Risk Management Services Manager - British Columbia, Canada - Cyberclan

Cyberclan

Verified Company

British Columbia, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

The Risk Management Services Manager identifies industry standards and regulatory guidelines for information security in order to minimize the risk of compromise of sensitive business systems.

They help develop, maintain, and evaluate organizational security policies and procedures, and they work closely with engineering and operations teams to ensure systems controls meet security requirements.

This position will report to Chief Operating Officer

Essential Functions

Drive the team's growth and development from a revenue perspective including presales, delivery of security engagements, statement of work (SOW), vCISO and account management.
Build resource management plan for Risk Management Services team
Routinely review tools and technologies that will enhance teams' ability to deliver services in cost effective manner
Assist in the building of necessary scoping documents to size customer engagements
Work closely with Client Success Managers in client engagement
Present at a conference or participate on a panel (in person or virtually) no less than 5 times in a calendar year
Provide input as needed towards corporate messaging and marketing
Work with Sales team as needed to provide input and assist in closing deals where necessary
Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance.
Developing, maintaining, or auditing security documentation such as policies, standards, and procedures.
Monitoring internal control effectiveness.
Conducting internal security assessments to ensure continued compliance.
Explaining roles in managing risk to partners and getting buyin to improve the organizational risk posture.
Reviewing, implementing, updating, and documenting information security policies and procedures.
Advising Risk Management and Cybersecurity Office leadership regarding cybersecurity status.
Managing security audits, vulnerability and threat assessments, and direct responses to network or system intrusions.
Ensuring fulfillment of information security mandates, including providing leadership with compliance reports and audit findings.
Keeping abreast of industry security trends and developments, as well as applicable government regulations.
Researching, evaluating, and recommending new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.
Creating and executing strategies to improve the reliability and security of IT projects.
Responding immediately to securityrelated incidents and provide a thorough postevent analysis.
Lead, develop and grow the penetration testing team.
Contribute to the establishment of new service lines.
Ensure that the team meats utilisation targets in line with expectation.
Assist and support consultants with their professional development and attainment of qualifications.

Required Skills and Experience

Bachelor's degree, or higher, in computer engineering, computer science, IS or cybersecurityrelated discipline, or equivalent five (5) years' experience in information assurance or systems and network security.
Minimum of five (5) years leadership experience serving as an information security manager or information assurance/engineering team lead.
Demonstrated experience presenting briefings to senior customer management and customer stakeholders.
Advanced security DODD 8570 certification, e.g., CISM, CISSP, CND, CSA, Security+.
Demonstrated leadership experience with RMF and accreditation processes (e.g., NIST80053, ICD503).
Demonstrated hands on experience with accreditation tools (e.g., Xacta, Nessus, AppDetective, WebInspect, Metasploit or Rapid 7, Core Impact or Cobalt Strike).
A cloudbased industry security certification (e.g., CCSP, Microsoft Azure Security Engineer).
Must have experience in Incident Response Planning and/or Table Top Exercise.
Experience in Threat & Risk Assessment & Privacy Impact Assessment.
Must be familiar with NIST, CIS Benchmark, ISO27001 and AWS GovCloud Security.

**Preferred Skills, Experience, Degrees or Certifications