The Manager, Cybersecurity & IT Risk Management manages the identification, assessment and mitigation of all security threats and vulnerabilities in the WCB environment. This position is also responsible to provide leadership and guidance to the Cybersecurity & IT Risk Management team for all management functions of the unit. This role will be a key member of the WCB Cybersecurity Governance Committee, to assist with developing the cybersecurity strategy, roadmap and cybersecurity programs for WCB.
MANAGING UNIT
Manages staff and labour relations issues and provides leadership, guidance, support and direction to the unit including: hiring staff, conducting performance reviews and follow up, identifying training and development needs, coaching and motivating staff; and coordinating work activities and deciding on disciplinary action up to and including dismissal where necessary
Fosters the development of a multi-disciplinary team approach
Prepares and manages the unit's budget and is accountable for meeting budget targets and goals
Continuously evaluates, develops/selects, and implements the unit's service delivery operating model, competencies, methods, and tools
Plans, directs, and oversees the management, delivery, and coordination of a portfolio of cybersecurity projects for the unit
Establishes, authorizes, and oversees the implementation of training and development programs for the staff
Cascades branch operational objectives, ensuring staff are meeting established standards and practices and, where necessary, makes improvements to work processes
Ensures all staff are cognizant of, and subscribe to, their responsibilities to protect the confidentiality and privacy of information and addresses any breaches as appropriate
Manage staffing workload allocation, review and approve monthly time tracking for all branch resources and prioritize work against operational objectives and planned commitments
CYBERSECURITY & IT RISK MANAGEMENT
Leads cybersecurity operations and day-to-day cybersecurity activities including patch deployment, vulnerability management, incident response, threat detections, network monitoring and logging, end point protection, demilitarized zone (DMZ) management, etc.
Facilitates Cybersecurity Governance Committee meetings, including assisting the Committee with developing and implementing a cybersecurity strategy, framework, and roadmap that is aligned with WCB priorities
Prepares comprehensive monthly Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity Governance Committee
Prepares and presents security and IT risk management materials, cybersecurity initiative updates, and compliance reports to WCB senior management and the Cybersecurity Governance Committee
Conducts regular meetings with key stakeholders at IT and enterprise levels to discuss risks, trade-offs, and share relevant knowledge on cybersecurity risks, threats, and initiatives
Partners with business stakeholders to raise awareness of cyber risk management concerns
Develops and implements comprehensive cybersecurity strategies, policies, and procedures to safeguard WCB assets and mitigate risks
Oversees regular IT risk assessments and security audits to identify areas for improvement and ensure compliance with relevant regulations and security standards
Collaborates with cross-functional teams and WCB business stakeholders to integrate security best practices into business processes and technology solutions
Maintains cybersecurity incident response plans; prepares WCB to detect, respond, and recover from cybersecurity incidents; coordinates incident response efforts; and reports on impact, root-cause and post-mortem lessons to Cybersecurity Governance Committee, WCB Executives, and Board of Directors
Acts as the management escalation point for all security incidents
Tracks business case outcomes for cybersecurity related initiatives including cost, benefits, and risk
Represents cybersecurity considerations in architecture decisions and IT initiatives
Manages third-party risk program to address cyber risks existing on third-party systems.
Maintains awareness of emerging cybersecurity threats, technologies, and best practices to continuously enhance WCB's security posture
Fosters a culture of security awareness and accountability throughout the organization
MANAGING SERVICE PROVIDERS
Procures IT services and/or contractors in accordance with WCB standards and practices
Establishes and maintains vendor relationships
Develops a service provider network and manages relationships with contractors, including monitoring performance, service deliverables and achievement of milestones
Completion of a recognized degree or diploma program in Information Security, Computer Science or an IT related discipline
Minimum ten (10) years Information Technology experience, including minimum five (5) years in Cybersecurity and IT risk management; and minimum three (3) years of progressive IT leadership experience supervising/managing IT professionals, preferably in a large, unionized environment
Strong understanding of cybersecurity frameworks, standards, and regulations e.g. ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
Strong technical knowledge of on-premises and cloud based platforms and experience with security technologies and tools, such as SIEM, IDS, IPS, DLP, endpoint protection, and vulnerability management solutions
Proven experience in conducting IT risk assessments, security audits, and developing risk mitigation strategies
Experience liaising with and/or presenting to executive management and/or Board level committees
Ability to lead, manage, mentor, and motivate staff to achieve desired results across the division, and take corrective action as required
Ability to develop and manage operating and capital budgets
Strong analytical and problem solving skills to resolve issues and set direction
Strong verbal and written communications skills with the ability to influence, persuade and negotiate with all stakeholders, senior leadership and staff
Ability to build trust and create positive working relationships with partners, internal / external stakeholders, managed service providers and external vendors
Ability to work under pressure and manage projects across organizational divisions
Ability to maintain confidentiality of sensitive and confidential information.
Knowledge and experience in competitive purchasing practices, IT contracting, and vendor management
The ability to communicate proficiently in both official languages (English & French) is an asset, but is not required
The following designations would be an asset:
ITIL v4 Foundation certification
Project Management Professional (PMP)
Lean IT Foundation certification
Certified Information Systems Security Professional (CISSP) certification, or Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
Microsoft Azure Fundamentals certification
Ability to communicate proficiently in both official languages (English & French) is an asset.
A satisfactory criminal record check and verification of education will be required for the successful candidate.
The WCB is committed to building a skilled, diverse workforce with equitable representation of Indigenous persons, visible minorities, persons with disabilities, women, 2SLGBTQ+ persons and members of other equity-seeking groups. Applicants are encouraged to indicate in their covering letter or resumé if they are a member of these groups.
The WCB recognizes that individuals may face barriers that hinder their full and equal participation in the workplace, and is committed to providing reasonable accommodation to all employees and candidates who are or may be disabled by one or more barriers in the workplace. Accommodations are available on request for candidates taking part in all aspects of the selection process.
About WCB:
The Workers Compensation Board promotes safety and health in Manitoba workplaces and aims to help prevent and reduce the occurrence of workplace injuries and disease. Working with its partners, the WCB promotes safe and healthy workplaces, facilitates recovery and return to work, provides compassionate and supportive compensation services for workers and employers, and ensures responsible financial stewardship.
WCBdoes encompasses what it means to work at the WCB. The WCB is proud to have employee benefits and programs that support financial and personal security, foster health and well-being, encourage involvement and support growth as an individual and member of the WCB community. The four categories of WCBdoes include: Security, Wellness, Engagement and Growth.