CYBER SECURITY RISK & COMPLIANCE OFFICER
CYBER SECURITY RISK & COMPLIANCE OFFICER
WINNIPEG, MB
Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!
Great Benefits
- Competitive salary and benefits package.
- Defined-benefit pension plan.
- Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life and community.
- Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on nature of work, operational requirements and work location.
Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation, commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.
Reporting to the Director of Cyber Security in the Digital and Technology Business Unit, the Cyber Security Risk and Compliance Officer is responsible for enabling strategic transformational change to the enterprise approach to cybersecurity and will work closely with the Director on developing divisional vision, strategy and goals incorporating governance, risk and controls to improve the capacity of cybersecurity to support the maturation of our cybersecurity posture across the corporation.
This role is responsible for advising and leading developing systems to maintain the integrity, confidentiality, and availability of Manitoba Hydro information and technology assets across the corporation by designing, implementing, monitoring, communicating, and enforcing overall corporate cyber security policies, processes, guidelines, controls, and utility industry best practices for all Manitoba Hydro technology assets and environments. This includes working with procurement areas to implement appropriate third-party cybersecurity risk monitoring, assessments, tracking and utility best practices and providing education, guidance and consulting services to all staff and management, including senior management.
Responsibilities:
- Lead the development of supportive strategic direction and prioritization methodologies including business planning, departmental work plans and guiding section heads and staff towards further building and maturing cybersecurity capabilities including third party risk management.
- Mature cybersecurity governance, risk and control frameworks and the application of such frameworks across the corporation including mapping controls to control frameworks.
- Provide education, guidance and consulting assistance to all staff and management across all Business Units on overall Cyber Security and third party risk and maintain a strategic relationship within Digital & Technology BU and key interested parties across Enterprise.
- Guide the development, maintenance and improvements of a consistent corporate approach for cyber security assessments across initiatives by developing processes, selecting tools and methods.
- Guide the evaluation of cyber security risks related to procurement of new or changing software or hardware (both IT/OT) technology.
- This role is also responsible for facilitating all corporate post-loss forensic reviews across the corporation including liaising with external legal support.
- Coordinate cyber security focused responses to internal and external audits and assessments.
- Evaluate potential changes in risk profiles due to changing technology landscape, including when third party companies are acquired or disposed of to assess security vulnerabilities and determine mitigation strategies.
- Embed themselves as a key team member in all lines of business to assist in reducing cyber risks to our critical infrastructure.
- Collaborate with Corporate Communications to develop a cyber security informative communications plan.
- Build internal divisional change management capabilities through education and support of all internal staff, including monitoring effectiveness of change-related activities.
- Guide the development, management and improvement of monitoring and reporting NERC CIP requirements for all IT assets.
- Liaise with external utilities and agencies (Electricity Canada, Canadian Gas Association, federal and provincial government committees and representatives) to build relationships, learn best practices, facilitate provincial, federal and government agency relationships. May represent Manitoba Hydro on national and international committees.
Qualifications:
- Completion of a four-year degree program from an institute of recognized standing in a related discipline plus six years directly related experience, demonstrating progressively greater responsibly in a supervisory/leadership capacity or an equivalent combination of related education and experience.
- Knowledge of cybersecurity frameworks such as NIST, SOC, ISO, COBIT, COSO, ISO and CMMC and relevant certifications in cyber security such as CISSP, CRISC, CCSP, CISA and CISM would be an asset.
- Certification in a change management framework such as PROSCI is considered an asset.
- Professional Risk Manager designation is considered an asset.
- Lean/Six Sigma designation is considered an asset.
- Demonstrated experience in audit procedures.
- Demonstrated experience in developing successful working relationships with internal and external stakeholders at all levels of the corporation.
- Demonstrated ability to successfully contribute to complex initiatives, projects, and teams across a variety of different business areas.
- Extensive knowledge of enterprise risk management, including industry standards and best practices and procedures.
- Insight into the key enterprise risks and insight into the strategic issues facing Manitoba Hydro and the electrical and gas industry with a focus on risk assessment, management, and mitigation.
- Excellent presentation skills especially with senior executive audiences.
- Demonstrated experience providing key support for Director-level requirements in strategic planning, divisional representation, managing relationships and communication plan development.
- Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba Hydro policy P513.
- Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.
Applications for this opportunity will include a cover letter and resume detailing how your academic qualifications and progressively responsible work experience directly align with the roles and responsibilities associated with this leadership role.
Salary Range
Starting salary will be commensurate with qualifications and experience. The range for the classification is $51.34-$70.34 Hourly, $98,380.88-$134,784.78 Annually.
Apply Now!
Visit www.hydro.mb.ca/careers to learn more about this position and to apply online.
The deadline for applications is JULY 2, 2025.
We thank you for your interest and will contact you if you are selected for an interview.
This document is available in accessible formats upon request. Please let us know if you require any accommodations during the recruitment process.
