HIRING: Associate Director, Cybersecurity & Privac...

centennialcoll

Link to apply here!

POSITION VACANCY
Associate Director, Cybersecurity and Privacy Operations

JOB ID: J0226-0193

Classification: Full-time Administration

Pay Band: 12

Pay Range: $104,333 - $139,110 per year

Campus/Location: Progress Campus - Toronto, ON

Hours/Week: 35 hours

Shift Schedule: Monday to Friday, 9:00 am to 5:00 pm

Posting Date: February 6, 2026

Closing Date: February 20, 2026

Centennial College recognizes and affirms Diversity, Equity and Inclusion and Indigenous ways of knowing as central to the vibrancy and uniqueness of its learning and working academic mission. We strongly encourage applications from members of Indigenous communities and all equity-deserving groups including Women, Racialized, Persons with Disabilities, and LGBTQ+ communities.

We also recognize that Centennial is situated on the Treaty Lands of the Mississaugas of the Credit First Nation and pay tribute to their legacy as well as that of all First Peoples that have been and remain present here in Toronto. We recognize that First Peoples come from sovereign Nations and that part of understanding our responsibilities of residing on this territory are understanding the true history, circumstances and legacy of the Treaties signed here (such as the Toronto Purchase, Robinson-Huron Treaty and Williams Treaties) and including pre-contact Treaties and Agreements between sovereign Nations and that all peoples in this area are therefore Treaty people with obligations and responsibilities to all our relations.

Position Summary

Centennial College is hiring an Associate Director, Cybersecurity and Privacy Operations, a senior operational leadership role responsible for the direct management and execution of the College’s cybersecurity and privacy programs.

Reporting to the Director, Cybersecurity, Privacy, and Delivery, the incumbent oversees day-to-day cybersecurity and privacy operations, including monitoring, incident response, investigations, remediation, and ongoing risk management across the College’s technology environment.

The role is accountable for safeguarding the confidentiality, integrity, and availability of digital assets and personal information while ensuring the College operates within an approved and practical level of risk. The incumbent balances regulatory, privacy, and security obligations with the College’s academic, administrative, and service delivery needs, recognizing that absolute risk elimination is neither practical nor desirable in a complex educational environment.

Responsibilities

Cybersecurity Operations and Risk Management

Lead and execute cybersecurity risk assessments and threat analyses across systems, applications, networks, and cloud services.
Translate risk findings into prioritized remediation actions and actively drive resolution with internal teams and external vendors.
Continuously monitor the cybersecurity posture using operational monitoring tools, vulnerability assessments, and audits.
Provide regular cybersecurity risk, threat, and posture reporting to senior leadership.

Incident Response and Investigations (Cyber & Privacy)

Directly coordinate and execute cybersecurity and privacy incident response activities, including containment, investigation, remediation, recovery, and documentation.
Work hands-on with internal teams, managed security service providers, and external partners during incidents.
Conduct post-incident and post-mortem reviews, documenting root cause, lessons learned, and corrective actions.
Determine escalation requirements, including decisions related to service shutdowns where required to protect the College.
Manage privacy breaches in accordance with legislative and regulatory requirements, including assessment, notification, and reporting.

Privacy Operations and Management

Lead the development, implementation, and ongoing maintenance of the College’s privacy management framework.
Oversee privacy operational activities, including Privacy Impact Assessments (PIAs), Freedom of Information (FOI) coordination, and responses to privacy incidents.
Ensure compliance with applicable legislation, including FIPPA, PIPEDA, and EDSTA.
Work with academic, administrative, IT, Legal, and Procurement stakeholders to identify and mitigate privacy risks associated with systems, data use, and third-party services.
Provide privacy advisory support to leadership and staff, promoting responsible handling of personal and sensitive information.

Security Controls, Policy, and Compliance

Lead the development, implementation, and enforcement of cybersecurity and privacy standards, controls, policies, and procedures.
Review and approve security configurations, designs, implementations, and change proposals for IT systems and applications.
Conduct and manage cybersecurity audits, technical reviews, and investigations to validate compliance and control effectiveness.
Collaborate with Legal, Compliance, and Procurement to operationalize cybersecurity and privacy requirements.

Projects, Change, and Architecture

Act as a permanent cybersecurity and privacy stakeholder in projects and system changes, defining risks and required controls throughout the project lifecycle.
Review, validate, and approve cybersecurity and privacy controls prior to deployment or production release.
Review and sign off on operational change requests to ensure cybersecurity and privacy standards are consistently applied.
Update threat and risk inventories based on new technologies, services, or architectural changes.

Vendor and Third-Party Risk Oversight

Oversee cybersecurity and privacy operations performed by managed service providers and vendors with access to College systems or data.
Assess third-party cybersecurity and privacy risks and ensure appropriate contractual, technical, and operational controls are in place.
Lead the evaluation, selection, and operational implementation of cybersecurity technologies and services.

