CYBER SECURITY RISK & COMPLIANCE OFFICER
WINNIPEG, MB
Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!
Great Benefits
- Competitive salary and benefits package.
- Defined-benefit pension plan.
- Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life
and community.
- Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on
nature of work, operational requirements and work location.
Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and
exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation,
commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.
Reporting to the Director of Cyber Security in the Digital and Technology Business Unit, the Cyber Security Risk and Compliance
Officer is responsible for enabling strategic transformational change to the enterprise approach to cybersecurity and will work closely
with the Director on developing divisional vision, strategy and goals incorporating governance, risk and controls to improve the
capacity of cybersecurity to support the maturation of our cybersecurity posture across the corporation.
This role is responsible for advising and leading developing systems to maintain the integrity, confidentiality, and availability of
Manitoba Hydro information and technology assets across the corporation by designing, implementing, monitoring, communicating,
and enforcing overall corporate cyber security policies, processes, guidelines, controls, and utility industry best practices for all
Manitoba Hydro technology assets and environments. This includes working with procurement areas to implement appropriate
third-party cybersecurity risk monitoring, assessments, tracking and utility best practices and providing education, guidance and
consulting services to all staff and management, including senior management.
Responsibilities:
- Lead the development of supportive strategic direction and prioritization methodologies including business planning,
departmental work plans and guiding section heads and staff towards further building and maturing cybersecurity capabilities
including third party risk management.
- Mature cybersecurity governance, risk and control frameworks and the application of such frameworks across the corporation
including mapping controls to control frameworks.
- Provide education, guidance and consulting assistance to all staff and management across all Business Units on overall
Cyber Security and third party risk and maintain a strategic relationship within Digital & Technology BU and key interested
parties across Enterprise.
- Guide the development, maintenance and improvements of a consistent corporate approach for cyber security assessments
across initiatives by developing processes, selecting tools and methods.
- Guide the evaluation of cyber security risks related to procurement of new or changing software or hardware (both IT/OT)
technology.
- This role is also responsible for facilitating all corporate post-loss forensic reviews across the corporation including liaising with
external legal support.
- Coordinate cyber security focused responses to internal and external audits and assessments.
- Evaluate potential changes in risk profiles due to changing technology landscape, including when third party companies are
acquired or disposed of to assess security vulnerabilities and determine mitigation strategies.
- Embed themselves as a key team member in all lines of business to assist in reducing cyber risks to our critical infrastructure.
- Collaborate with Corporate Communications to develop a cyber security informative communications plan.
- Build internal divisional change management capabilities through education and support of all internal staff, including
monitoring effectiveness of change-related activities.
- Guide the development, management and improvement of monitoring and reporting NERC CIP requirements for all IT assets.
MANITOBA HYDRO IS COMMITTED TO DIVERSITY AND EMPLOYMENT EQUITY