The Manager of Cyber Security Governance, Risk, and Compliance (GRC) oversees the development, implementation, and management of technology policies, practices, and standards; conducts risk assessments and manages technology risks; and leads efforts to maintain compliance with regulatory requirements for both Information Technology (IT) and Operational Technology (OT). This role manages resources within the Cyber Security GRC Group and ensures adherence to regulatory requirements, industry standards, and emerging security threats.
- Develop, implement, and monitor goals and objectives for the Cyber Security Governance, Risk, and Compliance Group and ensure they are aligned to the Information and Technology Services Division.
- Create and maintain technology policies, standards, and practices to protect assets and ensure compliance with evolving regulatory and industry standards.
- Manage and direct Cyber Security Governance, Risk, and Compliance resources in risk management, Technology Use Manual implementation, and other Cyber Security initiatives.
- Monitor organizational compliance with technology use practices and produce reports on key performance and risk indicators (KPIs/KRIs).
- Oversee the conduct of regular risk assessments to identify and evaluate potential Cyber Security risks. Maintain and improve the Halifax Water Risk Assessment Framework in consultation with the Enterprise Risk Management Team. Develop and implement risk mitigation strategies and controls to reduce identified risks to acceptable levels.
- Oversee the development and delivery of Cyber Security awareness and training programs to enhance organizational security culture.
- Develop annual budget and forecasts for Cyber Security GRC group to meet both capital and operational requirements for Cyber Security of assets, projects, and ongoing maintenance.
- Lead vendor security assessments and provide guidance during vendor selection processes, ensuring third-party compliance with security standards.
- Provide security advisory services for IT and OT projects to ensure effective risk management throughout project lifecycles.
- Collaborate with enterprise architects on long-range planning for future software and hardware, while developing policies to optimize their use and protect data. Enhance the Cyber Security program to ensure system integrity, data protection, and privacy, and manage ongoing risks to Halifax Water’s infrastructure and information.
- Oversee the conduct of internal Cyber Security audits and assessments to verify compliance with practices and regulations. Prepare detailed reports and documentation of compliance findings and security gaps. Manage and maintain the policy exception handling process and document policy exceptions, with appropriate level of management.
- Support Disaster Recovery, Emergency Management and Business Continuity Planning. Support the testing of these plans from a Cyber Security perspective. Support the development and maintenance of incident response plan including incident analysis, mitigation, recovery, improvement standards and mechanisms, and Incident Response Tabletop Exercise
- Manage Cyber Security GRC projects with resources, both internal and external, through all phases including preparation, planning, construction, testing, final implementation, and post project support.
- Collaborate with other departments, and organizations to ensure a collaborative approach to Cyber Security risk management.
- Assume other related duties and responsibilities, as assigned by the Senior Manager Information and Technology Services.
Reports to: Senior Manager, Information and Technology Services
Supervises: Cyber Security Awareness Coordinator, Cyber Security Analyst, Administrative Coordinator – Cyber Security
Minimum Qualifications
Education:
- Undergraduate degree in Computer Science / Information Technology.
Experience:
- Five years of broad experience in Cyber Security, governance, threat and risk analysis, information security, and Cyber Security compliance.
- In-depth knowledge of Cyber Security and privacy frameworks, standards, and regulations (e.g., National Institute of Standards and Technology Cyber Security Framework (NIST-CSF), National Institute of Standards and Technology Special
- Publication 800-53 (NIST SP800-53), National Institute of Standards and Technology Special Publication 800-82 (NIST SP800-82), Municipal Government Act (MGA), International Society of Automation / International Electrotechnical Commission (ISA/IEC) Standard 62443, North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) Center for Internet Security Critical Security Controls (CIS)).
Other equivalent combinations of formal education and related experience may be considered.
Certificates/Licenses/Registrations:
- One of the following or equivalent:
- Certified Information System Security Professional (CISSP)
- Certified Information System Auditor (CISA)
- Certified SCADA Security Architect (CSSA)
- Certified GRC Professional (GRCP)
- Certified in Risk and Information Systems Control (CRISC)
- Risk Management Certification considered an asset.
- Valid NS Drivers’ License and access to reliable transportation on an ongoing basis.
- Must be willing to undertake and maintain the following safety training:
- First Aid
- Globally Harmonized System (GHS) (Formerly WHMIS)
- Additional safety training as identified based on legislative and operational requirements
- Knowledge of Risk Analysis and management frameworks.
- Excellent written and verbal communication skills, with the ability to effectively communicate complex security and compliance issues to technical and non-technical audiences.
- Strong analytical and problem-solving skills to identify and mitigate security risks in a timely manner.
- Ability to write business cases for new technology or for technology upgrades.
- Demonstrated labour relations skills in a unionized environment.
- Demonstrated ability to work within a team environment to accomplish organizational goals.
- Demonstrate ability to improve, promote quality, demonstrate accuracy and thoroughness.
- Good analytical, research and project management skills, and proficient in project management methodology.
- Strong computer proficiency with Microsoft Office tools (Word, Excel, PowerPoint, Project, Visio)
- Ability to make decisions, exhibit sound and accurate judgment, and make timely decisions.
- Ability to prioritize and plan work activities, use time efficiently, and develop realistic action plans.
- Ability to think strategically about security and compliance in the context of the organization’s goals and objectives.
- Ability to adapt to changing regulatory requirements and evolving security threats.
- Strong interpersonal skills and the ability to work effectively with cross-functional teams and external partners.
- Proactive approach to identifying and addressing security and compliance issues before they become critical.
Applicants who applied previously for this competition do not need to reapply.
Completed cover letters and application forms [PDF] or resumes, stating Competition #HW25-20E must be received by 4:30 p.m., February 28, 2025. Please forward to:
- Halifax Water
HR Department
P.O. Box 8388, RPO CSC
Halifax, NS
B3K 5M1
Fax
-
902-490-6934
Please note: Only applicants invited for an interview will be contacted.
Conditional Items Required for Employment:
- Satisfactory background check
- Satisfactory pre-employment testing
Halifax Water is an equal opportunity employer.
Halifax Water’s goal is to be a diverse workforce that is representative of the community we serve, at all job levels. Halifax Water believes a diverse workforce positively contributes to its success, and the success of our community. We encourage applications from qualified African Nova Scotians, LGBTQ+ community, racially visible persons, women in non-traditional positions, persons with disabilities and Indigenous persons. Halifax Water encourages applicants to self-identify in the cover letter.