Awareness, Training, and Governance

Develop and deliver cybersecurity and privacy awareness programs, training sessions, and advisory materials.
Promote a culture of shared responsibility for cybersecurity and privacy across the College.
Participate in governance forums, committees, and senior leadership discussions related to cybersecurity, privacy, and risk management.

Qualifications/Experience

Bachelor’s degree in Computer Science, Information Systems, Electrical/Computer Engineering, or a related field, or an equivalent combination of education and experience.
A minimum of seven (7) years of progressive experience in information security management or related functions such as IT risk management or audit.
Required certifications: CISSP, CISA, CISM, C|CISO, or equivalent.
Privacy certifications (e.g., IAPP CIPP/C, CIPM, or equivalent) are considered an asset.
Strong experience with operational cybersecurity functions, including monitoring, incident response, investigations, vulnerability management, and remediation.
Practical knowledge of privacy legislation and regulatory requirements (e.g., FIPPA, PIPEDA) and their application to systems, data governance, and third-party services.
Experience advising senior leaders on cybersecurity and privacy risk, compliance trade-offs, and mitigation strategies.
Demonstrated experience managing vendors and third-party service providers.
Experience working in a mid- to large-sized organization, preferably in an academic or public-sector environment.
Experience with ERP systems (e.g., Banner) is preferred.
Strong leadership, communication, analytical, and problem-solving skills.
Proven ability to manage multiple priorities and stakeholders in high-pressure environments..

Apply online: www.centennialcollege.ca/careers

Proof of credentials or equivalencies from accredited regional or federal post secondary institutions and/or their foreign equivalents will be required at the time of job offer.

When applying, your cover letter and résumé must include examples that reflect all of the requested skills and qualifications and must be submitted online by February 20, 2026 at 11:59 PM EST. Please quote Job ID J0226-0193. Misrepresentation of applicant information will be grounds for your exclusion from the competition or for dismissal should you subsequently be hired for the position. We wish to thank all applicants for their interest and advise that only those selected for an interview will be contacted.

We are committed to providing persons with disabilities equal opportunities regarding all employment activities, including access to jobs and accommodations during employment as required, in accordance with the Ontario Human Rights Code (OHRC) and the Accessibility for Ontarians with Disabilities Act (AODA).

akkem

Thanks for reaching us!
This community has a strong pool of security professionals who may align well with what you’re seeking.

centennialcoll

Link to apply here!

POSITION VACANCY
Associate Director, Cybersecurity and Privacy Operations

JOB ID: J0226-0193

Classification: Full-time Administration

Pay Band: 12

Pay Range: $104,333 - $139,110 per year

Campus/Location: Progress Campus - Toronto, ON

Hours/Week: 35 hours

Shift Schedule: Monday to Friday, 9:00 am to 5:00 pm

Posting Date: February 6, 2026

Closing Date: February 20, 2026

Centennial College recognizes and affirms Diversity, Equity and Inclusion and Indigenous ways of knowing as central to the vibrancy and uniqueness of its learning and working academic mission. We strongly encourage applications from members of Indigenous communities and all equity-deserving groups including Women, Racialized, Persons with Disabilities, and LGBTQ+ communities.

We also recognize that Centennial is situated on the Treaty Lands of the Mississaugas of the Credit First Nation and pay tribute to their legacy as well as that of all First Peoples that have been and remain present here in Toronto. We recognize that First Peoples come from sovereign Nations and that part of understanding our responsibilities of residing on this territory are understanding the true history, circumstances and legacy of the Treaties signed here (such as the Toronto Purchase, Robinson-Huron Treaty and Williams Treaties) and including pre-contact Treaties and Agreements between sovereign Nations and that all peoples in this area are therefore Treaty people with obligations and responsibilities to all our relations.

Position Summary

Centennial College is hiring an Associate Director, Cybersecurity and Privacy Operations, a senior operational leadership role responsible for the direct management and execution of the College’s cybersecurity and privacy programs.

Reporting to the Director, Cybersecurity, Privacy, and Delivery, the incumbent oversees day-to-day cybersecurity and privacy operations, including monitoring, incident response, investigations, remediation, and ongoing risk management across the College’s technology environment.

The role is accountable for safeguarding the confidentiality, integrity, and availability of digital assets and personal information while ensuring the College operates within an approved and practical level of risk. The incumbent balances regulatory, privacy, and security obligations with the College’s academic, administrative, and service delivery needs, recognizing that absolute risk elimination is neither practical nor desirable in a complex educational environment.

Responsibilities

Cybersecurity Operations and Risk Management

Lead and execute cybersecurity risk assessments and threat analyses across systems, applications, networks, and cloud services.
Translate risk findings into prioritized remediation actions and actively drive resolution with internal teams and external vendors.
Continuously monitor the cybersecurity posture using operational monitoring tools, vulnerability assessments, and audits.
Provide regular cybersecurity risk, threat, and posture reporting to senior leadership.

