference

Are you passionate about Cyber Security and Information Risk Management and interested in having a positive impact on your local community? If so, the Senior Manager, Governance, Compliance, and Risk position at Toronto Community Housing may be for you!

The Senior Manager Governance, Compliance and Risk is accountable for ensuring all aspects of the security of “TCH’s” IT systems and assets. Activities in this strategic role include conducting Governance, Compliance and Risk assessments, incident response, and developing the necessary monitoring and compliance systems, policies, procedures and security controls. This position is accountable for the protection of information and information systems from unauthorized access, inappropriate use, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability.

What You’ll Do

Information Security Defense Management Framework and Strategy for TCHC:

• Accountable for the management of the information Governance, Compliance and Risk policies, standards and frameworks including but not limited to detection, recovery, protection, and identification of potential threats against TCHC enterprise digital assets and operations including and infrastructure and networks.
• Supporting compliance and reporting activities with respect to IPC and other regulatory and legislative requirements
• Develop Governance, Compliance and Risk strategies that align with TCHC vision, mission and objectives. Plays a proactive role in development of annual Information Security operational plans.
• Provide tactical and strategic recommendations to Senior Management - related to Governance, Compliance and Risk for Information Security, Cyber threats and risk management, disaster recovery and associated Information Management and IT/OT Security controls.
• Analyse proposed Governance, Compliance and Risk solution, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance Governance, Compliance and Risk solutions and business processes.
• Proactively provides internal recommendations on related governance requirements, baselines, standards and best practices. Balance the Governance, Compliance and Risk for Information Security controls with the requirements of the Business and make implementable recommendations versus business operations.
• Identify, analyze, and recommend Governance, Compliance and Risk options for risk management at appropriate levels within the enterprise and municipalities and associated agencies.
• Acts as the Governance, Compliance and Risk expert and take on more complex work in developing TCHC’s Governance, Compliance and Risk program, and interacting with key internal partners and their confidential information
• Play a mentorship role as a senior subject matter expert in information Governance, Compliance and Risk management and provide training and guidance to staff wherever needed.
• Research and maintain Governance, Compliance and Risk techniques, countermeasures and trends in computer and network vulnerabilities, data hiding, encryption and cyber security.
• Recommends technology changes in order to mitigate Governance, Compliance and Risk risks or implement and operationalize new or enhance Governance, Compliance and Risk trends
• Collaborates with other City of Toronto agencies to align Governance, Compliance and Risk standards
  
  

Daily IT Security Governance, Compliance And Risk Operations Activities

• Provides expert Governance, Compliance and Risk standards and guidance to staff directly and indirectly in the secure operation of all IT services.
• Handles Governance, Compliance and Risk incidents and exceptions often of a confidential nature incorporating highly technical concepts to business stakeholders. The information if miscommunicated or incorrectly assessed or analysed might harm the reputation of TCHC and might lead to incorrect Management actions.
• Leads and coordinate confidential investigations alongside TCHC MSSP and Incident Responder and reports the results to Upper Management.
• Leads TCHC’s end-to-end Governance, Compliance and Risk program.
• Ensure the Governance, Compliance and Risk of Corporate Identity and Access Management (CIAM) Program
• Work with IT, Enterprise Solutions & Data, and all other TCHC Enterprise teams to establish appropriate Governance, Compliance and Risk processes, controls and ensure compliance with security policies.
• Manage the Governance, Compliance and Risk of TCHC data with multiple partners such as MSSP and security related projects simultaneously, and present status updates to upper management.
• Conducts internal information systems Governance, Compliance and Risk reviews. Reviews IT and business process changes for potential Governance, Compliance and Risk issues and compliance to standards.
• Analyze Governance, Compliance and Risk solution, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of corporate information
  
  

IT and IT Security audit and internal control Compliance and Governance, Compliance and Risk:

• Participates and co-ordinates all internal and external information technology Governance, Compliance and Risk compliance and remediation activities. Manages the Governance, Compliance and Risk responses with his team, implementation plan completions, time frames and remediation activities. Documents and manages the implementations of necessary IT Governance, Compliance and Risk and security controls to address the management responses. Crafts draft management responses. Works with internal and external auditors to confirm findings.
• Give recommendation on the day-to-day management and testing of internal Information Security Governance, Compliance and Risk standards,
• Develops Governance, Compliance and Risk procedures to meet Internal control perspectives and tests or verifies procedures are followed according to acceptable control standards.
• Monitors internal Governance, Compliance and Risk controls to ensure appropriate access levels are maintained, recommend access controls and roles consistent with the “principle of “least privilege” security rules.
• Proactively recommends Governance, Compliance and Risk changes to IT and TCHC information systems, business processes and procedures to address potential Governance, Compliance and Risk control deficiencies.
  
  

What You’ll Need

• University degree, or equivalent, in computer science, engineering or a relevant technical discipline.
• 7- 9 years of broad and deep information security and Governance, Compliance and Risk experience.
• IT Security Designations – CISSP
• Specific strengths in multiple areas including Application Security, Network security, server and database security, cloud security, identity and access management, incident response and disaster recovery and business continuity planning, data leakage prevention, CISSP, IT Security Architecture, Threat Management Lifecycle Management experience.
• Excellent communication skills in English
  
  

Nice To Have

• CIPP.C, CIPM, IAPP (CIPP/C), SANS Certification e.g. GCIH, CISA, CRISC, CISM, GCIH or similar certification and training are assets.
• Strong understanding of IT, Governance, Compliance and Risk, and Compliance frameworks (NIST, ISO 27001, CoBit, SOC2, CIS, Cloud Security Alliance (CSA))
• Expert knowledge of Third-Party Risk Management, Security Risk Reporting, Zero Trust Assessment (ZTA) etc
  
  

What’s Next

Once you apply, we’ll review your resume and contact you if we believe your skills and experience will make you successful in the role. If you are selected to move forward, the process will include one or more interviews and/or assessments and reference checks.

INDS