Title: Manager Cybersecurity and IT Risk Management Our client in Winnipeg, MB is looking a Manager Cybersecurity and IT Risk Management. This is a full time, permanent role and requires that candidates be based in Winnipeg or willing to relocate JOB SUMMARY : The Manager, Cybersecurity & IT Risk Management manages the identification, assessment and mitigation of all security threats and vulnerabilities in the environment. This position is also responsible to provide leadership and guidance to the Cybersecurity & IT Risk Management team for all management functions of the unit. This role will be a key member of the Cybersecurity Governance Committee, to assist with developing the cybersecurity strategy, roadmap and cybersecurity programs. JOB DUTIES & RESPONSIBILITIES: MANAGING UNIT Manages staff and labour relations issues and provides leadership, guidance, support and direction to the unit including: hiring staff, conducting performance reviews and follow up, identifying training and development needs, coaching and motivating staff; and coordinating work activities and deciding on disciplinary action up to and including dismissal where necessary Fosters the development of a multi-disciplinary team approach Prepares and manages the units budget and is accountable for meeting budget targets and goals Continuously evaluates, develops/selects, and implements the units service delivery operating model, competencies, methods, and tools Plans, directs, and oversees the management, delivery, and coordination of a portfolio of cybersecurity projects for the unit Establishes, authorizes, and oversees the implementation of training and development programs for the staff Cascades branch operational objectives, ensuring staff are meeting established standards and practices and, where necessary, makes improvements to work processes Ensures all staff are cognizant of, and subscribe to, their responsibilities to protect the confidentiality and privacy of information and addresses any breaches as appropriate Manage staffing workload allocation, review and approve monthly time tracking for all branch resources and prioritize work against operational objectives and planned commitments CYBERSECURITY & IT RISK MANAGEMENT Leads cybersecurity operations and day-to-day cybersecurity activities including patch deployment, vulnerability management, incident response, threat detections, network monitoring and logging, end point protection, demilitarized zone (DMZ) management, etc. Facilitates Cybersecurity Governance Committee meetings, including assisting the Committee with developing and implementing a cybersecurity strategy, framework, and roadmap that is aligned with corporate priorities Prepares comprehensive monthly Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity Governance Committee Prepares and presents security and IT risk management materials, cybersecurity initiative updates, and compliance reports to senior management and the Cybersecurity Governance Committee Conducts regular meetings with key stakeholders at IT and enterprise levels to discuss risks, trade-offs, and share relevant knowledge on cybersecurity risks, threats, and initiatives Partners with business stakeholders to raise awareness of cyber risk management concerns Develops and implements comprehensive cybersecurity strategies, policies, and procedures to safeguard assets and mitigate risks Oversees regular IT risk assessments and security audits to identify areas for improvement and ensure compliance with relevant regulations and security standards Collaborates with cross-functional teams and business stakeholders to integrate security best practices into business processes and technology solutions Maintains cybersecurity incident response plans; prepares to detect, respond, and recover from cybersecurity incidents; coordinates incident response efforts; and reports on impact, root-cause and post-mortem lessons to Cybersecurity Governance Committee, Executives, and Board of Directors Acts as the management escalation point for all security incidents Tracks business case outcomes for cybersecurity related initiatives including cost, benets, and risk Represents cybersecurity considerations in architecture decisions and IT initiatives Manages third-party risk program to address cyber risks existing on third-party systems. Maintains awareness of emerging cybersecurity threats, technologies, and best practices to continuously enhance security posture Fosters a culture of security awareness and accountability throughout the organization MANAGING SERVICE PROVIDERS Procures IT services and/or contractors in accordance with standards and practices Establishes and maintains vendor relationships Develops a service provider network and manages relationships with contractors, including monitoring performance, service deliverables and achievement of milestones QUALIFICATIONS: Completion of a recognized degree or diploma program in Information Security, Computer Science or an IT related discipline Minimum ten (10) years Information Technology experience, including minimum five (5) years in Cybersecurity and IT risk management; and minimum three (3) years of progressive IT leadership experience supervising/managing IT professionals, preferably in a large, unionized environment Strong understanding of cybersecurity frameworks, standards, and regulations e.g. ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework Strong technical knowledge of on-premises and cloud based platforms and experience with security technologies and tools, such as SIEM, IDS, IPS, DLP, endpoint protection, and vulnerability management solutions Proven experience in conducting IT risk assessments, security audits, and developing risk mitigation strategies Experience liaising with and/or presenting to executive management and/or Board level committees Ability to lead, manage, mentor, and motivate staff to achieve desired results across the division, and take corrective action as required Ability to develop and manage operating and capital budgets Strong analytical and problem solving skills to resolve issues and set direction Strong verbal and written communications skills with the ability to influence, persuade and negotiate with all stakeholders, senior leadership and staff Ability to build trust and create positive working relationships with partners, internal / external stakeholders, managed service providers and external vendors Ability to work under pressure and manage projects across organizational divisions Ability to maintain confidentiality of sensitive and confidential information. Knowledge and experience in competitive purchasing practices, IT contracting, and vendor management The ability to communicate proficiently in both official languages (English & French) is an asset, but is not required The following designations would be an asset: ITIL v4 Foundation certification Project Management Professional (PMP) Lean IT Foundation certification Certified Information Systems Security Professional (CISSP) certification, or Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) Microsoft Azure Fundamentals certification
Job Title
Manager -Cybersecurity & IT Risk Management(Onsite in Winnipeg)