Incident Response and Investigations (Cyber & Privacy)

Directly coordinate and execute cybersecurity and privacy incident response activities, including containment, investigation, remediation, recovery, and documentation.
Work hands-on with internal teams, managed security service providers, and external partners during incidents.
Conduct post-incident and post-mortem reviews, documenting root cause, lessons learned, and corrective actions.
Determine escalation requirements, including decisions related to service shutdowns where required to protect the College.
Manage privacy breaches in accordance with legislative and regulatory requirements, including assessment, notification, and reporting.

Privacy Operations and Management

Lead the development, implementation, and ongoing maintenance of the College’s privacy management framework.
Oversee privacy operational activities, including Privacy Impact Assessments (PIAs), Freedom of Information (FOI) coordination, and responses to privacy incidents.
Ensure compliance with applicable legislation, including FIPPA, PIPEDA, and EDSTA.
Work with academic, administrative, IT, Legal, and Procurement stakeholders to identify and mitigate privacy risks associated with systems, data use, and third-party services.
Provide privacy advisory support to leadership and staff, promoting responsible handling of personal and sensitive information.

Security Controls, Policy, and Compliance

Lead the development, implementation, and enforcement of cybersecurity and privacy standards, controls, policies, and procedures.
Review and approve security configurations, designs, implementations, and change proposals for IT systems and applications.
Conduct and manage cybersecurity audits, technical reviews, and investigations to validate compliance and control effectiveness.
Collaborate with Legal, Compliance, and Procurement to operationalize cybersecurity and privacy requirements.

Projects, Change, and Architecture

Act as a permanent cybersecurity and privacy stakeholder in projects and system changes, defining risks and required controls throughout the project lifecycle.
Review, validate, and approve cybersecurity and privacy controls prior to deployment or production release.
Review and sign off on operational change requests to ensure cybersecurity and privacy standards are consistently applied.
Update threat and risk inventories based on new technologies, services, or architectural changes.

Vendor and Third-Party Risk Oversight

Oversee cybersecurity and privacy operations performed by managed service providers and vendors with access to College systems or data.
Assess third-party cybersecurity and privacy risks and ensure appropriate contractual, technical, and operational controls are in place.
Lead the evaluation, selection, and operational implementation of cybersecurity technologies and services.

Awareness, Training, and Governance

Develop and deliver cybersecurity and privacy awareness programs, training sessions, and advisory materials.
Promote a culture of shared responsibility for cybersecurity and privacy across the College.
Participate in governance forums, committees, and senior leadership discussions related to cybersecurity, privacy, and risk management.

Qualifications/Experience

Bachelor’s degree in Computer Science, Information Systems, Electrical/Computer Engineering, or a related field, or an equivalent combination of education and experience.
A minimum of seven (7) years of progressive experience in information security management or related functions such as IT risk management or audit.
Required certifications: CISSP, CISA, CISM, C|CISO, or equivalent.
Privacy certifications (e.g., IAPP CIPP/C, CIPM, or equivalent) are considered an asset.
Strong experience with operational cybersecurity functions, including monitoring, incident response, investigations, vulnerability management, and remediation.
Practical knowledge of privacy legislation and regulatory requirements (e.g., FIPPA, PIPEDA) and their application to systems, data governance, and third-party services.
Experience advising senior leaders on cybersecurity and privacy risk, compliance trade-offs, and mitigation strategies.
Demonstrated experience managing vendors and third-party service providers.
Experience working in a mid- to large-sized organization, preferably in an academic or public-sector environment.
Experience with ERP systems (e.g., Banner) is preferred.
Strong leadership, communication, analytical, and problem-solving skills.
Proven ability to manage multiple priorities and stakeholders in high-pressure environments..

Apply online: www.centennialcollege.ca/careers

Proof of credentials or equivalencies from accredited regional or federal post secondary institutions and/or their foreign equivalents will be required at the time of job offer.

When applying, your cover letter and résumé must include examples that reflect all of the requested skills and qualifications and must be submitted online by February 20, 2026 at 11:59 PM EST. Please quote Job ID J0226-0193. Misrepresentation of applicant information will be grounds for your exclusion from the competition or for dismissal should you subsequently be hired for the position. We wish to thank all applicants for their interest and advise that only those selected for an interview will be contacted.

We are committed to providing persons with disabilities equal opportunities regarding all employment activities, including access to jobs and accommodations during employment as required, in accordance with the Ontario Human Rights Code (OHRC) and the Accessibility for Ontarians with Disabilities Act (AODA).

HIRING: Associate Director, Cybersecurity & Privacy Operations

HIRING: Associate Director, Cybersecurity & Privacy Operations