Description:
The Manager, Cyber Security Risk management is a critical resource responsible for contributing and executing a strategic roadmap that matures Hydro One cyber security capabilities. The successful candidate will have knowledge of principles in risk management practices, cyber security policies and standards, and modern practices with a good understanding of security aspects of the various technologies. As a member of a dedicated Cyber Security team, the Manager, Cyber Security Risk Management works closely with senior leadership, team members and staff across Risk, Audit, Legal, HR, Fraud, Operations, and Infrastructure teams to ensure the organization is operating securely.
Accountabilities
- Expertise leading the implementation and ongoing management of the Cyber Risk Management processes and best practices for Cyber Security
- Preparing and maintaining a risk register that identifies gaps during project, system and software lifecycles through security risk assessments or security reviews and tracking risks for remediation
- Support and enforce the security risk assessment framework
- Proactively contribute to security governance initiatives, providing technical and business advice and insight on management processes.
- Create reports and dashboards to communicate cyber risk management issues and remediation efforts to senior management.
- Implement and enforce the Cyber Security policies and standards with industry best practices, pertinent to regulations and standards bodies (NERC CIP, ISO 27001/2, PCI DSS, CIS, NIST Series)
- Support the development and documentation of security processes to support the security lifecycle in the SDLC, vendor management office, project management office
- Developing a security requirements matrix mapped to the organization’s policies and standards
- Leverage expertise in Cyber Security Management to prepare and conduct security assessments for both planned initiatives and unplanned instances.
- Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization as required
- Collaborate with senior leaders and make informed, cyber (IT/OT/ICS) risk-based recommendations to enhance the security posture of the organization, products and services.
- Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions
- Evaluate and monitor third-party vendors for security compliance
- Participate and support security-related initiatives and serve as a key interface with external and internal auditors for security compliance-related activities
- Review technical documents in line with company policies
- Keep abreast of the cybersecurity threats and assess their potential impact on Hydro One’s security posture
- Lead and manage a team of [number of people] to achieve business objectives and goals.
- Provide guidance, support, and mentorship to team members to help them develop their skills and reach their full potential.
- Set performance expectations and goals for team members, and regularly provide feedback on their progress toward meeting those expectations.
- Manage the recruitment, onboarding, and training of new team members.
- Foster a positive and collaborative team environment that encourages open communication and teamwork.
- Identify and address any issues or conflicts within the team, and work to resolve them in a timely and effective manner.
- Collaborate with other teams and departments to ensure alignment and efficient execution of company initiatives.
- Develop and implement strategies to improve team performance, productivity, and engagement.
- Ensure compliance with company policies, procedures, and regulations.