Cyber Security Manager to define the strategic direction of a digital security program, ensurin[...]

Our valued non-profit client is seeking a Cyber Security Manager to define the strategic direction of a digital security program, ensuring security is seamlessly integrated into our services and daily operations.

Permanent full-time role in Ottawa, ON. The successful candidate must be available to work in a hybrid on-site schedule in Ottawa, ON (2 days/week in office).

As the successful candidate, you will be accountable for the organization's Cyber Security posture, roadmap, policies, and daily operations to protect the organization's information and technology assets. This position will lead the design, implementation, and ongoing management of security controls. You will lead a team of cyber security professionals and partner with business leaders across the organization to provide guidance, standards, oversight, and support on cyber security matters. Your team will work to mitigate risks, detect threats, and respond effectively to security incidents. You will also test these controls to ensure they are functioning and being followed, and play a role in ensuring compliance with security best practices across the digital environment.

Responsibilities:

1. Develop, implement, and maintain the information security program aligned with organizational goals, objectives, and risk tolerance.
2. Research and evaluate emerging cyber security trends, threats, and technologies; provide recommendations to enhance security posture.
3. Develop and maintain enterprise information security architectures and solutions.
4. Build and maintain effective relationships with internal and external groups; represent security in projects, committees, and working groups.
5. Lead information security delivery, including threat detection, monitoring, and incident response; participate in Security, Privacy Records, and Information Governance Committee (SPRING) and Digital Governance committees.
6. Conduct security assessments and testing to identify and remediate gaps or issues.
7. Collaborate with ITS managers, business units, legal, and privacy teams to develop an information security roadmap.
8. Establish and monitor the effectiveness of security and privacy practices, ensuring policy alignment.
9. Coordinate with Crisis Management and Business Continuity Teams to prepare for significant incidents.
10. Develop and test incident response Playbooks and Plans.
11. Monitor technological landscape to ensure systems meet current and future business needs.

Must Have Skills:

1. 10+ years of experience with information security frameworks and principles.
2. 5+ years of management experience leading and coaching security teams.
3. Experience with cloud-based, Azure-focused environments, with strong knowledge of Microsoft security products.
4. Certifications such as CISSP, CISM, GIAC, or equivalent.
5. Experience with SIEM, event management, and identity and access management systems.
6. Knowledge of risk assessment, threat/vulnerability management, incident response, and IAM principles.
7. Experience developing security procedures and conducting risk assessments.
8. Experience with Threat and Vulnerability Management programs.

Nice to Have Skills:

1. Relevant certifications like SSCP or CEH.
2. Understanding of NIST CSF, NIST RMF, ISO27001, SOC2, PCI DSS, and ITIL.
3. Programming skills (Python, UNIX shell scripting, PHP, etc.).