Manager, Cyber Threat Prevention

Responsibilities

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Champion the 3 lines of defense model for risk management and act as a 2nd line of defense facilitator regularly interacting with the 1st line 
• Manage the cyber threat prevention team, including the security architects and secure applications and platform design specialists
• Own the development and maintenance of a Security Architecture Methodology and Threat Modeling Methodology that are aligned with business, technology and threat drivers across both IT and OT environments
• Establish and maintain Key Performance and Key Risk Measures that provide clear security mentorship to build programs on release readiness
• Contribute to the Digital Risk and Cyber Security strategic plans and roadmaps using sound enterprise architecture practices and information security principles
• Lead all aspects of the design and sustainment of security architecture artifacts, used to demonstrate security capabilities in projects and operations while meeting the risk tolerances of the organization
• Track developments and changes in the business and threat environments to ensure that these are adequately addressed in plans and artifacts
• Coordinate the drafting of technical security standards for review and approval by the CISO and executive management as required
• Administer the establishment of baseline security configuration standards for applications and platforms inclusive of data and development pipelines, operating systems, and network zones and devices
• Collaborate with DevOps teams to advocate a secure development lifecycle, using established measures to report performance to the CISO
• Evaluate technical security assessments and system reviews in order to prioritize remediation based on the risk profile of the asset and mentorship from the CISO
• Lead security processes and technologies to make recommendations for their use based on security, financial and operational requirements
• Facilitate resource assignments to various committees and boards, including the advisory board, architecture review board, and digital solution review
• Support the internal audit team in their review and assessment of design and operational efficiency of security-related controls

Qualifications

• 10+ years of cyber security architect experience in a relevant domain: cloud computing security, network security, application security, endpoint security, logging and monitoring, cyber incident response, and risk management
• Bachelor’s degree in Cyber Security, Computer Science, Mathematics, Engineering, or equivalent experience. A Master's or postgraduate degree is an asset
• Relevant technical certifications in security and architecture (GIAC, SABSA, TOGAF, Zachman, ITIL) or professional management (Certified Information Security Manager, Certified Information Systems Security Professional or Auditor)
• Proven understanding of IT Service Management (incident, problem, change, asset, and configuration management) and infrastructure (applications, databases, operating systems, hypervisors, IP networks, storage networks)
• Solid understanding of the methodologies to conduct threat-modeling exercises on applications, infrastructure and cloud services
• Direct experience crafting IAM technologies/services on prem and in cloud, with additional experience in the deployment of applications and infrastructure into public cloud services