Manager, Cybersecurity, Risk

About The Position

Requirements

• 5–6 years of experience in information security, IT risk, or related roles (financial services/investment management is an asset).
• Working knowledge of cyber risk frameworks and controls (e.g., NIST CSF/800‑53, ISO 27001/27002/27004/27005) and third-party risk management practices.
• Hands‑on experience conducting technology and cloud risk assessments, documenting issues, and tracking remediation to closure.
• Familiarity with cloud service models (SaaS, PaaS, IaaS) and shared responsibility concepts
• Comfort interpreting audit/assessment requests and assembling clear, accurate evidence packages.
• Strong analytical, organisational, and stakeholder communication skills; able to explain risk in plain language.
• Undergraduate degree in a relevant field; security/risk certifications (e.g., CRISC, CISSP, CISM) are assets.

Responsibilities

• Risk Assessments & Tracking Execute and document cyber risk assessments for projects, applications, infrastructure and material changes (using defined methodologies).
• Conduct cloud security risk assessments across SaaS, PaaS, and IaaS solutions, including shared responsibility considerations, data protection, identity, and resilience risks.
• Assess cyber risks associated with emerging technologies (e.g., AI/GenAI, new data platforms, automation tools) and advise on appropriate controls and risk treatments.
• Maintain entries in the cyber risk register; track remediation actions with accountable owners and follow up on due dates.
• Third‑Party Security Reviews Perform security due diligence for new vendors and periodic reviews for existing vendors/critical fourth parties.
• Evaluate vendor and cloud provider control environments (e.g., SOC reports, ISO certifications, architecture summaries) and identify residual risk.
• Record findings, recommend risk treatments, and escalate material issues in line with risk appetite and thresholds.
• Policy & Standards Support Support the currency of cybersecurity policies, standards, and guidelines through drafting updates and stakeholder review.
• Coordinate and document exceptions/deviations and risk acceptance requests with clear expiry and compensating controls.
• Control Testing & Assurance Assist with control self‑assessments and collection of evidence for internal/external audits and attestations (e.g., SOC 2).
• Support assurance activities related to cloud and third‑party controls, including tracking gaps and remediation actions to closure.
• Track audit/assessment action items to closure and provide status updates to leaders.
• Reporting & Communication Prepare concise dashboards and reports (KRIs/KPIs, risk themes, third-party risk trends, remediation status) for management and governance forums.
• Translate technical, cloud, vendor, emerging risks into business‑friendly summaries with clear impact, likelihood, and recommended next steps.
• Awareness & Engagement Promote security awareness to top risk themes.
• Support readiness activities (e.g., tabletop logistics and follow‑ups, risk workshops).
• Respond to risk‑related inquiries from project teams and vendor managers with timely, practical guidance.

Benefits

• In addition to base salary, this position is eligible to participate in IMCO's annual incentive plan.
• comprehensive benefits package and defined benefit pension plan