Cyber Security Senior Manager

at  Helly Hansen

Founded in Norway in 1877, Helly Hansen continues to develop professional grade apparel that helps people stay and feel alive. Through insights drawn from living and working in the world’s harshest environments, the company has developed a long list of first-to-market innovations, including the first supple waterproof fabrics more than 140 years ago. Other breakthroughs include the first fleece fabrics in the 1960s, the first technical base layers in the 1970s, made with LIFA® Stay Dry technology, the patented H2Flow™ temperature regulating system, and the revolutionary lighter, warmer LIFALOFT™ insulation. Building on Helly Hansen’s proprietary HELLY TECH® waterproof/breathable system, the technical outdoor brand has most recently introduced the award-winning LIFA INFINITY PRO™ - the company’s most innovative and responsible waterproof/breathable technology to date.
Helly Hansen is a leader in technical sailing and performance ski apparel, as well as premium workwear. Its uniforms are worn and trusted by more than 55,000 professionals and can be found on Olympians, National Teams, and at more than 200 ski resorts and mountain guiding operations globally.
Helly Hansen’s outerwear, base layers, sportswear and footwear are sold in more than 40 countries around the world and the company is owned by Canadian Tire Corporation (CTC). To learn more about Helly Hansen’s latest collections, visit www.hellyhansen.com

THE ROLE

The Senior Manager, Cyber Security is a hands-on position reporting to the Chief Technology Officer, working with other senior leaders & stakeholders within the company.

KEY RESPONSIBILITIES

• Oversee key areas of the CyberSecurity Program including security incident response, vulnerability management, data protection, and risk management.
• Develop strategies and security initiatives to assess and improve physical, technical, and administrative safeguards and/or controls.
• Create, maintain & implement security policies, standards, guidelines, processes and procedures to ensure ongoing protection of information assets.
• Implement and maintain Security controls that support NIST, SOC2, SOX & PCI frameworks.
• Recognize a possible security vulnerability, incident, or violation and take appropriate action to report and mitigate, as required.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Oversee proper and full use of the suite of existing cyber security tools, processes, runbooks, assessments, and plans.
• Propose plans for continuous improvement and execute on approved plans and timelines.
• Implement methods for auditing and addressing non-compliance to standards and for bringing non-compliant environments into compliance.
• Integrate cybersecurity requirements into the business continuity planning for critical systems and during the evaluation of new systems being considered or proposed.
• Responsible for managing the Cyber Security Awareness Training Program.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.
• Collaborate with internal and vendor engineering teams in the security space, ensuring the incorporation of industry best practices.
• Identify and provide solutions to minimize project exposure and risk, effectively addressing program roadblocks and driving a mitigation plan.
• Generate data-driven status reports for a broader audience, consolidating data from various sources for governance meetings with leadership.
• Create support materials, including process documentation, testing analysis methodology, and other artifacts for internal and external audits.
• Monitor IT infrastructure, operations, and critical applications for proper application of security controls and process adherence.
• Respond to incidents or emergencies as they arise, ensuring proper communication and actions are taken, recommend mitigation strategies, and see through to resolution.
• Possess a strong ability to influence and engage effectively with stakeholders across different functions, demonstrating skill and the talent to Information Security goals across the organization.