Chief Information Security Officer Full Time

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date
November 22, 2025

Note: Applications will be accepted until 11:59 PM on the Posting End Date.

At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career.

Job Summary
The Chief Information Security Officer (CISO) provides strategic, operational, and people leadership for UBC’s Information Security portfolio within the Office of the CIO. UBC recognizes information security as a key area of focus, and the CISO role reflects this in terms of scope, authority, and responsibility.
The CISO will navigate the unique complexities of a shared governance environment within a major research university, balancing the security of diverse and highly technical systems with the University’s commitment to openness in knowledge sharing.

Accountable for ensuring UBC’s information security posture is aligned to its stated risk appetite, the CISO reports to the Chief Information Officer as part of the UBC Information Technology senior leadership team. Along with leaders in the Office of University Counsel (OUC) and Safety and Risk Services (SRS), the CISO is accountable to the Privacy and Information Security Management (PrISM) Executive Leadership Committee for achieving agreed upon objectives. The CISO engages with University leaders across Faculties, Departments and Administrative units to safeguard UBC’s data, research, systems, and digital infrastructure against evolving cyber threats.

This strategic institutional role spanning both UBC campuses combines technical authority with transformational leadership, responsible for strengthening and overseeing the cybersecurity function at UBC. The CISO will foster accountability, collaboration, and innovation across the cybersecurity team, the broader UBC IT team, and within UBC’s diverse and distributed environment, driving cultural and behavioural change to elevate cybersecurity maturity.

Organizational Status
Reports to UBC’s Chief Information Officer (CIO) for all aspects of system-wide Information Security and has accountability to the Privacy and Information Security Management (PrISM) Executive Leadership Committee. In their role, the CISO regularly informs, updates and takes direction from the Chair of the PrISM Executive Committee on issues of critical operational impact.

Actively participates as member of the Office of the CIO, and the UBC IT Senior Leadership Team. Participates on UBC committees as directed by the CIO. Works closely with administrative and academic leadership in Faculties across the UBC system on matters of policy and processes relating to information security assurance.

This position provides strategic leadership in the implementation of new information security technologies and capabilities, ensuring alignment with UBC’s stated risk appetite and information technology strategy. The CISO is expected to provide strategic guidance to inform security operations, while working collaboratively with other leadership portfolios within IT for the development and delivery of information security services. This includes guiding the secure adoption of emerging technologies within the CISO portfolio, such as artificial intelligence, automation and adapting security practices to address rapidly evolving digital threats.

This position has interdependencies with technology groups across UBC, British Columbia Health Authorities, BC government offices, national and federal agencies and UBC’s external partner organizations, to develop and deliver resilient, future-ready information security services.

Work Performed

• Lead the development, implementation and adoption of UBC’s cybersecurity strategy collaboratively and collegially with colleagues across OUC, SRS, and UBC IT in alignment with institutional priorities.
• Provide forward-looking and proactive leadership that anticipates and responds to changing circumstances, emerging threats such as artificial intelligence and other new technologies, ensuring UBC remains at the leading edge of cybersecurity offence and defence.
• Oversee and lead core cybersecurity operations, including detection and prevention, incident response, vulnerability management, and identity and access management.
• Optimize resource allocation to ensure efficient and effective coordination and delivery of information security across a distributed organizational structure.
• Recruit and retain top cybersecurity talent to keep UBC at the forefront of cybersecurity expertise.
• Manage, mentor, and strengthen a cybersecurity team of approximately 40 professionals, fostering a team culture that embraces innovation, adaptability, resilience, accountability, teamwork, and ensuring overall high performance.
• Recognizing the unique pressures on a cybersecurity professional, develops strategies for the portfolio that ensures a healthy culture that recognizes a balance between work and personal life within an environment of rapid incident escalation and 24×7 activity
• Model resilience, professionalism, and emotional intelligence in navigating organizational complexity and stakeholder engagement.
• Build and foster positive relationships and interactions across UBC IT and distributed IT teams, identifying and reducing points of friction that inhibit effective collaboration between teams.
• Serve as a key member of UBC’s IT and institutional governance bodies, contributing to strategy and decision-making at the Board, executive and Faculty levels as appropriate.
• Provide trusted, actionable advice to the CIO, PrISM leadership, Deans, and senior administrators on cybersecurity risks and investments.
• Participate and engage with institutional risk committees and distributed IT governance committees to ensure cohesive security policies and standards across the university system.
• Liaises with Enterprise Risk Management in monitoring and reporting of cybersecurity risk to UBC’s executive leadership and Board committees as required.
• Build strong partnerships with peer universities, government agencies, healthcare partners, industry leaders, and law enforcement to share best practices, threat intelligence, and collaborative initiatives, acting for the CIO when necessary.
• Represent UBC in regional, national, and global cybersecurity forums, enhancing UBC’s reputation as a leader in research security and digital resilience.
• Communicates effectively during incidents and major events, ensuring all parties are kept informed in accordance with university protocols. Leads incident response as part of the IT leadership team.
• Act decisively in managing major incidents, ensuring clear communication with the CIO, UBC executives, academic leaders, and external partners, informing and obtaining approvals for actions where necessary and in accordance with Policy.
• Establish and enforce risk-based standards, policies, and practices that strengthen resilience while adapting to UBC’s diverse environment. Acts for the CIO in investigations where required.
• Leads initiatives that embed cybersecurity best practices into daily practices and business processes. Develops metrics to assess cybersecurity maturity and track progress to demonstrate improvements in cybersecurity maturity, particularly in terms of outcomes of investments.
• Leads and delivers a comprehensive, university-wide cybersecurity literacy and awareness program that engages faculty, researchers, students, and staff and changes behaviours where needed.
• Act as an educator and culture-builder, ensuring that cybersecurity is understood as an enabler of UBC’s mission, not just a compliance function.
• Develops comprehensive change and engagement plans to support embedding security best practices into business processes and individual behaviours across UBC.
• Manage information cybersecurity budgets with financial stewardship and efficiency.
• Select and manage key cybersecurity vendors.
• Ensure compliance with relevant laws, regulations, and cybersecurity standards.
• Provide regular reporting to the CIO, PrISM Executive Leadership Committee, IT Advisory Council, Audit Committee and other senior University leadership on risks, incidents, and strategic initiatives.

