Senior Manager, IT Risk & Cyber Security

Toronto Hydro • Full-time • CA, ON, Toronto • 3w ago

Work Illustration

Reporting to the Director, Infrastructure Operations and Cyber Security, the Senior Manager, IT Risk and Cyber Security Standards is responsible for driving and creating innovative solutions to solve complex technical/technological challenges in order to ensure the highest level of reliability, efficiency and quality of IT Cyber Security systems. This role contributes to development of cyber security roadmap, related implementation strategies, develops and implements security architecture standards and protocols, ensuring alignment to other IT architectural standards. Provides input to strategic leadership, management and oversight on behalf of Cyber Security and Enterprise Architecture. In addition, the incumbent recommends and develops strategies and carries out Cyber Security Risk evaluations utilizing best practices while employing solutions to mitigate risks to acceptable levels.

The incumbent manages the management and technology systems to support and mitigate the organization’s cyber security risks, including leadership direction of routine and ad hoc cyber security audits. Recommends the cyber security framework, protocols, standard operating procedures and implementation or adoption of industry best practices. Oversees cyber security investigations and manages escalated risks as needed. The incumbent also provides leadership for routine or ad hoc internal or external Security Audit. The incumbent manages and directs the development of security framework, protocols and standard operating procedures for alignment with external standards like NIST, C2M2, Privacy by design etc. S/he ensures that the appropriate controls are in place to manage confidentiality of security requests and execution of work within the department.

This role interacts with a broad range of Subject Matter Experts, Business Unit Leaders, and IT Senior Management/Executives within the IT Division / Business and works closely with other teams and business units to establish trusted and complimentary working relationships which support the goals of the organization’s security programs. In addition, this role is a primary contact for follow-up/mitigation in the event of security breach with internal/external entities (e.g. the Privacy commission, RCMP, and the Executive Team).

The incumbent is expected to behave ethically and follow the established code of business conduct, policies and internal control procedures, laws and regulations governing Toronto Hydro.

Toronto Hydro has implemented a mandatory vaccination requirement for all its employees. Proof of full vaccination will be required upon receiving a conditional offer of employment. Toronto Hydro will provide reasonable accommodation to individuals who cannot be vaccinated due to disability or any other ground protected by the Ontario Human Rights Code.

Key Responsibilities

Manages, develops, implements and monitors plans to support IT cyber security and security architecture services and associated roadmap. Proactively identifies problems and opportunities for improvement of IT cyber security services and systems, including security architecture advancement, service level improvement, cost efficiency and customer demand management.
Acts as Subject Matter Expert (SME) on security and security architecture related issues. Provides leadership for routine or ad hoc internal or external Security Audits. Manages and directs the development of security framework, protocols and standard operating procedures for alignment with external standards (e.g. NIST, C2M2, Privacy by design etc.).
Manages and coaches a team to deliver timely service to internal and external clients (safety, performance and development, attendance) to support organizational cybersecurity goals and objectives. Leads the team of security consultants who support organizational need for confidential assessment and other work of confidential nature.
Develops and implements security compliance management system and program conformance and associated reporting. Ensures governance and policy is parlayed in all aspects of enterprise security and design architecture at Toronto Hydro. Incumbent uses thorough understanding of privacy legislation and regulation to develop procedures, standards and guidelines for the organization, including audit criteria and guidelines, compliance and certification requirements, risk analysis and assessment procedures and protocols and cyber security policies.
Provides input into the organization’s cyber security strategy. Continuously improves organizational, divisional and departmental systems, processes and procedures to reduce/minimize cyber security risks.
Establishes formal structures for proactive assessment of cyber security risk and business needs; provides recommendations and actionable guidance to organizational stakeholders to enhance policy conformance; support availability, integrity and confidentiality of the organization’s services, information, and other assets. Acts as the primary point of contact for follow-up/mitigation in the event of cyber security breach.
Researches and identifies industry trends related to security and enterprise architecture leveraging ideas to improve or better align IT systems and services. Leads proof-of-concept for security solutions and establishes guidelines and frameworks to keep security solutions aligned to the latest standards.

Requirements

Undergraduate degree in computer science or related field
Master’s level degree in Computing strongly preferred
One or more relevant certifications (CISSP; CCSP; CISA; CISM; CRISC; ISO27000 audit; ITIL) preferred
Ten (10) or more years’ experience in Information Technology with a focus in IT security technologies and process, Data Centre facilities operation and control, Telecommunications and Storage/Computer architecture, including a minimum of three (3) years developing IT strategy, roadmaps and security policies
Five (5) years’ progressive project/supervisory leadership experience
Internal/external consulting (preferred)
Thorough knowledge and practical experience with security methodologies, standards and best practices (ISO/IEC 27000 – family information standards, ITIL, eTOM, COBIT, and other security-related best practices are an asset)
Ability to apply standards in a reasonable, actionable, and understandable set of policies aligned to corporate and IT governance.
Solid foundation knowledge of privacy legislation and regulation
Superior written and verbal communications skills
Strong project management skills
Stakeholder engagement skills
Demonstrated integrity in dealing with information and issues of a highly confidential and sensitive nature
Strong vendor management

Toronto Hydro has introduced a Hybrid Work Arrangement. This position allows for remote work up to three days per week, based on business needs. Employees will be required to come onsite on those days when they are involved in activities that they or their leader feel are better conducted in person. You are expected to live in Ontario and within reasonable commuting distance of the office.

LI#hybrid