CYBER SECURITY RISK & COMPLIANCE OFFICER at Manitoba Hydro
Winnipeg, MB, Canada -
Full Time


Start Date

Immediate

Expiry Date

01 Aug, 25

Salary

51.34

Posted On

25 Jun, 25

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Ccsp, Cip, Teams, Coso, Cyber Security, Mitigation, Cobit, Completion, Cisa, Iso, Cissp, Risk Assessment, Nist, Strategic Planning, Enterprise Risk Management, Gas, Presentation Skills

Industry

Financial Services

Description

QUALIFICATIONS:

  • Completion of a four-year degree program from an institute of recognized standing in a related discipline plus six years directly
    related experience, demonstrating progressively greater responsibly in a supervisory/leadership capacity or an equivalent

combination of related education and experience.

  • Knowledge of cybersecurity frameworks such as NIST, SOC, ISO, COBIT, COSO, ISO and CMMC and relevant certifications

in cyber security such as CISSP, CRISC, CCSP, CISA and CISM would be an asset.

  • Certification in a change management framework such as PROSCI is considered an asset.
  • Professional Risk Manager designation is considered an asset.
  • Lean/Six Sigma designation is considered an asset.
  • Demonstrated experience in audit procedures.
  • Demonstrated experience in developing successful working relationships with internal and external stakeholders at all levels

of the corporation.

  • Demonstrated ability to successfully contribute to complex initiatives, projects, and teams across a variety of different

business areas.

  • Extensive knowledge of enterprise risk management, including industry standards and best practices and procedures.
  • Insight into the key enterprise risks and insight into the strategic issues facing Manitoba Hydro and the electrical and gas

industry with a focus on risk assessment, management, and mitigation.

  • Excellent presentation skills especially with senior executive audiences.
  • Demonstrated experience providing key support for Director-level requirements in strategic planning, divisional representation,

managing relationships and communication plan development.

  • Must obtain and maintain a current Personnel Risk Assessment and a “Clear” security rating in accordance with Manitoba

Hydro policy P513.

  • Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.

Applications for this opportunity will include a cover letter and resume detailing how your academic qualifications and progressively
responsible work experience directly align with the roles and responsibilities associated with this leadership role.

acquired or disposed of to assess security vulnerabilities and determine mitigation strategies.

  • Embed themselves as a key team member in all lines of business to assist in reducing cyber risks to our critical infrastructure.
  • Collaborate with Corporate Communications to develop a cyber security informative communications plan.
  • Build internal divisional change management capabilities through education and support of all internal staff, includin
Responsibilities
  • Lead the development of supportive strategic direction and prioritization methodologies including business planning,
    departmental work plans and guiding section heads and staff towards further building and maturing cybersecurity capabilities

including third party risk management.

  • Mature cybersecurity governance, risk and control frameworks and the application of such frameworks across the corporation

including mapping controls to control frameworks.

  • Provide education, guidance and consulting assistance to all staff and management across all Business Units on overall

Cyber Security and third party risk and maintain a strategic relationship within Digital & Technology BU and key interested

parties across Enterprise.

  • Guide the development, maintenance and improvements of a consistent corporate approach for cyber security assessments

across initiatives by developing processes, selecting tools and methods.

  • Guide the evaluation of cyber security risks related to procurement of new or changing software or hardware (both IT/OT)

technology.

  • This role is also responsible for facilitating all corporate post-loss forensic reviews across the corporation including liaising with

external legal support.

  • Coordinate cyber security focused responses to internal and external audits and assessments.
  • Evaluate potential changes in risk profiles due to changing technology landscape, including when third party companies are

acquired or disposed of to assess security vulnerabilities and determine mitigation strategies.

  • Embed themselves as a key team member in all lines of business to assist in reducing cyber risks to our critical infrastructure.
  • Collaborate with Corporate Communications to develop a cyber security informative communications plan.
  • Build internal divisional change management capabilities through education and support of all internal staff, including

monitoring effectiveness of change-related activities.

  • Guide the development, management and improvement of monitoring and reporting NERC CIP requirements for all IT assets.
Loading...