Dir, Cyber Security Governance
Business Unit: Corporate Privacy and Security
Location: Halifax, Nova Scotia
Type of Employment: Regular, Full time
Why Join Emera?
Emera is a North American energy leader. Regulated utilities are core to our business, but we're also working in transmission projects, marketing and trading, contracted generation, asset management, utility services, pipelines, and renewable technology development.
Our ability to serve more customers in more places is thanks to the commitment of our 7,400 employees in Canada, the USA and the Caribbean. As we grow, we're excited to welcome new team members who are committed to our purpose and our approach to business.
Emera values people who believe that safety and health, relationships, and excellence are integral to how we work. In return, we value the diversity of our people and invest in their growth through:
- competitive compensation packages: including a comprehensive pension and benefits plan and employer-sponsored saving plans
- opportunities for career growth: including a strategic focus on employee development plans, opportunities to advance within and between our affiliate companies and, sponsored education programs
- giving back to communities: including corporate investments in the places where our people live and work; employee dollars-for-doers and fundraising-matching programs and, scholarships for children of employees
Reporting to the Vice President, Privacy & Security, the Director, Cyber Security Governance, is responsible for advancing all cyber security governance, risk and compliance initiatives on a company-wide scale and for aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are reliably protected.
Working across all business units at Emera to fully understand their security posture, you will assess the efficacy of current controls pertaining to the availability, integrity and confidentiality of customer, business partner, employee and business information. You will ensure compliance with information security policies and standards through consistent cross-affiliate monitoring and testing activities and drive the development of standardized policies and security metrics to support Cyber Security Governance at Emera and its affiliates. You will oversee the enterprise-wide incident response framework to ensure organizational preparedness through the implementation of business and technical response best practices, develop adaptive cyber training programs and deliver comprehensive training and assessment campaigns for the enterprise. You will be responsible for preparing monthly reports for the senior management team and provide quarterly risk assessment and compliance updates to the Board of Directors. You will also maintain current knowledge on industry trends and emerging techniques and tactics used by cybercriminals use to gain systems access.
You will provide consistent and objective oversight of Emera's enterprise-wide cyber security systems and policies through operational excellence and continuous improvement and ensure the reliability of all cyber security programs across the company.
Working in collaboration with the Vice President, Privacy and Security, you will also be responsible for:
- Continuously improving Emera's security strategy, policy and governance programs;
- Overseeing the risk assessment program in order to define, identify, and classify critical assets, assess threats and vulnerabilities and implementing appropriate safeguards;
- Assessing and evaluating the effectiveness of security protocols across the company;
- Overseeing the company's security plans and initiatives;
- In collaboration with Emera's Legal and Compliance departments, ensuring company-wide compliance with all applicable security-related Canadian, US federal and state, and international laws and directives;
- Overseeing the organization's efforts to comply with security related contractual obligations;
- Leading efforts to independently assess compliance with applicable security standards such as [PCI DSS, ISO 27001, SSAE16 SOC, etc.];
- Fostering a security-aware culture at Emera;
- Identifying, evaluating and reporting on information security risks, practices and projects including, as directed, to members of the Board of Directors of Emera or its committees;
- Consistently communicate complex information to the senior leadership team in a clear and concise manner ;
- Apply good judgment in staff oversight, collaboration with peers and policy implementation on all matters related to security.
Skills, Capabilities and Experience:
The ideal candidate is an experienced cyber security leader with a degree (Masters preferred) in Information Security, Computer Science, Information Management Systems, or related field. You are certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM) and you have a minimum of 10 years progressive leadership experience in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes and deliverables within a large enterprise. In addition to your technical expertise, equally important are leadership, communication, and relationship building skills and a proven track record of good judgement and sound decision-making.
You are a high-energy leader with the ability to effectively balance long term strategic objectives with short term functional priorities, ensuring issues are resolved in a timely manner under tight reporting deadlines. You have the ability to communicate complex analytics and information in a clear and concise manner and you can get others engaged and on-board with new ideas and approaches. You are comfortable working closely with a senior leadership team in a large, diverse, and complex organization with multiple business units, and you can provide proactive and reliable counsel on all privacy and security matters across multiple jurisdictions; a solid understanding of project management, change management methodologies, and policy development; a continuous improvement mind set and a focus on achieving results; can easily adapt to changing needs and priorities inherent within a large growth-oriented organization; strong business acumen, problem-solving skills, and the ability to work on multiple projects concurrently; a reputation for honesty, integrity, and high ethical standards.
With superior communication, interpersonal and relationship management skills, you can build consensus by consistently demonstrating credibility as a subject matter expert and you consistently provide clear direction, sound advice, accurate analysis, and good judgment. Experience working in the power/utilities/energy sector would be considered an asset.
Competencies & Personal Attributes required:
- Deep working knowledge of IT technologies, OT technologies, security knowledge, security threats and data and information security risk management
- Impeccable executive presentation and communication skills.
- Demonstrated ability to effectively influence decision-makers, technology staff and business management.
- A proven reputation as a respected leader who can be influential within the organization.
- Proven track record of leading high-performance virtual teams toward the successful attainment of challenging goals.
- Expert knowledge of cyber risk theories, practices, and emerging issues to plan, develop, and coordinate enterprise wide information assurance, information security or cybersecurity programs and strategies.
- Strong knowledge of applicable industry rules such as NIST CSF, ISO 27001, PCI, SOX, and NERC CIP.
- Understanding of international privacy and data protection regulations, such as PIPEDA, HIPPA, and GDPR.
- Risk management experience with proven ability to effectively apply risk principles to challenging business situations.
- General working knowledge of GRC tools such as RSA Archer
- Understanding and working knowledge of quantitative risk analysis (e.g. FAIR)
- Strong understanding and working knowledge of a variety of cyber security disciplines such as audits, reviews, risk assessments, contingency planning, forensic analysis, vulnerability scans, penetration testing, and other information systems vulnerability and protection methodologies.
- Ability to establish organizational performance measures/metrics that ensure accountability, evaluation, and continuous improvement.
At Emera, our employees are our greatest strength. Our Leadership Competencies set standards that advance our business strategy, deliver results for customers, and provide career development for employees. We expect members of our leadership team to implement safety, health, and environmental standards. The successful incumbent will also be a visible leader who cultivates innovation and supports change to ensure the business continually evolves. Furthermore, they will build strong, collaborative relationships that achieve results. The Director, Cyber Security Governance will encourage others to speak about ethical concerns, listen when issues are brought forward, and take action to address any issues. Lastly, they will motivate their team to perform at higher levels and deliver exceptional service to customer as well as set goals for their department and seek opportunities to build strategic partnerships with others.
Reports to: Vice President, Privacy & Security
Application Deadline: Please note this position will be posted until a suitable candidate is found.
Form of Application: To apply, please click on the APPLY button at the end of the job posting, complete all required information fields, and copy and paste your cover letter and resume into the online form.
Salary: Commensurate with qualifications and experience
Recruitment and Promotion Policy: When filling vacant positions, we are determined to hire the best candidates available. We are committed to providing employees with a fair and equal opportunity to compete for jobs. Hiring and promotion of employees is based on skills, capabilities, knowledge and demonstrated abilities.
We value diversity in the workplace and strongly encourage applications from all qualified candidates including members of the visible minority community, Indigenous peoples, persons with disabilities, and women in non-traditional roles. Applicants from these designated groups wishing to self-identify may do so through a series of questions in the online application process.