Title: Manager Cybersecurity and IT Risk Management
Our client in Winnipeg, MB is looking a Manager Cybersecurity and IT Risk Management. This is a full time, permanent role and requires that candidates be based in Winnipeg or willing to relocate
JOB SUMMARY:
The Manager, Cybersecurity & IT Risk Management manages the identification, assessment and mitigation of all security threats and vulnerabilities in the environment. This position is also responsible to provide leadership and guidance to the Cybersecurity & IT Risk Management team for all management functions of the unit. This role will be a key member of the Cybersecurity Governance Committee, to assist with developing the cybersecurity strategy, roadmap and cybersecurity programs.
JOB DUTIES & RESPONSIBILITIES:
MANAGING UNIT
• Manages staff and labour relations issues and provides leadership, guidance, support and direction to the unit including: hiring staff, conducting performance reviews and follow up, identifying training and development needs, coaching and motivating staff; and coordinating work activities and deciding on disciplinary action up to and including dismissal where necessary
• Fosters the development of a multi-disciplinary team approach
• Prepares and manages the unit’s budget and is accountable for meeting budget targets and goals
• Continuously evaluates, develops/selects, and implements the unit’s service delivery operating model, competencies, methods, and tools
• Plans, directs, and oversees the management, delivery, and coordination of a portfolio of cybersecurity projects for the unit
• Establishes, authorizes, and oversees the implementation of training and development programs for the staff
• Cascades branch operational objectives, ensuring staff are meeting established standards and practices and, where necessary, makes improvements to work processes
• Ensures all staff are cognizant of, and subscribe to, their responsibilities to protect the confidentiality and privacy of information and addresses any breaches as appropriate
• Manage staffing workload allocation, review and approve monthly time tracking for all branch resources and prioritize work against operational objectives and planned commitments
CYBERSECURITY & IT RISK MANAGEMENT
• Leads cybersecurity operations and day-to-day cybersecurity activities including patch deployment, vulnerability management, incident response, threat detections, network monitoring and logging, end point protection, demilitarized zone (DMZ) management, etc.
• Facilitates Cybersecurity Governance Committee meetings, including assisting the Committee with developing and implementing a cybersecurity strategy, framework, and roadmap that is aligned with corporate priorities
• Prepares comprehensive monthly Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity Governance Committee
• Prepares and presents security and IT risk management materials, cybersecurity initiative updates, and compliance reports to senior management and the Cybersecurity Governance Committee
• Conducts regular meetings with key stakeholders at IT and enterprise levels to discuss risks, trade-offs, and share relevant knowledge on cybersecurity risks, threats, and initiatives
• Partners with business stakeholders to raise awareness of cyber risk management concerns
• Develops and implements comprehensive cybersecurity strategies, policies, and procedures to safeguard assets and mitigate risks
• Oversees regular IT risk assessments and security audits to identify areas for improvement and ensure compliance with relevant regulations and security standards
• Collaborates with cross-functional teams and business stakeholders to integrate security best practices into business processes and technology solutions
• Maintains cybersecurity incident response plans; prepares to detect, respond, and recover from cybersecurity incidents; coordinates incident response efforts; and reports on impact, root-cause and post-mortem lessons to Cybersecurity Governance Committee, Executives, and Board of Directors
• Acts as the management escalation point for all security incidents
• Tracks business case outcomes for cybersecurity related initiatives including cost, benefits, and risk
• Represents cybersecurity considerations in architecture decisions and IT initiatives
• Manages third-party risk program to address cyber risks existing on third-party systems.
• Maintains awareness of emerging cybersecurity threats, technologies, and best practices to continuously enhance security posture
• Fosters a culture of security awareness and accountability throughout the organization
MANAGING SERVICE PROVIDERS
• Procures IT services and/or contractors in accordance with standards and practices
• Establishes and maintains vendor relationships
• Develops a service provider network and manages relationships with contractors, including monitoring performance, service deliverables and achievement of milestones
QUALIFICATIONS:
• Completion of a recognized degree or diploma program in Information Security, Computer Science or an IT related discipline
• Minimum ten (10) years Information Technology experience, including minimum five (5) years in Cybersecurity and IT risk management; and minimum three (3) years of progressive IT leadership experience supervising/managing IT professionals, preferably in a large, unionized environment
• Strong understanding of cybersecurity frameworks, standards, and regulations e.g. ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
• Strong technical knowledge of on-premises and cloud based platforms and experience with security technologies and tools, such as SIEM, IDS, IPS, DLP, endpoint protection, and vulnerability management solutions
• Proven experience in conducting IT risk assessments, security audits, and developing risk mitigation strategies
• Experience liaising with and/or presenting to executive management and/or Board level committees
• Ability to lead, manage, mentor, and motivate staff to achieve desired results across the division, and take corrective action as required
• Ability to develop and manage operating and capital budgets
• Strong analytical and problem solving skills to resolve issues and set direction
• Strong verbal and written communications skills with the ability to influence, persuade and negotiate with all stakeholders, senior leadership and staff
• Ability to build trust and create positive working relationships with partners, internal / external stakeholders, managed service providers and external vendors
• Ability to work under pressure and manage projects across organizational divisions
• Ability to maintain confidentiality of sensitive and confidential information.
• Knowledge and experience in competitive purchasing practices, IT contracting, and vendor management
• The ability to communicate proficiently in both official languages (English & French) is an asset, but is not required
The following designations would be an asset:
• ITIL v4 Foundation certification
• Project Management Professional (PMP)
• Lean IT Foundation certification
• Certified Information Systems Security Professional (CISSP) certification, or Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
• Microsoft Azure Fundamentals certification
