Job Title or Location
RECENT SEARCHES

Director, Cyber Risk Advisory - Mining & Metals

Ernst & Young - 235 Jobs
Toronto, ON
In-person
Full-time
Experienced

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The opportunity

A career in EY's Cybersecurity practice offers you the unique opportunity to shape the future of the Mining and Metals industry. As organizations within the sector embrace digital transformation and automation technologies, they face increasing cybersecurity challenges that could threaten operational continuity, regulatory compliance, and competitive advantage. Our team plays a pivotal role in helping mining and metals companies build robust cybersecurity strategies that protect critical assets, ensure safe and resilient operations, and foster sustainable growth. EY is recognized as a leader in cybersecurity services for the Mining and Metals sector, partnering with some of the largest companies in Canada to safeguard their critical infrastructure.

Your key responsibilities:

  1. Strategic Leadership
    • Client-Focused Solutions: Lead cybersecurity initiatives that address the specific needs of Mining and Metals clients. Tailor solutions that safeguard their operations against evolving cyber threats, while supporting business continuity and enhancing safety.
    • Trusted Advisor: Cultivate strong relationships with senior leadership across Mining and Metals organizations, positioning EY as their strategic partner for cybersecurity. Understand their complex operational environments, safety requirements, and compliance needs.
    • Thought Leadership: Shape the industry's approach to cybersecurity by developing and communicating thought leadership on emerging threats and trends in the Mining and Metals sector. Contribute to industry forums, white papers, and strategic discussions that drive innovation in security practices.
  2. Business Development and Growth
    • Expand EY's Footprint: Leverage your deep industry knowledge and existing client relationships to identify new opportunities within the Mining and Metals sector. Develop strategies that expand EY's presence in this critical industry.
    • Service Differentiation: Collaborate with internal teams to create innovative cybersecurity solutions designed specifically for the Mining and Metals sector, including securing operational technology (OT), managing cyber-physical risks, and ensuring regulatory compliance.
    • Proposal Leadership: Lead the preparation of competitive and high-quality proposals that clearly demonstrate EY's value. Ensure our expertise in mining cybersecurity, regulatory knowledge, and operational resilience is front and center in client proposals.
    • Industry Showcase: Highlight EY's cybersecurity capabilities by working with our internal subject matter experts in areas such as OT security, incident response, data protection, and threat management. Lead workshops and presentations to demonstrate our ability to address sector-specific challenges.
  3. Cybersecurity Program Delivery
    • Client Engagement: Oversee project engagements for Mining and Metals clients, ensuring the delivery of tailored cybersecurity programs that secure critical infrastructure and meet compliance standards. Maintain proactive communication with clients to ensure their expectations and goals are met.
    • Operational Excellence: Deliver projects on time, within budget, and with the highest quality by overseeing project management, resource allocation, and risk management. Provide regular updates to client leadership to keep them informed of progress and potential risks.
    • Mining-Specific Solutions: Direct teams to design and implement cybersecurity controls that align with the unique operational demands of Mining and Metals companies, including safeguarding digital mine operations, managing supply chain risks, and improving operational resilience.
  4. Team Leadership and Development
    • Practice Development: Play a key role in shaping the strategy for EY's Cybersecurity practice, with a specific focus on the Mining and Metals sector. Collaborate with leadership to continuously refine and evolve our service offerings, ensuring we remain ahead of industry trends.
    • Mentorship and Growth: Foster a culture of continuous learning and professional growth within your team. Provide coaching, feedback, and mentorship to help team members advance in their careers while building a strong sense of collaboration.
    • Talent Retention: Design and implement initiatives to enhance employee engagement and retention within the cybersecurity practice. Create a supportive and rewarding environment where team members are motivated to excel

Skills and attributes for success

  1. Consulting and Leadership Experience
    • Proven experience leading complex cybersecurity consulting engagements in the Mining and Metals sector, with a deep understanding of industry challenges such as operational safety, environmental compliance, and supply chain security.
    • Demonstrated ability to navigate complex client environments and build trusted relationships with senior stakeholders.
    • Expertise in leading multi-disciplinary teams to design and implement cybersecurity programs that address IT and OT security challenges.
    • Strong interpersonal skills with a proven ability to foster collaboration, build trust, and drive client satisfaction.
  2. Cybersecurity Expertise
    • Extensive knowledge of cybersecurity frameworks and best practices, including NIST, IEC 62443, and other relevant standards for securing operational technology in mining environments.
    • Experience in overseeing comprehensive cybersecurity operations across all stages of the cybersecurity lifecycle – Identify, Protect, Detect, Respond, and Recover.
    • Expertise in key technical areas such as threat detection and response, identity and access management, cloud security, data protection, and OT security for mining operations.
    • Ability to communicate complex cybersecurity concepts in ways that resonate with both technical and non-technical stakeholders in the mining industry.
  3. Industry Expertise
    • In-depth knowledge of the Mining and Metals sector, with a strong understanding of the operational, regulatory, and cybersecurity challenges unique to this industry.
    • Proven experience working with large mining companies in Canada, with a deep understanding of the regulatory environment and the operational risks faced by mining organizations.
  4. Business Development
    • A successful track record of generating new business within the Mining and Metals sector, with strong skills in identifying client needs, scoping services, and closing deals.
    • Expertise in leading proposal development and responding to RFPs, ensuring EY's cybersecurity services are positioned competitively in the market.
    • Experience in drafting detailed and effective Statements of Work that clearly articulate project scope, timelines, and deliverables.

