Cyber Security Manager

About The Position

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field; equivalent experience considered
• 7–10 years of progressive security experience in enterprise or regulated industry environments
• Prior team leadership required; experience presenting to board-level audiences required
• Solid understanding of security best practices and international standards such as ISO 27001 and NIST
• Knowledge and experience in Security Training and Awareness, Security Governance, and Security Incident Management
• Basic knowledge of laws and regulations applicable in the area of responsibility
• Advanced knowledge of organization, technology controls, security, and risk issues
• Demonstrated ability to lead complex, comprehensive, or large-scale projects and initiatives
• Strong customer orientation, negotiating, and problem-solving skills
• Strong planning, organizational, and presentation skills
• Excellent command of business English, both spoken and written

Nice To Haves

• CISSP or CISM preferred
• AZ-500 (Microsoft Azure Security) or SC-200 (Microsoft Security Operations) is a strong asset
• Insurance, healthcare, or financial services industry experience strongly preferred
• Cyber security consulting background is an asset

Responsibilities

• Establish and support an effective cybersecurity program aligned with industry best practices, regulatory requirements, and organizational objectives
• Develop, document, and implement comprehensive security policies, standards, and procedures to protect information assets
• Develop, implement, and monitor an ISMS program to ensure the confidentiality, integrity, and availability of sensitive data owned, controlled, or processed by the organization
• Serve as the primary point of contact and responsible party for cyber and information security across the organization
• Contribute to the development and oversight of a global security management strategy and framework
• Oversee third-party reviews and risk assessments to ensure comprehensive evaluation of security risks
• Lead business compliance efforts for security, including supporting regular risk assessments to identify potential vulnerabilities, threats, and areas for improvement, and developing action plans to mitigate identified risks
• Develop a metrics and reporting framework to measure cybersecurity and governance KPIs and KRIs, including tracking industry trends and best practices
• Collaborate with cross-functional teams and the Privacy and Risk team to ensure security requirements are integrated into system development and business processes
• Provide guidance and support to technical teams in the design and implementation of security systems, networks, and applications
• Stay current with the latest industry trends, emerging threats, and security technologies, and adjust the organization's security strategy accordingly
• Develop and deliver a security training and awareness program to promote a culture of security and influence behavior that reduces cyber and information security risk
• Monitor and respond to security incidents, conduct investigations, and lead incident response activities to effectively manage incidents to an acceptable resolution
• Work with internal and external stakeholders, including auditors and regulators, to ensure compliance with relevant security standards, laws, and regulations
• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to current and emerging technology and security threats
• Maintain effective communication channels with management of both GroupHEALTH and the parent company to report on cybersecurity initiatives, risks, and progress
• Produce the monthly security input for the CIO's IT Executive Dashboard
• Lead, develop, and manage the Security Analyst and Security Engineer
• Manage all Cyber Security vendor relationships and Pen Testing engagements
• Serve as the primary escalation point for all P1 and P2 security incidents, including availability outside business hours for P1 events
• Lead P1 incident response and coordinate breach notification obligations under PIPEDA, and relevant contracts and agreements including Beneva and Munich Re
• Ensure post-incident reviews are completed within 5 business days for every P1 and P2 event

Benefits

• generous paid time off
• extended health and dental benefits
• RRSP matching
• flexible work options
• Wellness support, including comprehensive mental health resources