Mgr Cybersecurity

Position Purpose

This position is responsible for the comprehensive oversight of cybersecurity policies, strategies, and compliance within the organization. This role leads the operation, support, and maintenance of the CRD’s IT security management strategy. Key responsibilities include analyzing and evaluating controls, conducting risk assessments, and managing compliance reporting. This position is also tasked with leading and performing security assessments, including Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP), Security Threat and Risk Assessments (STRAs), System Security Plans, Security Assessment Reports, and Vulnerability Assessments. Additionally, the Manager oversees the Cybersecurity Program, which features a five-year security roadmap and includes training and development initiatives to ensure the organization remains resilient against evolving cyber threats.

Key Accountabilities/Position Outcomes

• Provides Specialized Expertise, Advisory, Consulting, and Training: Offers specialized expertise, consulting, and training across all areas relevant to corporate security, both within the IT department and in collaboration with corporate stakeholders. This includes advising on best practices, emerging threats, and security technologies to enhance the organization's security posture.
• Vulnerability Management: Oversees, develops, and administers policies and procedures for effective vulnerability management. This includes identifying vulnerabilities, coordinating mitigation steps, monitoring, and reporting on the results of all mitigation efforts to ensure timely and effective resolution.
• Electronic Risk Management Profile: Leads, implements, and administers the CRD’s electronic risk management profile. This involves developing standards, protocols, and recommendations for data loss prevention, ensuring the integrity and security of the organization's electronic assets.
• Strategic Leadership and Oversight: Provides leadership, oversight, and strategic direction to departmental and corporate initiatives and programs within the area of security responsibility. This includes guiding the development and execution of security strategies and initiatives to support organizational goals.
• External Collaboration: Liaises with external organizations to coordinate and verify sound security measures. This includes working with industry partners, regulatory bodies, and other external entities to ensure compliance and enhance the organization’s security framework.
• Security Risk Assessments: Conducts security risk assessments at both the enterprise and system levels, producing and communicating a Security Scorecard on a regular basis. This helps in identifying potential risks and implementing measures to mitigate them effectively.
• Security Incident Response: Assists in security incident response planning and practice. This involves working with other Protective Services functions to create a common and documented security posture, ensuring a coordinated and effective response to security incidents.
• Security Awareness and Training: Develops, leads, and participates in security awareness and corporate training initiatives. This includes creating and delivering training programs to educate employees on security best practices, policies, and procedures.
• Staying Current on Security Strategies: Stays current on modern security strategies, including all laws and regulations that impact the corporation. This ensures that the organization’s security measures are up-to-date and compliant with relevant legal and regulatory requirements.
• System and Technology Requirements: Ensures that all security systems and technologies are up-to-date, well-maintained, and effectively integrated into the organization’s IT infrastructure. This includes overseeing the implementation and management of security technologies such as firewalls, intrusion detection systems, and encryption solutions.
• Responsible for the leadership and management of employees and contractors within area of responsibility, including employment and labour relations matters involving: employee hiring, promotion, demotion and other personnel matters; discipline and discharge; representing management in the grievance procedure; input on behalf of management into labour relations matters, and representing management on committees; maintaining Employer confidentiality; and developing, supporting and implementing various corporate and legislated policies, procedures and practices.

Additional Information

• None

Qualifications

Certifications

Role Specific Knowledge, Skills, and Abilities

• Expert Knowledge of Network Protocols: Comprehensive understanding of TCP/IP and associated protocols, as well as advanced knowledge of modern networking concepts and technologies, including VPNs, firewalls, and routing.
• Complex IT Environment Experience: Proven experience working in a complex IT environment, including prior experience in at least one of the following areas:
• Application development and security
• Network engineering or operations
• System administration and management
• Active Directory Expertise: Expert skills in Active Directory architecture and administration, including advanced knowledge of Group Policy, authentication methods, and security configurations.
• Policy Management Skills: Strong technical skills in creating, managing, and enforcing IT security policies and procedures, ensuring alignment with organizational goals and compliance requirements.
• Legal and Regulatory Knowledge: Thorough knowledge of Canadian Provincial and Federal laws pertaining to information security, as well as international data protection regulations and standards.
• Security Frameworks and Standards: Familiarity with common security frameworks and standards, including:
• NIST Cybersecurity Framework
• ISO/IEC 27001:27013
• CIS Critical Security Controls (CIS CSC)
• Payment Card Industry Data Security Standard (PCI DSS)
• Data Loss Prevention and Intrusion Detection: Experience with Data-Loss Prevention (DLP) systems and Intrusion Prevention/Detection Systems (IPS/IDS), including deployment, configuration, and management.
• Vulnerability Management: Proficient in using security scanners (e.g., Nessus, Qualys) and remediating vulnerabilities, ensuring systems are secure and compliant with organizational policies.
• Scripting and Automation: Advanced skills in script writing (e.g., PowerShell, Python) and registry management, enabling efficient automation and management of security tasks.
• Troubleshooting and Analytical Skills: Superior troubleshooting and analytical skills, capable of identifying and resolving complex security issues promptly and effectively.
• Communication and Interpersonal Skills: Excellent communication (verbal and written), interpersonal, and customer service skills. Ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
• Strategic Planning and Vision: Ability to develop and execute a comprehensive cybersecurity strategy aligned with the organization’s goals, incorporating risk management, incident response, and business continuity planning.
• Leadership and Team Management: Proven leadership skills with experience in managing and developing a high-performing cybersecurity team. Ability to foster collaboration, motivate team members, and manage conflicts effectively.
• Risk Management: Expertise in identifying, assessing, and mitigating cybersecurity risks. Develops and implements risk management frameworks and ensures continuous monitoring and improvement.
• Incident Response and Crisis Management: Proficient in leading incident response efforts, including detection, containment, eradication, and recovery from security incidents. Capable of managing crisis situations and ensuring effective communication during incidents.
• Stakeholder Engagement: Skilled in engaging with senior leadership, board members, and external stakeholders to advocate for cybersecurity initiatives and secure necessary resources.
• Security Program Development: Experience in developing and maintaining a robust cybersecurity program, including governance, risk, and compliance (GRC) activities, security awareness training, and continuous improvement initiatives.

Leadership Profile

CRD Leaders are champions for creating an accountable, high performance, service oriented organization that makes a difference in our community. They pay attention to shifts and trends in an ever-changing and complex environment and think strategically to serve residents, businesses and local governments today while developing a sustainable organization for the future. The following is a leadership summary for this position.

Professional/Individual Contributor Level 3 (P3)

Leaders at this level are generally recognized as fully qualified professionals who apply their in-depth knowledge and experience and best practice in their own discipline to respond to a wide range of moderately-complex and complex problems and situations. They interpret and respond to client needs and improve products or services in their own area. Working with minimal direction, they monitor and control costs within their own work, explain difficult issues to establish consensus, and promote teamwork, potentially coaching and guiding others.

While CRD Leaders are accountable to all Leadership Competencies, the competencies listed below have particular relevance to this position. Click here for a complete definition of our Leadership Levels and Competencies.

Leadership Competencies