Manager, Cybersecurity

The Manager, Cybersecurity is responsible for leading a diverse and best in class team with a passion for cybersecurity to adapt, mature, and transform the cybersecurity program at BURNCO. The incumbent is accountable for developing and implementing an all-encompassing strategy and multi-year plan for cybersecurity. Additional tasks include governance, risk management, and compliance monitoring. The incumbent works with and challenges the status quo to drive decisions and insights. This position reports into the Chief Information Officer & VP Transformation.

Main Responsibilities 

Cybersecurity Strategy & Delivery – 60% 

• Lead the implementation of the corporate information security, data protection and privacy policies across the business. Manage the security processes and effectively ensure guidance in accordance with policies and procedures.


• Develop and implement strategic cybersecurity plans that are aligned to the organizational objectives and security requirements.


• Collaborate with key stakeholders to establish an effective cybersecurity risk management program.


• Establish cybersecurity policies, procedures, and associated training plans for network/security/telecom architecture and IT operations.


• Lead efforts to recommend, implement, support, improve, and operate cybersecurity technologies.


• Assess and make recommendations regarding current and proposed architectures, strategies, and systems.


• Design and test effective tactical response strategies to reduce the recovery lag time in the event of a critical cybersecurity incident.


• Ownership of the Cyber Security Incident Response Plan and security playbooks

Staff and Change Management – 15% 

• Build, direct and develop a best-in-class team.


• Institutionalize cybersecurity awareness and understanding, championing a security-conscious culture.


• Facilitate risk management initiatives which align with security goals.


• Drive the strategic direction of the functional area and achieve the IT strategic plan.


• Serve as the subject matter expert (SME) for cybersecurity, coordinating and providing multi-disciplinary knowledge, skills, and experience to the organization. 

Collaboration, Operations and Budget – 25% 

• Oversee close coordination with all other IT groups and external partners, to ensure cybersecurity requirements are defined, proposed solutions are evaluated, and implemented solutions are built, deployed, and modified in accordance to meet requirements.


• Establish the annual operating and capital budget for cybersecurity operations, supporting applications and services, related external support services, licensing, personnel and other associated costs


• Lead tabletop and live-fire exercises in accordance with the cybersecurity incident response plan (CSIRP) involving participants from all levels of the organization.

Working Conditions 

The role has standard working conditions in an office environment with a regular workweek from Monday to Friday. Due to the nature of the role, the incumbent must be able to meet tight deadlines, manage pressure and manage stress. 

Requirements 

Experience

• Minimum 10 years of overall work experience in IT


• Minimum 8+ years demonstrating leadership qualities or overseeing deliverables.
  
  
  
  • Experience in audit, security, system administration or related roles
  
  
  • Experience in creating visibility into the security risks of an organization.
  
  
  • Experience writing organizational policies, processes, and controls.
  
  
  • Experience implementing security related software and systems (endpoint protection, DNS filtering, SIEM, etc.)
  
  
  • Experience with Microsoft operating systems and environments, including Azure.
  
  
  • Experience with a publicly traded company is considered an asset.
  
  
  
  

*Any experience for these above would be considered as an asset

Education/Certification/Designation

• Bachelor of Science Degree in cybersecurity, computer science, data science, information systems/technology management, or related field


• Master’s Degree in related fields*

*Any designation for these above would be considered as an asset

Competencies

• Sets goals that are consistent with BURNCO's plan and takes responsibility for achieving results.


• Shares timely information within and across functions to get things done effectively.


• Demonstrates analytical thinking and a broad vision when making decisions.


• Addresses risks in a timely manner to eliminate them.


• Innovates through problem solving.


• Possess organizational, time-management and prioritizing competencies.


• Inspires others with impactful communications and adapts to the audience through speech and writing.


• Demonstrates good judgment in decision making and makes difficult and timely decisions.


• Is inspirational and innovative.


• Prioritize individual development and continuous learning.


• Deals with pressure and change by staying calm to quickly adapt to changes.


• Builds a relationship with clients and provides valuable services.

Technical Skills/Knowledge 

• Understanding of security frameworks (NIST, ISO 27001, etc.)


• Understanding of privacy requirements (e.g., PIPEDA)


• Ability to think at a system, infrastructure and network architecture level.


• Knowledge of advanced security tools and methods which support the protection, detection, response, and recovery activities related to security events and incidents.


• Proven ability in security process design, policy creation, and compliance monitoring


• Understanding of industry trends and emerging threats and applicability


• Experience and knowledge of incident response methodologies

Organizational Impact  

Decision Making & Impacts 

The Manager, Cybersecurity is responsible for all decisions related to cybersecurity which are aligned with the vision, roadmap, and delivery IT projects. The role is crucial in protecting BURNCO’s assets, resources, and personnel, and the building of a security culture within the organization. The position requires helping leaders make the right strategic decisions, drive cybersecurity best practices as an operational component, and provide guidance to employees in their day-to-day tasks.

Level of Interaction/Influence

The Manager, Cybersecurity interacts with IT leaders as well as all functional leaders, up to and including the C-suite.

Employees Supervised/Organizational Structure

The role may require direct supervision of non-unionized employees and indirect supervision dependent of consultants.