Manager, IT Risk & Cyber Security Standards
Location : Downtown Toronto
Reporting to the Director, this position is responsible for driving and creating innovative solutions to solve complex technical challenges ensuring the highest level of reliability, efficiency and quality of IT Cyber Security systems.
This role contributes to the development of the cyber security roadmap and related implementation strategies, including developing and implementing security architecture standards and protocols, ensuring the alignment of other IT architectural standards.
resource assessment, oversight, and management (including technical and business personnel), ensuring the appropriate support is in-place at all times.
The incumbent will manage and support technology systems, mitigating the organization's cyber security risks, including leadership direction of routine and adhoc cyber security audits, as well as recommending the appropriate security framework, protocols, standard operating procedures, and implementation or adoption of industry best practices.
Additionally, the incumbent will oversee cyber security investigations and management of escalated risks, and provide leadership for routine or adhoc internal or external Security Audit, and manage and direct the development of security framework, protocols and standard operating procedures for alignment with external standards like NIST, C2M2, Privacy by design, etc.
This position will ensure the appropriate controls are in place to manage confidentiality of security requests and execution of work within the department.
This position interacts with a broad range of Subject Matter Experts, Business Unit Leaders, and IT Senior Management / Executives within the IT Division / Business and works closely with other teams and business units to establish trusted and complimentary working relationships which support the goals of the organization's security programs.
In addition, this role is a primary contact for follow-up / mitigation in the event of security breach with internal / external entities (e.
g. the Privacy commission, RCMP, and the Executive Team).
Proactively identifies problems and opportunities for improvement of IT cyber security services and systems, including security architecture advancement, service level improvement, cost efficiency and customer demand management.
Manages and directs the development of security framework, protocols and standard operating procedures for alignment with external standards (e.
g. NIST, C2M2, Privacy by design etc.).
Leads the team of security consultants who support organizational need for confidential assessment and other work of confidential nature.
Expected utilization of thorough understanding of privacy legislation and regulation to develop procedures, standards and guidelines, including audit criteria and guidelines, compliance and certification requirements, risk analysis and assessment procedures and protocols and cyber security policies.
support availability, integrity and confidentiality of the organization's services, information, and other assets. Acts as the primary point of contact for follow-up / mitigation in the event of cyber security breach.
Leads proof-of-concept for security solutions and establishes guidelines and frameworks to keep security solutions aligned to the latest standards.
Requirements & Qualifications :
Internal / external consulting preferred.