Senior Manager, Cyber Security Governance

Job Function

The Manager, Cyber Security Governance is a key resource that will be responsible for contributing and executing a strategy roadmap that matures Acronym cyber security capabilities. The successful candidate will have knowledge of principles in cyber security policies and standards, and modern practices with a good understanding of governance
models that support the review and reporting of organizational risks. As a member a dedicated Cyber Security team, the Sr Manager, Cyber Security Governance works closely with senior leadership, team members and staff across Risk, Audit, Legal, HR, Fraud, Operations, and Infrastructure teams to ensure the organization is operating securely.


Accountabilities

1.Proactively lead the implementation of governance initiatives, providing technical and business advice, as well as insight on governance processes.
2.Preparing and maintaining risk register that identifies risk areas and themes to report on the activities for risks issues and remediation progress.
3.Enhancing and maintaining the security risk assessment framework.
4.Aligning and refining Cyber Security policies and standards with industry best practices, pertinent to regulations and standards bodies (NERC CIP, ISO 27001/2, PCI DSS, CIS, NIST Series)
5.Prepare, track, maintain and report risk acceptances and security exceptions.
6.Leverage expertise in Cyber Security Management to prepare and conduct security assessments for both planned initiatives and unplanned instances as required.
7.Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions.
8.Review technical documents in line with company policies.
9.Report and measure through Metrics, the effectiveness of the technical controls (KPI/KRI) and propose compensating controls accordingly.
10.Proactively contribute to security governance initiatives, providing technical and business advice, as well as insight on management processes.
11.Implement and enforce the Cyber Security policies and standards with industry best practices, pertinent regulations and standards bodies (NERC CIP, ISO 27001/2, PCI DSS, CIS, NIST Series)
12.Support the development and documentation of security processes to support risk management activities across the lifecycle in the SDLC, vendor management office, project management office, risk acceptance.
13.Developing security requirements matrix mapped to organization’s policies and standards.
14.Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization as required.
15.Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services.
16.Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions.
17.Participate and support security related initiatives and serve as a key interface with external and internal auditors for security compliance related activities.
18.Keep abreast of the cybersecurity threats and assess their potential impact to Hydro One's security posture.
19.Lead and manage a team of [number of people] to achieve business objectives and goals.
20.Provide guidance, support, and mentorship to team members to help them develop their skills and reach their full potential.
21.Set performance expectations and goals for team members, and regularly provide feedback on their progress towards meeting those expectations.
22.Manage the recruitment, onboarding, and training of new team members.
23.Foster a positive and collaborative team environment that encourages open communication and teamwork.
24.Identify and address any issues or conflicts within the team, and work to resolve them in a timely and effective manner.
25.Collaborate with other teams and departments to ensure alignment and efficient execution of company initiatives.
26.Develop and implement strategies to improve team performance, productivity, and engagement.
27.Ensure compliance with company policies, procedures, and regulations.
28.Conduct regular performance reviews and assessments, and make recommendations for promotions, transfers, or disciplinary actions as needed.


Qualifications & Experience
1.Bachelor's degree in computer science, information security, or a related field.
2.Minimum 7 years in Cyber Security leadership/senior management/senior roles, preferably within the electric/energy utility sector or other large/multi-national organization.
3.Security certification of one or more of the following: CISSP, CISA, CISM or other security certification
4.Strong knowledge of industry standards and best practices for cyber risk management, including NIST, ISO, and COBIT.
5.Demonstrated ability to build and implement new processes for governance frameworks and processes.
6.Experience in consulting stakeholders with complex business transformation, technical advisory, and cyber risk strategy underpinned by a deeper subject matter expertise in one or more cybersecurity domains.
7.Consistent record of developing and improving the security posture of enterprise and ICS/OT organization.
8.Strong leadership and analytical skills with a record of people development and technical delivery.
9.Maintain in-depth awareness and understanding of current and emerging cyber security threat, risk and trends.
10.Background in NERC CIP, CSAE3416 SOC 2, PCI DSS, and ITIL is an asset.
11.Excellent communication skills, both verbal and written.
12.Ability to collaborate effectively with cross-functional teams.