Salary
$6.74 - $10.51 / hr
Location
Greater Vancouver, BC
Posted
Jul 15, 2026
University of British Columbia · Greater Vancouver, British Columbia
Salary
$6.74 - $10.51 / hr
Location
Greater Vancouver, BC
Posted
Jul 15, 2026
Staff - Non Union
Job Category
M&P - Excluded M&P
Job Profile
XMP - Information Systems & Technology, Level G
Job Title
Associate Director, Cybersecurity Governance, Risk & Compliance
Department
OCIO | Chief Information Security Office
Compensation Range
$13,137.75 - $20,502.83 CAD Monthly
The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.
Posting End Date
July 26, 2026
Note: Applications will be accepted until 11:59 PM on the Posting End Date.
This position is subject to the satisfactory completion of required background checks
Job End Date
Ongoing
This position is subject to the satisfactory completion of required background checks.
At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career.
At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career.
JOB SUMMARY
The Associate Director, Cybersecurity Governance, Risk and Compliance oversees the portfolio of services delivered as part of the Compliance and Risk Assessment team of the UBC Privacy & Information Security Management (PrISM) initiative. The function reports directly to the Chief Information Security Officer (CISO) and to the Executive Director, Safety and Risk Services and ensures cybersecurity risks are understood and communicated to institutional leadership in collaboration with the leaders within the CIO & CISO’s portfolio, and those of the Enterprise Risk Management team. The role establishes and sustains second-line risk management processes and leads the Risk and Compliance team in optimizing risk assessment practices and improving institutional visibility of cybersecurity and privacy related risks as well as training and compliance.
The Associate Director is responsible for overseeing the activities related to assessing and reporting on compliance with Policy SC 14 and the associated Rules, identifying risks and gaps, prioritizing the risks and maintaining an institutional IT risk register for communicating these risks to the appropriate governance bodies. The register will support the CIO and CISO in establishing the annual activities for the CISO team and the broader UBC IT and distributed IT units. The Associate Director will support the Enterprise Risk Management team in reporting on key risks to the Executive and the Board.
The Associate Director is responsible for assessing the priority of the risks, and recommending ownership for cybersecurity and privacy related risks including external risks related to third party suppliers, and emerging risks such as digital resilience, and AI assisted attacks.
The compliance reports and the risk register will provide the CIO and Executive Leadership with a structured view of risk exposures across the University to inform future initiatives, priorities and subsequent investments.
The Associate Director and their team provides compliance advisory services pertaining to the standards set out in Policy SC 14 and associated Rules, as well as supporting the Office of University Counsel by managing the Privacy Impact Assessment process under the guidance of the Legal Counsel responsible for Privacy while supporting the institution’s capacity to innovate responsibly. The function provides independent risk insight and advisory services related to the impact of technology.
The Privacy and Information Security Management Risk and Compliance team delivers risk and compliance services in established areas such as Privacy Impact Assessments, Security Threat Risk Assessments, Information Security Compliance, awareness and training. While progressively expanding their knowledge of or integrating with (as appropriate and subject to the decision of the CIO and advice of Enterprise Risk and Assurance) additional priority domains including artificial intelligence and supply chain risk. Through coordinated intake, assessment and advisory services, the function improves process efficiency while strengthening the institution’s understanding of technology-related risk.
The function provides advisory, risk analysis, investigation and compliance services spanning major technology transformation initiatives, emerging technology domains and key operational areas as agreed thorough agreement between Enterprise Risk and Assurance and the CIO.
Working closely with Enterprise Risk and Assurance, the CIO portfolio, Cybersecurity, Enterprise Data Governance, Architecture, University Counsel and key service units, the function supports the consistent application of risk-informed practices across UBC operations. These activities help embed proportionate risk and compliance practices aligned with institutional priorities and informed by the evolving technology risk register.
ORGANIZATIONAL STATUS
The Associate Director has a dual reporting relationship, to the Chief Information Security Officer (CISO) and to the Executive Director, Safety and Risk Services. The role works closely with Enterprise Risk and Assurance to integrate technology risk insights into the Institutional Risk Register and enterprise risk governance processes, and with the CIO portfolio to ensure technology risk insights support institutional technology strategy and decision-making.
The Associate Director collaborates extensively with Cybersecurity teams, the CIO’s portfolio in areas such as Enterprise Architecture, Enterprise Data Governance, Enterprise Digital Transformation and other areas within Legal Counsel, Records Management, Access and Privacy, Procurement, and other teams and governance functions across the University. The role interacts with senior leadership, project sponsors, operational teams, and governance committees to ensure technology risk considerations are clearly understood and effectively addressed.
WORK PERFORMED
Technology Risk Governance
Technology Risk Assessment and Advisory
Compliance and Governance
Leadership and Organizational Development
CONSEQUENCE OF ERROR
This role is critical to ensuring that the University understands the gaps and resulting exposure associated with the management of information technology. Failure to effectively identify, interpret, or communicate technology-related risks will result in privacy or cybersecurity breaches, expose the University to significant operational disruption, cybersecurity incidents, regulatory non-compliance, financial loss, or reputational damage. Sound judgment and strong governance leadership are required to ensure risks are appropriately understood and addressed.
SUPERVISION RECEIVED
Works independently under the direction of the Executive Director, Safety and Risk Services (SRS) and the Chief Information Security Officer, with close interaction with the Associate Vice President & Chief Information Officer and Chief Enterprise Risk and Assurance Officer.
SUPERVISION GIVEN
The Director will direct, mentor and supervise a multidisciplinary team of privacy and information security analysts/advisors. May occasionally supervise and direct contract workers or students.
MINIMUM QUALIFICATIONS
Master's degree in a relevant discipline. Minimum of eleven years of related experience including at least five years of managerial experience plus four years of specialized experience in the design and implementation of major computer systems, or the equivalent combination of education and experience.
PREFERRED QUALIFICATIONS
Master's degree in a relevant discipline. Minimum 10 years of progressive leadership experience in technology risk, cybersecurity governance, enterprise risk management, or related fields.
Experience developing or operating risk management frameworks aligned with recognized standards such as NIST, ISO 27001/27002, COBIT, or similar.
The following professional designations and experience are desired: