Manager, Cyber Governance, Risk & Strategy

Nova Scotia PowerHalifax, NS
Hybrid

About The Position

We are looking for a Manager, Cyber Governance, Risk & Strategy to join our IT Infrastructure & Cybersecurity team in a permanent position. In this role you will be reporting to the Director, IT Infrastructure & Cyber Security. In this role you will be accountable for establishing and overseeing the enterprise cybersecurity governance, risk, and strategic planning capabilities. This role ensures cybersecurity strategy, investment prioritization, and risk management activities are aligned with business objectives and embedded into IT and OT operations to effectively manage cyber risk. The Manager is accountable for balancing cybersecurity risk management with business outcomes, ensuring cybersecurity services are pragmatic, value‑driven, and enable the organization to operate securely, reliably, and efficiently.

Requirements

  • Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.
  • 7+ years of experience in cybersecurity strategy, risk management, or governance roles.
  • Demonstrated experience leading enterprise-level cyber risk and governance programs.
  • Proven experience in developing and implementing cybersecurity strategies and programs.
  • Excellent leadership, communication, and interpersonal skills
  • Demonstrate experience engaging with senior business and operational leaders to influence cybersecurity outcomes aligned with business objectives.
  • Ability to manage service providers, contract management (SLAs) and delegated service ownership models.
  • Strong understanding of the NIST Cybersecurity Framework and enterprise risk management concepts.
  • Strong understanding of enterprise business operations, financial drivers, and risk trade-offs.
  • Strategic planning, stakeholder engagement, and executive communication skills.
  • Effective collaboration and teamwork skills.
  • Ability to manage multiple projects and priorities in a fast-paced environment.
  • Analytical and problem-solving abilities.

Nice To Haves

  • Certifications such as CISSP, CISM, CRISC, or equivalent preferred.

Responsibilities

  • Accountable for the enterprise cybersecurity strategy and multi‑year roadmap, ensuring cybersecurity capabilities support business objectives, risk appetite, and regulatory expectations.
  • Set strategic direction, priorities, and success criteria for cybersecurity programs and initiatives delivered through managed service arrangements.
  • Own decision‑making related to capital planning, investment decisions, and multi‑year cybersecurity budgets.
  • Own the enterprise cybersecurity governance framework, including policy intent, standards approval, oversight forums, and defined cyber risk acceptance authorities.
  • Ensure enterprise cyber risks are identified, assessed, tracked, and reported through established risk management and governance processes.
  • Accountable for cybersecurity risk transparency, escalation, and decision‑making at the executive and enterprise risk level.
  • Ensure alignment between cybersecurity governance, enterprise risk management, and IT compliance frameworks.
  • Provide direction and oversight to ensure cybersecurity risk and governance outputs effectively inform business, technology, and regulatory decision‑making.
  • Accountable for enterprise cyber compliance outcomes and alignment to applicable regulatory, contractual, and internal control requirements.
  • Ensure the cyber control program is appropriately defined, maintained, and aligned with enterprise risk, regulatory, and IT compliance expectations.
  • Establish and support a dotted‑line collaboration model between the Cyber Compliance Lead Assessor and IT Compliance
  • Oversee the planning, scheduling, and coverage of cyber compliance assessments, including approval of the annual cyber assessment calendar for critical assets
  • Accountable for escalation, remediation prioritization, and risk acceptance decisions arising from cyber compliance assessments
  • Own the third‑party cyber risk management program, including due diligence, ongoing assessments, and risk remediation.
  • Ensure cybersecurity requirements are embedded into vendor lifecycle, procurement, and contractual processes.
  • Oversee the effectiveness of third‑party cyber risk management activities performed through managed services.
  • Ensure cyber asset management practices support risk-based decision-making and resilience objectives.
  • Oversee alignment between cybersecurity governance and enterprise business continuity and resilience planning.
  • Sponsor and set expectations for enterprise security awareness, training, and communication programs.
  • Ensure awareness initiatives support desired risk behaviors and organizational outcomes.

Benefits

  • Hybrid work model with one flexible remote work day.
  • A comprehensive benefits plan
  • 24/7 access to virtual health care services for you and your family through Dialogue
  • Access to a free on-site fitness centre
  • Employee and Family Assistance Program
  • Parental leave top-up plan
  • Wellness benefits
  • Opportunities to advance within and between our affiliate companies
  • A focus on employee development
  • Available sponsored education programs
  • Corporate investments in the places where our people live and work
  • Mentoring opportunities
  • Fundraising-matching
  • Volunteer programs
  • Various committees and employee resource groups
  • Scholarships for children of employees
  • Short-term incentive plan
  • Defined Contribution Pension Plan
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service