Manager

Description:

At TransLink we are dedicated to building a workforce that reflects the diversity of the communities in which we live. We’re committed to fostering an inclusive, equitable and accessible workplace, recognizing the unique value and skills every individual brings.

Looking for a great place to work where your contributions are valued and you can make a difference in a vibrant city? At TransLink, one of BC’s Top Employers, you'll help make Metro Vancouver a better place to live, built on transportation excellence. Put your future in motion!

Responsibilities

PRIMARY PURPOSE

Provides strategic leadership and oversight of TransLink’s comprehensive security threat risk assessment (STRA), third-party cybersecurity risk, supply chain risk and overall cybersecurity risk assessment practice. This position plays a pivotal role in establishing and monitoring metrics/KPIs to gauge the effectiveness of risk management practice and ensuring the full cycle management of risk assessments.

Key Accountabilities

Ensures the full cycle management and quality of cybersecurity risk assessments, from initiation to closure, collaborating with stakeholders to address challenges and continuously improve the risk assessment process.

Provides strategic direction and oversight for the security threat risk assessment (STRA) practice, collaborating with cross-functional teams and stakeholders to prioritize and address identified risks.

Leads and develops the strategy and related processes of managing and mitigating residual risk to ensure the overall security posture and protection of critical assets.

Establishes and maintains best practices for comprehensive risk management across the organization, actively developing and implementing policies, processes, and procedures to enhance the overall risk management framework.

Leads the implementation of STRA processes for all technology related projects/initiatives and ensures ongoing adherence to industry standards.

Collaborates with the Senior Cybersecurity Risk Specialist to support cybersecurity risk findings, control implementation, residual risks, changes to the risk landscape and risk mitigation actions are effectively documented in the risk register to ensure accurate and comprehensive risk visibility.

Manages the development and implementation of strategies for third-party risk management, and supply chain risk, ensuring compliance with security standards and contractual obligations in collaboration with vendor management and legal teams.

Manages the analysis and identification of cyber-related risks specific to the organization’s systems, networks, and data and assessing the likelihood and impact of these risks.

Develops and reports on KPI, KRI’s and other key metrics to ensure the effectiveness of risk assessment initiatives, for strategic, operational, and executive reports and dashboards to ensure consolidated views of TransLink's overall security posture and risk profile, enabling informed decision making.

Manages risk assessment related professional services including the engagement performance, delivery and quality of the services

Provides support, advice and guidance to TransLink operating companies on risk management practice.

Manages reporting staff, including selection, development, coaching, managing performance, assigning/reviewing work and all other people management practices.

Qualifications

EDUCATION AND EXPERIENCE:

The requirements of this role are typically acquired though completion of a university degree in Computer Science, Computer Engineering, Information Security, or equivalent plus (8) eight years of related experience in Cybersecurity risk management, with a focus on strategy development and sustainment. Requires relevant certifications such as CISSP, CISM, or CRISC.