POSITION OVERVIEW

The Director of Infrastructure Cybersecurity will provide strategic leadership to protect and strengthen TTC’s enterprise and operational technology environments. Reporting to the Chief Information Security Officer (CISO), they will lead a team of security engineers and administrators responsible for architecting, deploying, and optimizing cybersecurity technologies across TTC’s network, cloud, and endpoint ecosystems.

Working closely with IT Infrastructure and the Network Operations Centre, the Director will set risk‑informed security standards and ensure the secure configuration and resilience of TTC’s hybrid on‑premises and cloud platforms. As the organization’s expert in infrastructure security, they will advance TTC’s cybersecurity posture by delivering modern security solutions, enabling effective security operations, and managing key vendor partnerships.

The ideal candidate is a forward‑thinking security leader with strong technical expertise across network, endpoint, identity, and cloud security. They excel at translating strategy into scalable solutions and building high‑performing teams, collaborating effectively across IT, operations, and vendor partners to drive security excellence.

SCOPE & RESPONSIBILITIES

The duties of this role will include but are not limited to:

• Partner with the CISO, IT Infrastructure, and Network Operations to maintain risk‑driven security configurations across TTC’s IT and cloud environments.
• Oversee infrastructure security architecture across hybrid on‑premises and Microsoft Azure environments.
• Lead the design, implementation and governance of network, cloud, and endpoint security controls (e.g., firewalls, VPN, PKI, SIEM, DLP, EDR, Active Directory, secure cloud connectivity).
• Develop and maintain infrastructure security standards, procedures, and hardening guidelines.
• Direct complex security engineering projects, ensuring delivery on scope, schedule, and budget.
• Oversee daily operational security activities, identifying misconfigurations, vulnerabilities, and areas for continuous improvement.
• Collaborate with infrastructure, cloud, application, and GRC teams to ensure consistent secure architecture patterns and effective remediation of risks.
• Review security findings, define mitigation strategies, and prioritize remediation based on risk.
• Serve as the final authority on infrastructure security configuration decisions in collaboration with TTC teams and third‑party partners.
• Lead incident response activities, including forensics, root‑cause analysis, and reporting to senior leadership.
• Build, mentor, and develop a high‑performing cybersecurity team, providing coaching and overseeing performance management.
• Drive the infrastructure security roadmap and ensure compliance with TTC policies, standards, and regulatory obligations.
• Establish and monitor cybersecurity performance metrics and report on infrastructure security health.
• Manage vendor relationships and outsourcing strategies related to infrastructure security operations.
• Participate in change management and ensure new technologies meet security requirements.
• Promote an inclusive, respectful, and harassment‑free work environment aligned with the OHRC, AODA, and TTC policies.
• Perform other related duties as assigned.

KEY SKILLS & EXPERTISE

• Senior‑level cybersecurity leadership experience in complex, regulated, and unionized environments supporting critical IT infrastructure.
• Deep expertise in infrastructure and cloud security, including network security (routers, LAN/WAN, VPN), firewalls, encryption, PKI, SIEM, DLP, EDR, and secure hybrid connectivity with Microsoft Azure.
• Strong technical foundation across servers, storage, networks, virtualization, monitoring, operational technology, and Active Directory security.
• Proven ability to design, implement, and maintain secure architecture, hardening standards, and operational security procedures.
• Extensive experience in security risk assessment, applying appropriate risk treatments, and communicating impacts effectively to technical and non‑technical stakeholders.
• Demonstrated success in cloud security, enterprise cryptography, security engineering, and incident response.
• Skilled in vendor, contract, and managed service provider oversight and governance.
• Strong leadership capabilities, with experience building, developing, and motivating multidisciplinary cybersecurity teams.
• Solid understanding of how business operations integrate with enterprise systems such as ERP platforms, SaaS applications, and custom solutions.
• Experience supporting audits and applying industry frameworks, standards, and best practices (e.g., NIST, ISO, CIS).
• Knowledge of access control, secure system implementation, and enterprise security operations.

EDUCATION & PROFESSIONAL CREDENTIALS

• Completion of a post‑secondary diploma or university degree in Computer Science, or a related field, combined with extensive, progressively responsible cybersecurity experience, or an equivalent combination of education, training, and experience.
• Security certifications such as Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), or GIAC Security Essentials (GSEC), are considered an asset.
• Technical certifications such as Cisco Certified Network Professional (CCNP) or Microsoft Azure Network/Security Engineer Associate are considered an asset.