To qualify for the role you must have

  1. Cloud Security:
    • In-depth understanding of cloud platforms such as AWS, Azure, and Google Cloud.
    • Experience with securing cloud-based infrastructure, applications, and data.
    • Knowledge of cloud security best practices and compliance requirements specific to the energy sector.
  2. OT (Operational Technology) Security:
    • Expertise in securing industrial control systems (ICS) and SCADA systems within the energy industry.
    • Understanding of unique challenges in OT environments and strategies to mitigate associated risks.
  3. ERP (Enterprise Resource Planning) Security:
    • Familiarity with ERP systems commonly used in the energy sector (e.g., SAP, Oracle).
    • Experience in securing ERP applications and databases, ensuring data integrity and confidentiality.
  4. MDR/XDR (Managed Detection and Response/Extended Detection and Response):
    • Knowledge of MDR/XDR solutions and services, including threat detection, incident response, and proactive threat hunting.
    • Experience in implementing and managing MDR/XDR programs for energy clients.
  5. Network Security:
    • Proficiency in designing and implementing robust network security architectures.
    • Knowledge of network protocols, firewalls, intrusion detection/prevention systems, and VPN technologies.
  6. Endpoint Security:
    • Expertise in endpoint protection strategies, including antivirus, endpoint detection and response (EDR), and device management.
    • Experience in securing diverse endpoint devices within an organization.
  7. Identity and Access Management (IAM):
    • Understanding of IAM principles, including user authentication, authorization, and identity governance.
    • Experience in implementing IAM solutions to manage access to critical systems and data.
  8. Incident Response and Forensics:
    • Knowledge of incident response methodologies and best practices.
    • Experience in digital forensics and the ability to investigate and analyze security incidents.
  9. Regulatory Compliance:
    • Familiarity with cybersecurity regulations relevant to the energy sector in Canada.
    • Experience ensuring compliance with standards such as NERC CIP, CSAE 3416, and provincial regulations.
  10. Emerging Technologies:
    • Awareness of emerging cybersecurity technologies and trends, such as AI/ML-driven security solutions and zero-trust architectures.

Ideally, you'll also have

  • CISSP


What we look for

We're interested in intellectually curious people with a passion for cybersecurity and a desire to grow their skills as part of a diverse and engaged team of OT cybersecurity professionals.

What we offer

At EY, our Total Rewards package supports our commitment to creating a leading people culture - built on high-performance teaming - where everyone can achieve their potential and contribute to building a better working world for our people, our clients and our communities. It's one of the many reasons we repeatedly win awards for being a great place to work.

We offer a competitive compensation package where you'll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package allows you to decide which benefits are right for you and which ones help you create a solid foundation for your future. Our Total Rewards package includes a comprehensive medical, prescription drug and dental coverage, a defined contribution pension plan, a great vacation policy plus firm paid days that allow you to enjoy longer long weekends throughout the year, statutory holidays and paid personal days (based on province of residence), and a range of exciting programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:

  • Support, coaching and feedback from some of the most engaging colleagues around
  • Opportunities to develop new skills and progress your career
  • The freedom and flexibility to handle your role in a way that's right for you


The salary range for this job in British Columbia is $120,500 to $216,000. Individual salaries within this range are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and work location city.

Diversity and Inclusion at EY

Diversity and inclusiveness are at the heart of who we are and how we work. We're committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. We embrace diversity and are committed to combating systemic racism, advancing gender equity and women in leadership, advocating for the 2SLGBTQIA+ community, promoting our neuroinclusion and accessibility initiatives, and are dedicated to amplifying the voices of Indigenous peoples (First Nations, Inuit, and Métis) nationally as we strive towards reconciliation. Our diverse experiences, abilities, backgrounds, and perspectives make our people unique and help guide us. Because when people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.

EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
Competition Number: 1552816