Manager, IT Risk & Cyber Security Standards
Toronto, CA
5h ago

Manager, IT Risk & Cyber Security Standards

Location : Downtown Toronto

Overview :

Reporting to the Director, this position is responsible for driving and creating innovative solutions to solve complex technical challenges ensuring the highest level of reliability, efficiency and quality of IT Cyber Security systems.

This role contributes to the development of the cyber security roadmap and related implementation strategies, including developing and implementing security architecture standards and protocols, ensuring the alignment of other IT architectural standards.

  • The various functions of this role include : managing and supporting critical infrastructure and technology systems, with the goal of mitigating the organization's cyber security risks;
  • providing input to strategic leadership on behalf of Cyber Security and Enterprise Architecture; recommending and developing strategies on Security Risk evaluations utilizing best practices, and creating solutions to mitigate risks to acceptable levels;
  • resource assessment, oversight, and management (including technical and business personnel), ensuring the appropriate support is in-place at all times.

    The incumbent will manage and support technology systems, mitigating the organization's cyber security risks, including leadership direction of routine and adhoc cyber security audits, as well as recommending the appropriate security framework, protocols, standard operating procedures, and implementation or adoption of industry best practices.

    Additionally, the incumbent will oversee cyber security investigations and management of escalated risks, and provide leadership for routine or adhoc internal or external Security Audit, and manage and direct the development of security framework, protocols and standard operating procedures for alignment with external standards like NIST, C2M2, Privacy by design, etc.

    This position will ensure the appropriate controls are in place to manage confidentiality of security requests and execution of work within the department.

    This position interacts with a broad range of Subject Matter Experts, Business Unit Leaders, and IT Senior Management / Executives within the IT Division / Business and works closely with other teams and business units to establish trusted and complimentary working relationships which support the goals of the organization's security programs.

    In addition, this role is a primary contact for follow-up / mitigation in the event of security breach with internal / external entities (e.

    g. the Privacy commission, RCMP, and the Executive Team).


  • Manages, develops, implements, and monitors plans to support IT cyber security and security architecture services and associated roadmap.
  • Proactively identifies problems and opportunities for improvement of IT cyber security services and systems, including security architecture advancement, service level improvement, cost efficiency and customer demand management.

  • Acts as Subject Matter Expert (SME) on security and security architecture related issues. Provides leadership for routine or adhoc internal or external Security Audits.
  • Manages and directs the development of security framework, protocols and standard operating procedures for alignment with external standards (e.

    g. NIST, C2M2, Privacy by design etc.).

  • Manages and coaches a team to deliver timely service to internal and external clients (safety, performance and development, attendance) to support organizational cybersecurity goals and objectives.
  • Leads the team of security consultants who support organizational need for confidential assessment and other work of confidential nature.

  • Develops and implements security compliance management system and program conformance and associated reporting, and ensures governance and policy is parlayed in all aspects of enterprise security and design architecture.
  • Expected utilization of thorough understanding of privacy legislation and regulation to develop procedures, standards and guidelines, including audit criteria and guidelines, compliance and certification requirements, risk analysis and assessment procedures and protocols and cyber security policies.

  • Provides input into the organization's cyber security strategy, and continuously improves organizational, divisional and departmental systems, processes and procedures to reduce / minimize cyber security risks.
  • Establishes formal structures for proactive assessment of cyber security risk and business needs; provides recommendations and actionable guidance to organizational stakeholders to enhance policy conformance;
  • support availability, integrity and confidentiality of the organization's services, information, and other assets. Acts as the primary point of contact for follow-up / mitigation in the event of cyber security breach.

  • Researches and identifies industry trends related to security and enterprise architecture leveraging ideas to improve or better align IT systems and services.
  • Leads proof-of-concept for security solutions and establishes guidelines and frameworks to keep security solutions aligned to the latest standards.

    Requirements & Qualifications :

  • Undergraduate Degree in Computer Science, Engineering, Mathematics, or relevant education and certifications.
  • Master's Degree in related field preferred.
  • One or more relevant certifications - CISSP; CISA; CISM; CRISC; ISO27000 audit; ITIL.
  • 10 + years of experience in Information Security Technology with progressive, Senior-level Consulting experience, manifested into a supervisory leadership role.
  • Internal / external consulting preferred.

  • 5 + years of supervisory leadership experience.
  • Demonstrated experience in building, designing, supporting security policies and processes.
  • Demonstrated experience in management and improvement of : IT security technologies and process, Data Centre facilities operation and control, Telecommunications and Call Centre infrastructure, Storage / Computer architecture.
  • Thorough knowledge and practical experience with security methodologies, standards and best practices (ISO / IEC 27000 family information standards, ITIL, eTOM, COBIT, and other security-related best practices are an asset)
  • Ability to apply standards in a reasonable, actionable, and understandable set of policies aligned to corporate and IT governance.
  • Solid foundation knowledge of privacy legislation and regulation.
  • Must have excellent written and verbal communications skills
  • Strong project management and stakeholder engagement skills.
  • Pro-active management style with a blend of hands-on / hands-off, and must be comfortable with hands-on technical engagement if needed.
  • Demonstrated integrity in dealing with information and issues of a highly confidential and sensitive nature.
  • Strong experience with vendor management.
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form