Cyber Security Manager

at  TRANSNORTHERN PIPELINES

ABOUT US

Trans-Northern Pipelines Inc. (TNPI) operates regulated pipelines to safely transport the refined petroleum products (gasoline, diesel, aviation, and heating fuel) used by Canadian businesses and consumers every day. These pipelines connect refineries in Edmonton to Calgary, including the Calgary International Airport; and refineries in Nanticoke, Ont., and Montreal to the Greater Toronto Area (GTA), with lateral pipelines to Ottawa as well as to Pearson International Airport and Pierre-Elliot Trudeau International Airport. We are committed to operating in a safe and environmentally responsible manner to protect the public, the environment, and the pipelines.

POSITION SUMMARY:

TNPI is at the beginning of a transformative journey to improve our cybersecurity maturity and we are seeking an individual who can make a significant impact. As the Cyber Security Manager, you will be responsible for leading the comprehensive implementation of the organization’s cyber strategy within a linear infrastructure. As well as involved in overseeing multiple concurrent cybersecurity projects, architecting advanced security solutions, and overseeing the Security Operations Centre (SOC) through a managed service agreement. If you’re ready to drive change and protect our critical infrastructure, join us and make your mark!

QUALIFICATIONS:

Must-haves (minimum requirements):

• Twelve or more years of extensive hands-on experience in cybersecurity management with a deep understanding of security technologies, and a proven track record in leading cybersecurity initiatives and incident response efforts.
• Post-secondary education in Computer Science, Information Technology, any Engineering field, Cybersecurity, or related field.
• Attainment of one or more of the following credentials: CISM, CISSP, CCSP, ITIL, or PMP.
• Proven track record in developing information security policies and procedures.
• Experience in project/program management, coordination, and leading companywide initiatives
• Strong verbal and written communication skills with the ability to translate complex technical information into easily understandable language.
• Knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST Cybersecurity.
• Broad experience with Business IT, Network, Infrastructure, Application Management, and development.
• Alignment with our values of safety above all else, respect, trust, results focused, decisiveness, and lifelong learning.

Preference for:

• Strong understanding of OT environments and the unique distinctions between IT and OT operations, and cybersecurity.
• Experience in business planning, financial forecasting, budget management, staffing, people leadership.
• Ability to challenge and manage business expectations.

• Ensure stringent adherence to cybersecurity policies, standards, and regulatory requirements.
• Plan, direct, and control the Security Operations Centre (SOC) functions and operations.
• Develop comprehensive cyber security policies covering access control, data protection, configuration management, incident response, and network security.
• Generate and present reports on the status, performance, and effectiveness of security tools.
• Design and implement appropriate cyber security metrics, Key Performance Indicators (KPIs), and Key Risk Areas (KRAs) to measure security posture effectiveness as well as develop and present detailed reports to the TNPI board.
• Safeguard TNPI’s IT and Operational Technology (OT) infrastructure through regular and proactive risk assessments to identify vulnerabilities and threats.
• Develop and implement an incident response plan, including protocols for detecting, responding to, and recovering from security incidents.
• Lead and manage the response to security incidents, including coordinating with internal and external partners.
• Implement and manage security monitoring tools to detect and respond to threats in real-time.
• Oversee the identification and mitigation of cyber threats, including malware, phishing, and other cyber-attacks.
• Own the vulnerability management process and conduct regular vulnerability scans and penetration tests to identify and remediate security weaknesses in IT and OT systems.
• Design and implement robust security measures for all endpoints, including computers, mobile devices, and industrial control systems.
• Implement data protection strategies, including classification, encryption, data loss prevention, and secure data storage.
• Drive continuous improvement of security awareness campaigns and training programs.
• Define Service Level Agreements (SLAs) and the scope of operations for outsourced security services.