Consequence of Error/Judgement
The risk of data loss, system breach, or malicious attack impacting the operations at UBC is extremely high, and this risk is monitored at the highest levels of the institution. In addition to leading the cybersecurity portfolio, the CISO is also responsible for the operations of the Identity and Access management function, delivering critical capabilities to ensure UBC’s systems are accessed by the appropriate people with the right roles. Should this function fail to meet UBC’s needs, there may be significant breaches of privacy, security, and operational integrity leading to substantial financial, regulatory, or reputational impacts.

The CISO provides critical strategic, technical and operational leadership in ensuring UBC has the most robust and resilient security infrastructure to ensure its assets are properly protected, in addition to ensuring an efficient operating environment. An effective and resilient CISO portfolio is critical to securing UBC’s data and operating environment. A significant cyber security event or data loss could result in severe reputational or financial consequences for UBC. The CISO plays a leadership role in ensuring UBC follows good practice in managing and securing its information technology ecosystem which requires an ongoing balance between robust security measures and the operations of a large complex research institution.

Failure to appropriately secure the systems and data at UBC will negatively impact the reputation of the University, leading to loss of prestige that could impact enrollment, grants, donations, and public relations.

Supervision Received
Works under corporate direction from the Chief Information Officer and senior executives at UBC.

Supervision Given
Manages staff directly and indirectly through multiple levels of sub managers, oversees deliverables assigned to contractors and other individuals on a project basis.

Minimum Qualifications

• Post-graduate degree. Minimum of thirteen years of related experience including at least six years of managerial experience plus five years of specialized experience in the administration and operation of centrally managed information technology services in a highly complex environment, or the equivalent combination of education and experience.
• Willingness to respect diverse perspectives, including perspectives in conflict with one’s own.
• Demonstrates a commitment to enhancing one’s own awareness, knowledge, and skills related to equity, diversity, and inclusion.

Preferred Qualifications
The Incumbent must have in-depth knowledge and experience with the following:

• Leadership experience as a CIO, CISO, or senior IT leader overseeing cybersecurity in large, complex, and distributed organizations.
• Experience in environments with high research intensity, sensitive data, and/or complex compliance requirements is a strong asset.
• Proven knowledge of modern cybersecurity frameworks, architectures and emerging threat technologies.
• Demonstrated expertise in risk assessment and risk-based decision-making, addressing major cybersecurity threats and experience with crisis management.
• Forward-looking, strategic leader who can articulate and implement a clear vision for information security at UBC.
• Engages with leaders across the institution to translate vision into action through a cybersecurity strategy and implementation roadmap.
• Anticipates technology and threat trends and aligns cybersecurity strategy with UBC’s mission of research, teaching, and community engagement.
• Organizational change management skills required to navigate complex structures and persuade diverse stakeholders.
• Ensures that cybersecurity strategies are integrated with privacy processes and policies.
• Proven ability as a team builder, motivator, and coach.
• Experience leading and strengthening large cybersecurity teams consisting of highly competent technical professionals.
• Skilled in fostering cultures of accountability, collaboration, and high performance.
• Demonstrates resilience, strong conflict resolution skills, emotional intelligence, and the ability to inspire confidence across technical staff, executives, and academic leadership in a high-stake environment.
• Outstanding communication, reporting writing and presentation skills, with the ability to explain complex technical and risk concepts in business terms to non-technical stakeholders.
• Collaborative and approachable; builds trust and strong relationships across all levels of an organization.
• Skilled at persuading, influencing, and building alignment in a complex, decentralized and sometimes resistant environment. Ability to diffuse tension and support conflict resolution during crisis.
• Experienced in operating within complex, distributed governance structures.
• Politically sophisticated, able to influence decision-making at executive tables, Faculty councils, and IT governance committees.
• Trusted advisor to senior leaders who can translate technical risks into business impacts and recommend actionable strategies that advance institutional priorities.

C1ISO