University of Toronto is hiring an Information Security Specialist

The University of Toronto is hiring an Information Security Specialist to join our Information & Instructional Technology Services (IITS). Reporting to the Information Security Program Manager, you will be responsible for deploying information security platforms designed to protect data and systems, prevent unauthorized access, and respond effectively to potential threats. We are looking for a collaborative security champion who partners across IT teams and departments to embed proactive security into daily operations and new projects.

What You'll Do

• Deploy information security platforms to protect data and systems, prevent unauthorized access, and respond to threats.
• Configure, maintain, and tune security tools (SIEM, EDR, Firewall, vulnerability scanner, IDS/IPS) for proactive threat detection and mitigation.
• Monitor security alerts and dashboards, respond to suspicious activities, and optimize system effectiveness.
• Perform information security investigations, security assessments, and incident response activities.
• Gather required forensic data in collaboration with relevant teams for employee-related breaches, misconduct, or potential criminal activity.
• Partner with Campus Police, central ITS, external auditors, Human Resources, and Labor Relations as required.

What We're Looking For

• University degree in Computer Science, Engineering or equivalent combination of education and experience.
• Minimum 7 years of Information Security experience in a heterogeneous environment with a broad range of platforms and technologies.
• Minimum 2 years working with Information Security as a significant focus of activity.
• Minimum 3 years of progressive experience in creating, implementing, and maintaining Information Security risks management programs.
• Excellent understanding of security tools and technologies (Firewalls, IDS/IPS, SIEM/SOAR, EDR/XDR platforms) used to protect on-premises and cloud environments.
• Expert proficiency in security frameworks and foundational networking/OS security (Zero Trust concepts, TCP/IP, VPNs, Windows/Linux/Unix hardening).
• Experience auditing systems for compliance (PCI-DSS, NIST Cybersecurity Framework, or NIST SP 800 series controls, etc.).
• Experience drafting information security standards and guidelines, assessing risk management, and determining controls.
• Experience administering and securing large-scale server fleets (Linux/Unix), databases (SQL Server, MySQL), and virtualized environments.
• Experience with scripting (Python, Bash) to automate security tasks.
• Extensive experience leveraging network and security analysis tools for deep packet inspection, forensic analysis, and advanced troubleshooting.
• Experience in selecting, configuring, and deploying service mis-use detection and prevention technologies (Anti-Spam, Anti-Virus, Anti-DDOS, etc.).
• Broad IT acumen, including demonstrated knowledge across the IT landscape (networking, databases, application development, and related institutional technologies).
• Proven ability to navigate complex professional and political environments, exercise sound judgment regarding issue escalation, and maintain data confidentiality.
• Proven ability to lead and guide technical team members across various skill levels while maintaining composure and effectiveness with diverse constituents.
• Ability and willingness to learn new systems, technologies, and project management methods and tools.
• Able to think strategically about change and new solutions.
• Excellent oral and written communication and presentation skills.
• Strong analytical and problem-solving skills.
• Strong planning and organization skills, with the ability to prioritize and reprioritize work as required.
• Adept at quickly learning, understanding, and applying new technologies and process frameworks, and at conducting research to continually improve processes and solutions.
• Excellent conflict resolution skills with strong ability to exercise judgement, tact, discretion, and determination.

Nice to Have

• CISSP and other security certifications are a strong asset.
• Previous experience of implementation and management of security tools is a strong asset.

Technical Stack

• SIEM, EDR/XDR, Firewalls, IDS/IPS, Vulnerability Scanners, Anti-Spam, Anti-Virus, Anti-DDOS
• Linux/Unix, Windows, SQL Server, MySQL, Python, Bash, VPNs

Team & Environment

This position reports to the Information Security Program Manager within Information & Instructional Technology Services (IITS).

Benefits & Compensation

• Salary range: $93,592 - $155,985

Work Mode

This is an onsite position located at the University of Toronto Scarborough (UTSC).

This search aligns with the University’s commitment to strategically and proactively promote diversity among our community members. Recognizing that Black, Indigenous, and other Racialized communities have experienced inequities that have developed historically and are ongoing, we strongly welcome and encourage candidates from those communities to apply.