Senior Manager, Cyber Security Governance

About The Position

Requirements

• Bachelor's degree in computer science, information security, or a related field.
• Minimum 7 years in Cyber Security leadership/senior management/senior roles, preferably within the electric/energy utility sector or other large/multi-national organization.
• Security certification of one or more of the following: CISSP, CISA, CISM or other security certification
• Strong knowledge of industry standards and best practices for cyber risk management, including NIST, ISO, and COBIT.
• Demonstrated ability to build and implement new processes for governance frameworks and processes.
• Experience in consulting stakeholders with complex business transformation, technical advisory, and cyber risk strategy underpinned by a deeper subject matter expertise in one or more cybersecurity domains.
• Consistent record of developing and improving the security posture of enterprise and ICS/OT organization.
• Strong leadership and analytical skills with a record of people development and technical delivery.
• Maintain in-depth awareness and understanding of current and emerging cyber security threat, risk and trends.
• Excellent communication skills, both verbal and written.
• Ability to collaborate effectively with cross-functional teams.

Nice To Haves

• Background in NERC CIP, CSAE3416 SOC 2, PCI DSS, and ITIL is an asset.

Responsibilities

• Proactively lead the implementation of governance initiatives, providing technical and business advice, as well as insight on governance processes.
• Preparing and maintaining risk register that identifies risk areas and themes to report on the activities for risks issues and remediation progress.
• Enhancing and maintaining the security risk assessment framework.
• Aligning and refining Cyber Security policies and standards with industry best practices, pertinent to regulations and standards bodies (NERC CIP, ISO 27001/2, PCI DSS, CIS, NIST Series)
• Prepare, track, maintain and report risk acceptances and security exceptions.
• Leverage expertise in Cyber Security Management to prepare and conduct security assessments for both planned initiatives and unplanned instances as required.
• Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions.
• Review technical documents in line with company policies.
• Report and measure through Metrics, the effectiveness of the technical controls (KPI/KRI) and propose compensating controls accordingly.
• Proactively contribute to security governance initiatives, providing technical and business advice, as well as insight on management processes.
• Implement and enforce the Cyber Security policies and standards with industry best practices, pertinent regulations and standards bodies (NERC CIP, ISO 27001/2, PCI DSS, CIS, NIST Series)
• Support the development and documentation of security processes to support risk management activities across the lifecycle in the SDLC, vendor management office, project management office, risk acceptance.
• Developing security requirements matrix mapped to organization’s policies and standards.
• Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization as required.
• Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services.
• Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions.
• Participate and support security related initiatives and serve as a key interface with external and internal auditors for security compliance related activities.
• Keep abreast of the cybersecurity threats and assess their potential impact to Hydro One's security posture.
• Lead and manage a team of [number of people] to achieve business objectives and goals.
• Provide guidance, support, and mentorship to team members to help them develop their skills and reach their full potential.
• Set performance expectations and goals for team members, and regularly provide feedback on their progress towards meeting those expectations.
• Manage the recruitment, onboarding, and training of new team members.
• Foster a positive and collaborative team environment that encourages open communication and teamwork.
• Identify and address any issues or conflicts within the team, and work to resolve them in a timely and effective manner.
• Collaborate with other teams and departments to ensure alignment and efficient execution of company initiatives.
• Develop and implement strategies to improve team performance, productivity, and engagement.
• Ensure compliance with company policies, procedures, and regulations.
• Conduct regular performance reviews and assessments, and make recommendations for promotions, transfers, or disciplinary actions as needed.

Benefits

• Hydro One provides an extensive offering of programs to promote a culture of safety, wellbeing, inclusivity, and sustainability to enable our employees to be the best version of themselves.
• For management roles, compensation is based on the principle of pay-for-performance compensation philosophy, and the amount of annual adjustments and incentive payments depends on how well you and the company perform (subject to plan terms).