Cyber Security Risk Manager - Fredericton, Canada - Irving Oil

Irving Oil

Verified Company

Fredericton, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Job Title
Cyber Security Risk Manager (Hybrid Opportunity)
- *Role is based out of Saint John, NB_

What you can expect in a typical day
The IT Cyber Security Risk Manager is a critical member of the Information Technology Security and Compliance team. The role acts as an interface between the Director

IT Security, strategic and processbased activities, and the work of the technologyfocused analysts, and administrators in the IT organization. The role is accountable for oversight of our cyber risk based programs including technology threat risk assessment process, 3rd party risk assessments, insider threat as well as providing consultative expertise in the areas of cyber risk assessment, mitigation and acceptance. The role must be able to translate ITrisk into business focused language for our stakeholders identifying required technical controls and infrastructure priorities, as well as develop metrics for ongoing performance measurement and reporting.

What we offer:

Competitive salary, bonus, and pension plan
Flexible benefits, including a Health Spending Account
Hybrid Work Opportunity flexible work model that supports a blend of inoffice and remote
Wellness support, including annual wellness allowance and paid personal care days
Paid vacation and vacation purchasing
Personal and professional development opportunities
Named one of Canada's Top 100 Employers for seven consecutive years

Your roles and responsibilities:

Develops a companywide technology cyber risk assessment program which identifies, measures and prioritizes security risk within technology outlining mitigations and security projects that address identified risks.
Develop budget projections based on short

- and long-term goals and objectives and present it to the Director, IT Security for approval.

Develop reporting metrics on the cyber risk profile of Irving Oil's operating companies.
Develop reporting metrics on the cyber risk profile of Irving Oil's 3rd party suppliers and partners.
Manage the daytoday activities of a number of risk assessment programs including technology threat risk assessments, 3rd party risk assessments and insider threat programs.
Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including personal development programs for team members.
Define metrics and reporting strategies that effectively communicate successes and progress of the security program in partnership with the Director, ITS as well as IT and business stakeholders.
Recommend and manage the implementation and operation of technical controls to support identified risks and minimize detection or protection blindspots.
Provide technical and managerial expertise for the administration of cyber security risk management.
Develop a strong working relationship with the IT Operations and Business Engagement teams to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
Lead security risk projects and provide security risk integration requirements to other areas of IT and the Business, creating templates and blueprints where practical.
Under direction of Director, IT Security, formulate and execute a strategy to build a robust 3rd party cyber risk management program to Irving Oil's.
Manage a team of Security Analysts who assess, identify and triage security risks guide the management events escalating into high risk prioritization.
Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing the Director, IT Security, IT Security with a realistic overview of risks and threats in the enterprise environment.
Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.

Professional skills

Attention to detail
Ability to work in a fastpaced environment with strong attention to detail
Strong troubleshooting and critical thinking skills.
Selfstarter, ability to multitask, proven ability to effectively contribute in a collaborative team environment.
Strong troubleshooting and critical thinking skills.
Must be able to quickly shift focus based on needs of the operation.
Strong verbal and written communication skills.
A strong understanding of the business impact of cyber security risk.
Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with mínimal supervision.
Strong project management skills and experience in creating and managing project plans, including budgeting and resource