Full Report
The Information Security Program Manager will be responsible for providing strategic leadership and management for developing and implementing Information Security Programs for the Citizen Lab as well as the University. Apply by September 30, 2025.
Analysis Summary
# Information Security Program Management Strategy for Citizen Lab and University of Toronto
## Key Points
- The primary focus is a job opportunity for an Information Security Program Manager, implying a requirement for strategic leadership in developing and implementing security programs.
- The role will provide strategic leadership for enhancing the security of the Citizen Lab primarily, as well as university data centers, campus perimeter, and enterprise systems.
- Key responsibilities include managing risk/privacy assessments, incident response/investigation, and outreach/awareness programs.
- The Manager will be responsible for continuous evaluation of the Citizen Lab’s security program, identifying gaps, and initiating projects to augment services.
- A significant duty involves leading information security incident response for compromised access controls on systems under the purview of the University (including M365) and the Citizen Lab (including MDM and Google Workspace).
- The role includes auditing privileged IDs (administrators) across Citizen Lab systems and servers, and conducting IT forensic investigations related to employee misconduct or potential criminal activity (e.g., bomb threats using ghost email accounts).
- The manager establishes new security standards and best practices for digital asset use across the Lab and the University.
## Threat Actors
- No specific external threat actors or campaigns are mentioned.
- The role involves investigating *internal* threats, such as investigations related to employee misconduct or the use of "ghost email accounts" for criminal activity (e.g., making bomb threats).
## TTPs
- **Incident Response:** Leading response when access control mechanisms are compromised or circumvented on M365, MDM, and Google Workspace systems.
- **Auditing/Oversight:** Overseeing monitoring of cyber threats and auditing system administrators with privileged IDs on Citizen Lab systems.
- **Forensics:** Gathering forensic IT and security data and evidence during internal investigations.
- **Policy Enforcement:** Establishing and implementing new security standards and protocols.
## Affected Systems
- **Citizen Lab systems** (primary focus)
- University data centres
- Campus perimeter and enterprise systems
- **Specific Platforms Mentioned:** M365 (University), MDM (Citizen Lab), Google Workspace (Citizen Lab)
## Mitigations
- Developing and implementing robust Information Security Programs.
- Conducting risk and privacy assessments.
- Establishing protocols for security of communications during disruptions.
- Implementing advanced security infrastructure and solutions in line with best practices.
- Auditing privileged users to ensure secure access.
- Partnering with Campus Police and HR/Labour Relations for investigations involving misconduct or criminal activity.
## Conclusion
The content describes a critical organizational need to mature the security posture, particularly within the highly sensitive Citizen Lab environment, by establishing a dedicated senior management role. The threat focus is broad, encompassing securing enterprise systems against external compromise while also actively investigating and mitigating internal risks, policy violations, and potential misuse of digital assets by privileged users. The immediate actionable intelligence is the requirement for applying to and filling this role by September 30, 2025, to address these strategic security and investigative needs.