Agenda Index City of Vancouver





General Manager of Corporate Services Group


New Position: Manager, Information Technology Security





The purpose of this report is to recommend to Council the creation of a new full time regular exempt position of Manager, Information Technology (IT) Security.


Every year the City's external auditors, KPMG, conduct a review of internal controls and business processes as part of their annual audit of the City of Vancouver and make recommendations to management on operational improvement.

KPMG, in their management letter related to their 1999 review recommended that:

'the City establish an Information Technology Security Officer with the necessary authority, capabilities and resources to manage Information Technology Security on an enterprise-wide basis. The Security Officer's responsibilities should include coordination and awareness of IT security issues, monitoring compliance with IT security policies, and assisting in the development of IT security policies and standards on an enterprise-wide basis.'


Management at the City agrees that there is a need to establish enterprise-wide IT Security Policies and standards in the City of Vancouver and to continue to create security awareness throughout the organization.

Subject to council approval management will establish an Information Technology Security Manager position which will be separate and distinct from IT delivery functions.

The Manager of IT Security will be responsible for directing, in conjunction with the business units, the overall development and administration of security policies and procedures for the City's electronic data processing environment. In addition the following are some of the important responsibilities of this new position:

Some of the duties and responsibilities described above are currently not being done while others are being done as part of ongoing IT management in each of the operating departments. The City still needs to develop enterprise-wide IT security policies and, currently, no individual or group is responsible for managing IT security on an enterprise wide basis.

Dedicated Information Technology Security officers are common in most large complex organizations and are important in the management of information technology security risks.


The annual salary for this position will be in the $70,000-$80,000 range plus benefits, subject to review and classification by the General Manager of Human Resources. In addition funding will be required for the following and be provided from the 2001 operating budget:


In today's world of accelerated information processing, global communication and Internet access, consistent and comprehensive enterprise security is important to the continued success of an organization. The safeguarding of the City's technology infrastructure and information is a critically important component of corporate strategy in helping to support our business objectives and ensuring that information technology risks are appropriately managed and mitigated.

The creation of a regular full time exempt position, Manager Information Technology Security, is also in response to our External Auditor's review of the City's Information Technology environment




General Mgr./Dept. Head:


This report has been prepared in consultation with the departments listed to the right, and they concur with its contents

Report dated:

October 11, 2000


Roger Fast



Concurring Departments


Comments or questions? You can send us email.
[City Homepage] [Get In Touch]

(c) 1998 City of Vancouver