Description:
We are looking for a Manager, Cyber Governance, Risk & Strategy to join our IT Infrastructure & Cybersecurity team in a permanent position. In this role you will be reporting to the Director, IT Infrastructure & Cyber Security.
In this role you will be accountable for establishing and overseeing the enterprise cybersecurity governance, risk, and strategic planning capabilities. This role ensures cybersecurity strategy, investment prioritization, and risk management activities are aligned with business objectives and embedded into IT and OT operations to effectively manage cyber risk. The Manager is accountable for balancing cybersecurity risk management with business outcomes, ensuring cybersecurity services are pragmatic, value‑driven, and enable the organization to operate securely, reliably, and efficiently.
Key Elements Of This Role Include
Cyber Strategy & Planning
- Accountable for the enterprise cybersecurity strategy and multi‑year roadmap, ensuring cybersecurity capabilities support business objectives, risk appetite, and regulatory expectations.
- Set strategic direction, priorities, and success criteria for cybersecurity programs and initiatives delivered through managed service arrangements.
- Own decision‑making related to capital planning, investment decisions, and multi‑year cybersecurity budgets.
Governance and Risk
- Own the enterprise cybersecurity governance framework, including policy intent, standards approval, oversight forums, and defined cyber risk acceptance authorities.
- Ensure enterprise cyber risks are identified, assessed, tracked, and reported through established risk management and governance processes.
- Accountable for cybersecurity risk transparency, escalation, and decision‑making at the executive and enterprise risk level.
- Ensure alignment between cybersecurity governance, enterprise risk management, and IT compliance frameworks.
- Provide direction and oversight to ensure cybersecurity risk and governance outputs effectively inform business, technology, and regulatory decision‑making.
Cyber Compliance
- Accountable for enterprise cyber compliance outcomes and alignment to applicable regulatory, contractual, and internal control requirements.
- Ensure the cyber control program is appropriately defined, maintained, and aligned with enterprise risk, regulatory, and IT compliance expectations.
- Establish and support a dotted‑line collaboration model between the Cyber Compliance Lead Assessor and IT Compliance
- Oversee the planning, scheduling, and coverage of cyber compliance assessments, including approval of the annual cyber assessment calendar for critical assets
- Accountable for escalation, remediation prioritization, and risk acceptance decisions arising from cyber compliance assessments
Third‑Party Risk Management
- Own the third‑party cyber risk management program, including due diligence, ongoing assessments, and risk remediation.
- Ensure cybersecurity requirements are embedded into vendor lifecycle, procurement, and contractual processes.
- Oversee the effectiveness of third‑party cyber risk management activities performed through managed services.
Cyber Asset & Business Continuity Alignment
- Ensure cyber asset management practices support risk‑based decision‑making and resilience objectives.
- Oversee alignment between cybersecurity governance and enterprise business continuity and resilience planning.
Education & Awareness
- Sponsor and set expectations for enterprise security awareness, training, and communication programs.
- Ensure awareness initiatives support desired risk behaviors and organizational outcomes.
Qualifications
These skills will make you successful:
- Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.
- 7+ years of experience in cybersecurity strategy, risk management, or governance roles.
- Demonstrated experience leading enterprise‑level cyber risk and governance programs.
- Certifications such as CISSP, CISM, CRISC, or equivalent preferred.
- Proven experience in developing and implementing cybersecurity strategies and programs.
- Excellent leadership, communication, and interpersonal skills
- Demonstrate experience engaging with senior business and operational leaders to influence cybersecurity outcomes aligned with business objectives.