Our utilities and power client, located in the heart of Toronto, seeks a Manager, Cyber Security & IT Risk for their growing team, beginning as soon as possible. The ideal candidate is someone looking to take the next step in their career, with a background focused primarily in Cyber Security with some exposure to Risk and governance, as well as people leadership exposure. He/she will step into this brand-new role and lead a team of 10, remaining hands on and close to the day to day operations of the organization.
- Manages, develops, implements and monitors plans to support IT cyber security and security architecture services and associated roadmap. Proactively identifies problems and opportunities for improvement of IT cyber security services and systems, including security architecture advancement, service level improvement, cost efficiency and customer demand management. Proactively collaborates on and contributes to the creation of the IT Cyber Security roadmap.
- Acts as Subject Matter Expert (SME) on security and security architecture related issues. Provides leadership for routine or adhoc internal or external Security Audits.
- Manages and directs the development of security framework, protocols and standard operating procedures for alignment with external standards (e.g. NIST, C2M2, Privacy by design etc.).
- Manages and coaches a team to deliver timely service to internal and external clients (safety, performance and development, attendance) to support organizational cyber Security goals and objectives.
- Leads the team of security consultants who support organizational need for confidential assessment and other work of confidential nature.
- Develops and implements security compliance management system and program conformance and associated reporting. Ensures governance and policy is parlayed in all aspects of enterprise security and design architecture at the Client. Incumbent uses thorough understanding of privacy legislation and regulation to develop procedures, standards and guidelines for the organization, including audit criteria and guidelines, compliance and certification requirements, risk analysis and assessment procedures and protocols and cyber security policies.
- Provides input into the organization’s cyber security strategy. Continuously improves organizational, divisional and departmental systems, processes and procedures to reduce/minimize cyber security risks.
- Establishes formal structures for proactive assessment of cyber security risk and business needs; provides recommendations and actionable guidance to organizational stakeholders to enhance policy conformance; support availability, integrity and confidentiality of the organization’s services, information, and other assets. Acts as the primary point of contact for follow-up/mitigation in the event of cyber security breach.
- Researches and identifies industry trends related to security and enterprise architecture leveraging ideas to improve or better align IT systems and services. Leads proof-of-concept for security solutions and establishes guidelines and frameworks to keep security solutions aligned to the latest standards.
- Undergraduate degree in business, computer science or engineering.
- Master’s level degree in related field or one or more relevant certifications (CISSP; CISA; CISM; CRISC; ISO27000 audit; ITIL)
- Ten (10) or more years’ experience in Information Technology
- Demonstrated experience in management and improvement of: IT security technologies and process, Data Centre facilities operation and control, Telecommunications and Call Centre infrastructure, Storage/Computer architecture. Experience in building, designing, or supporting security policies and processes.
- Five (5) years’ progressive project/supervisory leadership experience
- Internal/external consulting (preferred)
- Thorough knowledge and practical experience with security methodologies, standards and best practices (ISO/IEC 27000 – family information standards, ITIL, eTOM, COBIT, and other security-related best practices are an asset)
- Ability to apply standards in a reasonable, actionable, and understandable set of policies aligned to corporate and IT governance.
- Solid foundation knowledge of privacy legislation and regulation
- Superior written and verbal communications skills
- Strong project management skills
- Stakeholder engagement skills
- Demonstrated integrity in dealing with information and issues of a highly confidential and sensitive nature
- Strong vendor management
Looking for Meaningful Work? We can help!
If you're a technical professional, you know that it can be difficult to find fulfilling work that advances your career. At the Ian Martin Group, we exist to connect professionals like you with meaningful work at industry-leading companies in your field. And we walk the walk, too: as a Certified B Corporation, we believe in using business as a force for good for people, our communities, and the environment.
We value diversity and inclusion and encourage all qualified people to apply.
We encourage all qualified candidates to apply; however, only those selected for an interview will be contacted.