Chief Information Security Officer

Athabasca or Edmonton, Alberta
VP Information Technology and CIO
Negotiable AU Location
Depends on Experience 
Permanent Full Time
Division VP Information Technology and CIO Wage Min 0.0000
Location Name Negotiable AU Location Wage Max 0.0000
Location Athabasca or Edmonton, Alberta Position Type Permanent Full Time
Posted 04/03/2018 FTE 1.0
Closing Date 04/25/2018 Job ID 1364

If you have a passion for leading and championing technical security so our university students and learners of all ages can thrive and achieve, join our Alberta-based Information Technology team as our Chief Information Security Officer. As Canada’s only digital-first university, join us in transforming traditional online learning to the secure cloud and code campus of the future.

The Chief Information Security Officer (CISO) reports to the Vice President, Information Technology (VPIT) and Chief Information Officer (CIO).  The CISO is responsible for planning, implementing and auditing policies, procedures, standards and processes that protect all Athabasca University technology systems, including, but not limited to, IT systems. This protection required would be from external and internal risks and threats, including but not limited to unauthorized access, damage to equipment, service interruptions, and unauthorized destruction, alteration or disclosure of information.  This position is responsible for leading and managing the ongoing Managed Security Services contract.  The CISO is accountable for performing risk assessments and audits; for investigating, analyzing and reporting on security incidents; for promoting awareness of digital security throughout the University; and for developing training strategies on digital security matters to end users of University digital technology assets.  The CISO manages technical Information Technology (IT) staff who enforce security policies, procedures, standards and processes.

The CISO is a member of the Senior IT Leadership Team and leads internal technical investigations as well as any external investigations requests as requested by Office of the Auditor General, police, intelligence and FOIP requests. The CISO participates in and makes recommendations regarding highly confidential planning and operational information; participates in the development of the IT Division's financial and budgetary planning. The CISO provides confidential reports and recommendations to applicable stakeholders, including, but not limited to, the VPIT and CIO, Chief Human Resources Officer, Executive Officers and University President; and represents the interests of Management in the application of Collective Agreements.

As a semi-virtual organization, this role has the option of being located in any of our administrative locations in Alberta: Athabasca, Calgary or Edmonton.


  •  A related University degree plus at least 10 years experience, including at least six years experience managing and/or directing an IT functional area plus at least four years experience managing an IT security function.
  • Certified Information Systems Security Professional (CISSP) Certification required and Certified Information Security Manager (CISM) Certification desirable.
  • Proven experience in IT security planning and development, project management, and policy development.
  • Excellent knowledge of general trends and developments in the area of information security and risk management.
  • Excellent knowledge of contemporary risks, threats and vulnerabilities related to IT operations.
  • Broad knowledge of and experience with firewalls, anti-virus solutions, intrusion detection/intrusion prevention solutions, data loss prevention systems, virtual private networks, remote access systems, network zoning, centralized monitoring, and application scanning.
  • Excellent knowledge of IT security related vendors and their products and services.
  • Good knowledge of information security and risk control frameworks such as COBiT, ISO 27001, ITIL, and ISO 31000 is preferred.
  • Good knowledge of business continuity and IT disaster recovery frameworks such as ISO 22301 and ISO 27031 is preferred.
  • Experience in leading the response to incidents, crises, and investigations with sensitivity, tenacity with a focus on attention to detail.
  • High degree of sensitivity, tact and discretion in dealing with investigations of alleged inappropriate user behaviour.
  • Deep understanding of enterprise information security architecture, processes, concepts, and best practices.
  • Experience with IT security considerations for systems design and development.
  • Good knowledge of business theory, business processes, management, budgeting, and business office operations.
  • Experience developing and managing a program of continuous security awareness for end users.
  • Experience dealing with security issues in environments with external users.
  • Experience working with law enforcement or government cyber security agencies preferred.
  • Good knowledge of applicable laws and regulations as they relate to IT security and protection of personal information.
  •  Strong understanding of human resource management principles, practices, and procedures.
  • Strong leadership skills.
  • Strong facilitation skills and a clear ability to build relationships with stakeholders at all levels, including executive management.
  • Excellent written, oral, and interpersonal communication, and negotiation skills.
  • Ability to present complex technical ideas in business-friendly and user-friendly language.
  • Highly self-motivated, self-directed, and attentive to detail.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Extensive experience working in a team-oriented, and collaborative environment.


An equivalent combination of education and experience may be considered.

The full job description can be viewed at Chief Information Security Officer.

For further information about this position, contact Abey Arnaout at (780) 421-2549 or email