Job Board

Strategist, Cybersecurity Operations

Job Code:109
Department: Business and Technology Systems

Job Summary:

The Cybersecurity Operations Strategist is responsible for ensuring the secure operation of all information technology (IT) systems and leading the implementation of enterprise-wide cybersecurity incident response and security operations strategies. This position drives real-time threat detection and response, conducts forensic investigations and enforces security policies across both IT and OT environments.
Working closely with internal teams and external partners, the incumbent proactively mitigates cyber risks by integrating threat intelligence, managing incident response workflows, and continuously improving security operations. The role bridges deep technical expertise with strategic oversight to ensure that operational defenses align with the City's broader cybersecurity objectives and regulatory obligations. This position plays a critical role in maintaining the City's proactive security posture, protecting infrastructure, data, and public trust.

Duties and Responsibilities:

1. Develop and enforce security policies, procedures, and standards aligned with NIST (National Institute of Standards and Technology), CIS (Center for Internet Security), ISO 27001, ITSG-33, and BCSC (Baseline cyber Security Controls).
2. Contribute to the City's Security Operations Strategy and risk management governance to align cybersecurity practices with organizational goals and compliance requirements.
3. Conduct risk assessments, log analysis, security audits, and penetration testing while managing a comprehensive vulnerability management lifecycle.
4. Lead and support incident detection, response, containment, eradication, and recovery, including forensic investigations, threat hunting, and tabletop exercises.
5. Evaluate, deploy, and administer security technologies such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), IAM (Identity and Access Management), IDS/IPS (Intrusion Detection and Prevention Systems), VPN (Virtual Private Network), MFA (Multi-Factor Authentication), and firewalls.
6. Integrate security controls into system development lifecycles (SDLC) and cloud security frameworks to ensure secure enterprise systems and applications.
7. Monitor and maintain situational awareness of emerging cyber threats, industry trends, and optimize SIEM operations for proactive defense
8. Collaborate with vendors and procurement teams to ensure security investments align with organizational strategies and long-term value.
9. Deliver cybersecurity awareness and training programs to strengthen the human layer of defense across the organization.
10. Engage with law enforcement, intelligence-sharing groups, the Canadian Centre for Cyber Security (CCCS), and industry forums to enhance the City's overall security posture.
11. Acts as Manager Business Technology Systems, as assigned
12. Follows, so far as is reasonably practicable, established safety procedures and standards.
13. Other related duties.

This description contains elements necessary for identification and evaluation of the job. The incumbent may be required to perform other related duties. 

Position Requirements
Working Conditions:

•   On-call availability for cybersecurity incidents as part of a rotating schedule.
•   Potential for extended hours during cybersecurity incident investigations or response efforts.

Required Knowledge and Skills:

• Bachelor's degree in computer science, information security, cybersecurity, or a related field.
• Industry certifications are considered as assets: • CISSP (Certified Information Systems Security Professional) • CISM (Certified Information Security Manager) • GIAC (Global Information Assurance Certification) • CompTIA Security+• CEH (Certified Ethical Hacker)
• ITIL / ITIL-Security (must be obtained within the first year of employment).
• 5 years of IT experience, with at least 3 years in a dedicated cybersecurity role.
• On-the -job experience – 6 months
• Expertise in enterprise security architecture, including zero trust models, risk-based security frameworks, and cloud security.
• Hands-on experience in security information and event management (SIEM), endpoint protection, forensic analysis, and malware mitigation.
• Strong knowledge of incident response methodologies, including threat intelligence and cyber kill chain analysis.
• Knowledge of legal and regulatory requirements related to data privacy and cybersecurity compliance (e.g., PIPEDA, PHIPA, FIPPA, PCI DSS, ITSG-33, BCSC, ISO 27001, and applicable Canadian municipal regulations).
• Understanding of network security principles, cryptography, private key infrastructure (PKI), and secure coding best practices.
• Experience with automation and scripting (Python, PowerSheIl, Bash) for security event correlation and remediation.
• Strong ability to conduct research into cybersecurity threats, vulnerabilities, and attack methodologies.
• Proactive mindset with a threat-driven approach to cybersecurity.
• Strong analytical and problem-solving skills.
• Ability to prioritize tasks effectively in a fast-paced security operations environment
• Excellent communication and collaboration skills, with the ability to work across departments and with external stakeholders.
• Detail-oriented with a continuous improvement mentality.
• Ability to remain calm and decisive in high-pressure situations.

An equivalent combination of education, training and experience may be considered.

Examples of Equipment to Operate:

•   Office, computer, and communications equipment
•   Cyber Security related hardware and software

Accommodation Requests:

Shortlisted candidates who require accommodation or have accessibility needs during the selection process are encouraged to contact the Recruiter and make requests to ensure their full participation. The City of Whitehorse is committed to reviewing requests and making arrangements for reasonable accommodation and accessibility requests. You may email to ewa.benson @whitehorse.ca and careers@whitehorse.ca.