Title: Manager Cybersecurity and IT Risk Management

Our client in Winnipeg, MB is looking a Manager Cybersecurity and IT Risk Management. This is a full time, permanent role and requires that candidates be based in Winnipeg or willing to relocate

JOB SUMMARY:

The Manager, Cybersecurity & IT Risk Management manages the identification, assessment and mitigation of all security threats and vulnerabilities in the environment. This position is also responsible to provide leadership and guidance to the Cybersecurity & IT Risk Management team for all management functions of the unit. This role will be a key member of the Cybersecurity Governance Committee, to assist with developing the cybersecurity strategy, roadmap and cybersecurity programs.

JOB DUTIES & RESPONSIBILITIES:

MANAGING UNIT

• Manages staff and labour relations issues and provides leadership, guidance, support and direction to the unit including: hiring staff, conducting performance reviews and follow up, identifying training and development needs, coaching and motivating staff; and coordinating work activities and deciding on disciplinary action up to and including dismissal where necessary

• Fosters the development of a multi-disciplinary team approach

• Prepares and manages the unit's budget and is accountable for meeting budget targets and goals

• Continuously evaluates, develops/selects, and implements the unit's service delivery operating model, competencies, methods, and tools

• Plans, directs, and oversees the management, delivery, and coordination of a portfolio of cybersecurity projects for the unit

• Establishes, authorizes, and oversees the implementation of training and development programs for the staff

• Cascades branch operational objectives, ensuring staff are meeting established standards and practices and, where necessary, makes improvements to work processes

• Ensures all staff are cognizant of, and subscribe to, their responsibilities to protect the confidentiality and privacy of information and addresses any breaches as appropriate

• Manage staffing workload allocation, review and approve monthly time tracking for all branch resources and prioritize work against operational objectives and planned commitments

CYBERSECURITY & IT RISK MANAGEMENT

• Leads cybersecurity operations and day-to-day cybersecurity activities including patch deployment, vulnerability management, incident response, threat detections, network monitoring and logging, end point protection, demilitarized zone (DMZ) management, etc.

• Facilitates Cybersecurity Governance Committee meetings, including assisting the Committee with developing and implementing a cybersecurity strategy, framework, and roadmap that is aligned with corporate priorities

• Prepares comprehensive monthly Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity Governance Committee

• Prepares and presents security and IT risk management materials, cybersecurity initiative updates, and compliance reports to senior management and the Cybersecurity Governance Committee

• Conducts regular meetings with key stakeholders at IT and enterprise levels to discuss risks, trade-offs, and share relevant knowledge on cybersecurity risks, threats, and initiatives

• Partners with business stakeholders to raise awareness of cyber risk management concerns

• Develops and implements comprehensive cybersecurity strategies, policies, and procedures to safeguard assets and mitigate risks

• Oversees regular IT risk assessments and security audits to identify areas for improvement and ensure compliance with relevant regulations and security standards

• Collaborates with cross-functional teams and business stakeholders to integrate security best practices into business processes and technology solutions

• Maintains cybersecurity incident response plans; prepares to detect, respond, and recover from cybersecurity incidents; coordinates incident response efforts; and reports on impact, root-cause and post-mortem lessons to Cybersecurity Governance Committee, Executives, and Board of Directors

• Acts as the management escalation point for all security incidents

• Tracks business case outcomes for cybersecurity related initiatives including cost, benefits, and risk

• Represents cybersecurity considerations in architecture decisions and IT initiatives

• Manages third-party risk program to address cyber risks existing on third-party systems.

• Maintains awareness of emerging cybersecurity threats, technologies, and best practices to continuously enhance security posture

• Fosters a culture of security awareness and accountability throughout the organization

MANAGING SERVICE PROVIDERS

• Procures IT services and/or contractors in accordance with standards and practices

• Establishes and maintains vendor relationships

• Develops a service provider network and manages relationships with contractors, including monitoring performance, service deliverables and achievement of milestones

QUALIFICATIONS:

• Completion of a recognized degree or diploma program in Information Security, Computer Science or an IT related discipline

• Minimum ten (10) years Information Technology experience, including minimum five (5) years in Cybersecurity and IT risk management; and minimum three (3) years of progressive IT leadership experience supervising/managing IT professionals, preferably in a large, unionized environment

• Strong understanding of cybersecurity frameworks, standards, and regulations e.g. ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework

• Strong technical knowledge of on-premises and cloud based platforms and experience with security technologies and tools, such as SIEM, IDS, IPS, DLP, endpoint protection, and vulnerability management solutions

• Proven experience in conducting IT risk assessments, security audits, and developing risk mitigation strategies

• Experience liaising with and/or presenting to executive management and/or Board level committees

• Ability to lead, manage, mentor, and motivate staff to achieve desired results across the division, and take corrective action as required

• Ability to develop and manage operating and capital budgets

• Strong analytical and problem solving skills to resolve issues and set direction

• Strong verbal and written communications skills with the ability to influence, persuade and negotiate with all stakeholders, senior leadership and staff

• Ability to build trust and create positive working relationships with partners, internal / external stakeholders, managed service providers and external vendors

• Ability to work under pressure and manage projects across organizational divisions

• Ability to maintain confidentiality of sensitive and confidential information.

• Knowledge and experience in competitive purchasing practices, IT contracting, and vendor management

• The ability to communicate proficiently in both official languages (English & French) is an asset, but is not required

The following designations would be an asset:

• ITIL v4 Foundation certification

• Project Management Professional (PMP)

• Lean IT Foundation certification

• Certified Information Systems Security Professional (CISSP) certification, or Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)

• Microsoft Azure Fundamentals certification

For information about TEEMA Solutions Group and to consider other career opportunities, please visit our website at