ENTERPRISE CYBER SECURITY PROGRAM DEPARTMENT MANAGER

ENTERPRISE CYBER SECURITY PROGRAM DEPARTMENT MANAGER

WINNIPEG, MB

Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!

Great Benefits

• Competitive salary and benefits package.
• Defined-benefit pension plan.
• Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life and community.
• Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on nature of work, operational requirements and work location.

Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and exceptional customer satisfaction.  Join our team of Manitoba's best as we continue to build a company that supports innovation, commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.

We are looking for an Enterprise Cyber Security Program Department Manager to join our team. Reporting to the Director of Cyber Security and working collaboratively with subject matter experts across the organization, you will lead a strategically important department responsible for identification, implementation, and sustainment of enhancements to cyber security posture and maturity of Information Technology (IT) and Operational Technology (OT) systems.

The department mandate will be to increase the cybersecurity maturity of Manitoba Hydro to meet the Canadian utility-industry average by 2028 and develop a permanent program for the purpose of maturing and sustaining cybersecurity at Manitoba Hydro.

Responsibilities:

Lead the development, implementation, and sustainment the Enterprise Cyber Security Program:

Lead an enterprise-wide program that develops and implements the roadmap, strategy, organizational change management, corporate policies, enterprise-wide standards, centralized services, accountability structure and tracking, and initiatives required to advance Manitoba Hydro's cyber security posture. Implement measures to sustain long-term compliance and internal controls with the program. Work collaboratively at the highest level with key interested parties and subject matter experts across the organization, including in operational technology areas to oversee and deliver the program's objectives, goals, and tasks. Initiate and lead organizational change management to ensure enterprise interested party readiness for and overall sustainment of the program.

Lead the development and implementation of Enterprise Technology Security Assessments:

Lead and deliver the enterprise-wide maturity assessments, scenario assessments, penetration tests, threat risk assessments, and other assessments as a means of determining cyber maturity current state and identifying opportunities for improvement and enhancement.

Lead the management of cyber risks:

Working closely and in alignment with Enterprise Risk Management and interested parties across the enterprise, identify, assess, track, and initiate mitigation on cyber risks, assessment results, and audit recommendations.

Lead Subject Matter Expert Team:

Provide leadership, guidance, and support of subject matter experts in network security, cloud security and identity and access management to advance cybersecurity design criteria, processes/procedures, guidelines, and policies surrounding the implementation of network security, cloud security and identity and access management for the enterprise.

Hold a Key Role in Governing Committees and Cyber Security Reporting:

Prepare and deliver Enterprise Cyber Security Program status updates to governing committees, including, but not limited to, the Cyber Security Sub Committee, Reliability Compliance Steering Committee, and D&T Governance Committee. Fulfill the Cyber Security Subcommittee secretary role. Prepare and deliver ELT and Board level updates on cyber security status. Develop, capture, and report on cyber security metrics.

Support cyber security operations where required:

Support cyber event incident response and recovery as part of the Incident Response Team. In the event of a significant cyber security incident, you must be prepared to come in to work at any time during a 24-hour period to assure Manitoba Hydro system security and reliability.

Establish cross-utility connections:

Support the establishment and maintenance of enterprise alliances with external agencies such as Electricity Canada, Canadian Gas Association, federal and provincial cybersecurity groups in an effort to understand utility-centric approaches and utilize utility best practices to mitigate risks and improve the cybersecurity posture of Manitoba Hydro.

Play a lead role within the Division:

Participate in business planning, budgeting, resourcing, safety management, and the oversight of contractors and consultants.

Qualifications:

• A four-year degree in a related field such as computer science, related engineering discipline, system analysis etc., with 9 years of progressively responsible experience in cyber security operations, project or portfolio management, governance and risk management, data management, cloud platforms, risk mitigation, and program development or an equivalent combination of education and experience.
• A Master's Degree would be considered an asset.
• An understanding of cybersecurity fundamentals and general security technologies.
• An understanding of organizational mission, values, and goals and consistent application of this knowledge.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Demonstrated ability to build and sustain harmonious working relationships across the enterprise at all levels.
• Demonstrated ability to acquire resources and build and lead teams throughout building and sustaining organization-wide programs.
• Demonstrated ability in procurement and contract management.
• Excellent written, verbal, communication, and presentation skills with the ability to articulate new ideas and concepts to technical and non-technical audiences at all levels of the organization.
• Excellent planning, prioritizing, rationalization, and organizational skills.
• Knowledge of cybersecurity frameworks such as NIST, SOC, ISO, COBIT and CMMC would be considered an asset.
• Knowledge of electric and gas utility business functions and technology solutions (including both information technologies and operational technologies) would be an asset.
• Relevant certifications such as CRISC, CCSP, CISSP, OSCP, CEH, GCIH, GPEN, CISA and CISM would be considered an asset.
• Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba Hydro policy P513.
• Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.
• Possess a valid Manitoba Driver's Licence.

Salary Range

Starting salary will be commensurate with qualifications and experience. The range for the classification is $60.99-$83.57 Hourly, $116,866.62-$160,132.70 Annually.

Apply Now!

Visit www.hydro.mb.ca/careers to learn more about this position and to apply online.
The deadline for applications is MAY 6, 2025.

We thank you for your interest and will contact you if you are selected for an interview.

This document is available in accessible formats upon request. Please let us know if you require any accommodations during the recruitment process.