Senior Specialist, Cyber Security Awareness

JOB SUMMARY:
To support the execution of the Chief Information Security Officer's (CISO) mandate, cyber vision and strategy, providing technical and business advice, support and services to all City divisions, agencies and corporations.
Own the development and execution of cyber awareness and training programs, including campaigns, phishing simulations, reporting, and related initiatives, in support of the Toronto Cyber Security (TCS) division.
Define, develop, and deliver cyber awareness and training programs and initiatives, providing subject matter expertise across training, phishing, and reporting, while driving alignment with stakeholders across the organization on key projects and execution roadmaps.
Lead the planning and execution of cyber awareness campaigns and initiatives, contributing to the TCS division by advancing program objectives, enhancing organizational awareness, and supporting continuous improvement through effective reporting and insights.

MAJOR RESPONSIBILITIES:
 

• Develops and implements detailed cyber awareness, training and phishing plans and recommends cyber security policies/procedures regarding program specific requirements.
• Provides subject matter expertise and senior level strategic advice on cyber awareness and security issues affecting the organization, identifying potential exposures, and conduct reviews to ensure that undesirable effects are detected, mitigated and/or corrected.
• Able to identify and quantify gaps in cyber security awareness and the related risks. To understand those risks and enlist executive support to address them.
• Develops, maintains, and analyzes accurate and reliable cyber security awareness metrics, translating them into clear, relevant reporting that supports senior?level understanding of cyber awareness performance and business risk. Produces regular reports, briefing notes, and presentations leveraging subject?matter expertise.
• Conducts detailed data comparisons and analyzing large, complex datasets. Ensure data integrity by identifying gaps, inconsistencies, and data quality issues across systems. Ability to translate raw data into clear, meaningful reports. Ability to automate recurring reports to improve efficiency, consistency, and accuracy of data delivery. Experience in visualizing data through charts, scorecards, and executive summaries to drive clarity and impact.
• Builds and maintains strong relationships with internal and external stakeholders. Establishes relationships with strategic partners, collaborating on the advancement of cyber awareness and training programs. Communicate effectively to stakeholders, clients, project managers, and team.
• Participates in executive leadership and strategic partner meetings to present cyber awareness posture and insights.
• Maintains an up-to-date and in-depth knowledge of cyber security, emerging threats, trends, and associated techniques and technologies. Familiar with cyber awareness and analytical frameworks (e.g NIST CSF). Able to describe cyber risk in terms that other lines of business understand.

QUALIFICATIONS/CERTIFICATIONS:
 

• Post-secondary degree in Business or Technology or a related discipline.
• Experience in developing and maintaining effective cyber awareness programs aligned with organizational needs and objectives. Creates engaging, accurate content using multiple delivery methods. Manages the full training lifecycle, from planning and coordination through delivery and evaluation. Delivers training to diverse audiences and adapts approach based on skill levels and needs. Measures training effectiveness and continuously improves content through feedback and performance metrics. Maintained training documentation and ensured materials remained current and aligned with evolving requirements.
• Experience in designing and delivering special events (e.g., awareness days, themed campaigns, workshops, simulations) to reinforce messaging and drive participation. Create compelling campaign content and messaging across multiple channels (email, intranet, presentations, events) to maximize reach and impact.
• Extensive experience managing and analyzing complex data. Strong expertise in developing accurate, timely reports and dashboards to track KPIs, KRIs, SLAs, and operational metrics. Experienced in data visualization, automation, and ensuring data quality to support informed decision?making and continuous improvement.
• Experience developing and executing phishing campaigns, including email template design of varying complexity, allowlisting and familiarity with industry benchmarks (e.g., click rates and repeat offenders).
• Experience with the following is desirable:
  • Instructional Design, Development and Delivery on Technology-Based Learning
  • Learning Management Systems (LMS) and Learning Content Management Systems (LCMS)
  • Cornerstone Enterprise Learning Management System
  • Working with SCORM files and the Learning Management System.

• Preferred Certifications (any in the list):  CISSP, CRISC, CISM, ISO 27001
• Certification in Training and a Learning Consultant is desirable.

SKILLS:

• Proven ability to influence key stakeholders and lead effective communication across internal teams, clients, partners, leadership, and vendors. Excellent written and verbal communication skills, with confidence engaging audiences at all organizational levels.
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Highly analytical, detail?oriented, and well organized, with strong time?management skills. Strong problem?solving skills with the ability to address complex and unconventional challenges and support effective decision-making.
• Proactive, self?motivated professional able to work independently, manage multiple priorities in a fast?paced environment, able to work extremely well under pressure and maintain a high level of professionalism.

• Experience in developing and executing phishing campaigns including: phishing email template design for varying complexity of content; familiarity with industry benchmarks for purposes of reporting click rates, repeat offenders as an example; experience with developing reporting dashboard for analytics on KPIs,  KRIs and other  indicators.

ADDITIONAL COMMENTS/INFORMATION:
A normal work week is 35 hours, however, unforeseen situation may require extended hours of work with little or no prior notice. In case of a cyber incident or breach, rotation shift, continuous extended hours may be required with little or no prior notice.
             
*Subject to a police check, background check, psychological assessment and/or any other checks on a regular basis as the Office of the CISO handles highly sensitive and confidential information.

Equity, Diversity and Inclusion

The City is an equal opportunity employer, dedicated to creating a workplace culture of inclusiveness that reflects the diverse residents that we serve. Learn more about the City’s commitment to employment equity.

ACCOMODATION

The City of Toronto is committed to creating an accessible and inclusive organization. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require Code-protected accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Disability-related accommodation during the application process is available upon request. Learn more about the City’s Hiring Policies and Accommodation Process.