The Professional Institute of the Public Service of Canada
The Professional Institute of the Public Service of Canada
Log in

IT Security Lead

Internal/External 

New Position

Division: IT & PMO (IT Operation)

City: Ottawa, ON

Type of position: Hybrid with office

Job Term:  Permanent Full-time (35 hours per week) 

Union/Non: Excluded

Eligibility: Applicant must either be a Canadian citizen or a resident eligible to work in Canada

Competition: 25-03

The Professional Institute of the Public Service of Canada, a national union representing over 70,000 professionals and scientists throughout Canada, requires an IT Security Lead for its National Office in Ottawa.

PIPSC/IPFPC is committed to building an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our goals and objectives. We are making concerted efforts to foster a workforce that is representative of our diverse membership. We strive to create a work environment that is welcoming to everyone regardless of their gender, age, religion, race, ethnicity, and nationality, particularly equity deserving groups, such as members of the IBPOC, 2SLGBTQIA+ communities, and people living with disabilities. 

All qualified candidates will be considered; however, in support of achieving a diversified workforce we encourage applications for this opportunity from candidates belonging to one of the employment equity groups: Indigenous peoples (First Nations, Metis or Inuit), peoples of colour or persons with a disability.  Consideration will be given to a qualified candidate who, at the time of application, voluntarily indicates being part of these groups.

What can I expect to do in this role?

Under the general direction of the Director, IT & PMO and reporting to the Manager, IT Operations and Program Management, the IT Security Lead, will be responsible for establishing an enterprise security stance through policy recommendations and implementing/maintaining an industry-recognized security framework, security solutions and training processes.

The IT Security Lead will oversee the operations of the Institute’s security solutions and complete the day-to-day operations of the in-place security solutions through the identification, investigation, and resolution of security breaches detected by those systems.

Primary responsibilities:

  • Select, implement and maintain a PIPSC-wide security framework.
  • Recommend, deploy and maintain the Institute’s security documents (policies, standards, best practices, baselines, guidelines and procedures) garnering buy-in from senior leadership and staff.
  • Recommend policies to strengthen PIPSC security stance and then drive deployment and enforcement of agreed policies.
  • Establish a centralized monitoring system and dashboard for threats to evaluate the efficacy of our security measures and use the data analytics to prepare ongoing reports and advice for senior management
  • Develop a holistic employee training program that includes targeted security training as needed and regular security awareness training to ensure consistently high levels of compliance with Institute security documents.
  • Routinely complete the execution of vulnerability assessments, penetration tests and security audits
  • As needed, recommend and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
  • Monitor, maintain and strive for continual improvement of all in-place security solutions to ensure effective and appropriate operations.
  • Develop security requirements for new application and infrastructure components to ensure a strong security posture and fit within the overall Institute security program.
  • Lead all investigations into problematic activity and provide on-going timely communication with senior management.
  • Ensure security of highly confidential labour relations matters pertaining to bargaining, collective agreement and disciplinary investigation communications and information.
  • Complete detailed investigations for all levels of the Institute including analyzing and reporting on confidential data pertaining to labour relations, institute operations, board of director material, staff records, financial data , etc. in collaboration with auditors, the legal department and Institute executive.
  • Lead efforts to collaborate with all levels of the Institute in conducting internal risk and security assessments to identify and remediate physical and technical security risks to data, software and hardware, including making recommendations to process changes.
  • Develop and implement incident response practices, standards and procedures to protect information, data and systems in response to cybersecurity events and incidents.
  • Provide support for end users for all in-place security solutions.

Knowledge and Experience Requirements 

Education / Experience: 

  • College diploma or university degree in the field of computer science 
  • Three (3) to five (5) years of relevant experience or an equivalent combination of education and experience

One or more of the following certifications:

  • GIAC Security Essentials Certification
  • GIAC Security Leadership Certification
  • ISACA Certified Information Security Manager
  • Microsoft Certified Systems Engineer: Security
  • (ISC)2 SCCP
  • (ISC)2 CISSP
  • (ISC)2 ISSAP

Language requirement:

  • Fluency in both French and English is an asset

Skills and experience required:

  • Extensive experience in enterprise security architecture design & security document creation.
  • Experience in designing and delivering employee security awareness training.
  • Experience in developing Business Continuity Plans, Disaster Recovery Plans.
  • Experience in working with senior IT and business leadership.
  • Experience or working technical knowledge in Microsoft Azure AD/Entra ID, and Microsoft Intune.
  • Understanding of IP, TCP/IP, and other network administration protocols.
  • Some knowledge of IT controls and security self-assessments.
  • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Good written, oral, and interpersonal communication skills.
  • Ability to conduct research into IT security issues and products as required.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed, with keen attention to detail.
  • Team-oriented and skilled in working within a collaborative environment

Compensation Package

  • Salary Range: $108,929 to $136,161(G7)
  • Group Benefits: Health, Dental, life Insurance and disability Insurance
  • Pension Plan: Defined Benefits
  • Vacation: 4 weeks per year, plus other generous paid leave
  • Paid Time Off: December 27th to 31st

How to apply

Applications must be submitted by email to staffingofficer@pipsc.ca, no later than 4:00 pm (Est) January 20, 2025.  Please include Competition #25-03 in the subject line.

Submit a cover letter and resume tailored to the qualifications outlined in the job posting. Your documents should include specific examples that clearly demonstrate how you meet the requirements of this position, as your application will be evaluated based solely on the information provided.

If you require accommodation for a disability during the recruitment process, please contact us with your details. Our Staffing team will respond within 48 hours, and all information related to accommodation requests will be handled confidentially.

We are committed to creating an inclusive, psychologically safe, harassment-free, and accessible work environment, starting from the recruitment process.

We thank all applicants for their interest. However, only those selected for an interview will be contacted.