Senior Manager, Cyber Security Risk Management

• Work Environment – Work onsite in our beautiful home office building with access to a fitness facility, onsite nurse, and a café
• Competitive Compensation – Includes an annual bonus plan, pension plan, and parking allowance
• Flexible Benefits Plan – In effect from day one and offers three levels of coverage to select from to meet your unique, personal needs
• Paid Vacation – There is an annual option to purchase additional vacation, too
• Wellness Support – With an annual wellness allowance, paid personal care days and a 24/7 Employee & Family Assistance Program
• Opportunity to give back to some amazing causes in our community – Choose when and where to make an impact with a paid volunteer day, company volunteer opportunities, and a donation-matching program

• Lead a team of cybersecurity professionals to identify, assess, manage, and communicate cyber risks across the organization, influencing decisions related to platforms, vendors, processes, architecture, and project timelines
• Develop and execute a company-wide cyber risk assessment program that prioritizes threats and outlines mitigation strategies and security initiatives aligned with business objectives
• Create and present security roadmap projections aligned with short- and long-term risk-based cybersecurity goals for review and approval by the Director of IT Security
• Build and deliver cyber risk reporting for internal teams and executive leadership, including operating companies and third-party partners, ensuring risks are cascaded and addressed
• Oversee daily operations of risk programs such as threat assessments, third-party evaluations, and insider threat monitoring
• Recommend and implement technical controls to address identified risks and reduce detection gaps, while supporting compliance and audit requirements
• Define and communicate program success metrics in collaboration with IT and business stakeholders to demonstrate progress and impact
• Oversee the development and delivery of security awareness and training programs to promote a strong cybersecurity culture across the organization, ensuring content is relevant, engaging, and aligned with evolving threat landscapes
• Lead security testing, disaster recovery planning, and threat landscape analysis to ensure systems are resilient and risks are proactively managed
• Manage and mentor a team of security analysts, including hiring, training, performance reviews, and career development

• Deep understanding of how cybersecurity risks impact business operations and decision-making
• Proven experience with Cyber Risk Management and Enterprise Risk Management programs
• Strong leadership and team development skills, with the ability to guide security and IT personnel independently
• Exceptional communication skills for engaging technical teams, business stakeholders, and executive leadership
• Familiarity with legal, privacy, audit, and compliance functions, and recognized security frameworks like NIST CSF 2.0, ISO 27005, NIST 800-53, NIST RMF AI, ISO 42001, ISA/IEC 62443
• Skilled in driving change and influencing cross-functional teams in complex organizational environments
• Skilled in project management, risk assessments, and developing strategic mitigation plans with effective resource allocation

• A minimum of 15 years of IT experience, with five years in a GRC / information security role and at least five years in a supervisory capacity
• A technical bachelor's degree, preferably in Computer Science, or equivalent work experience
• Cyber Security Certifications: CISM, CISSP, CRISC, GIAC or GRCP

Irving Oil