Cybersecurity and GRC Manager

The Manager, Cyber Security and GRC and his/her team are responsible for the cybersecurity controls, methodology and risk assessment, as well as compliance with the standards that AIM follows. The manager and his/her team are also responsible for evaluating, designing, and implementing business process best practices to improve service and business efficiency. They will analyze workflow, process, and reporting data to assess the effectiveness of current business processes:

Reporting to the Senior Director of IT and Cybersecurity, the Cybersecurity and GRC Manager will:

• Ensure continuous improvement and adoption of the information security governance framework
• Manage the cybersecurity methodology and risk register
• Manage and ensure the vitality of the governance framework: policies, standards, procedures, etc.
• Participate in the initial phase of projects to identify and communicate safety issues to facilitate compliance with standards and proper risk management.
• Perform regular and proactive reporting to the CISO and maintain business KPIs
• Lead and coordinate projects and activities related to process quality and efficiency to ensure continuity of best practices and quality improvement across all IT spheres (OPS, APP and PMO).
• Manage the process and cycle of major incidents and issues.
• Manage the Change Advisory Committee (CAB).
• Develop/update documentation of policies, standards, procedures, processes, work instructions, and other tools to support execution.
• Collaborate cross-functionally to evaluate and improve the entire process lifecycle.
• Manage team member development, goals, training, etc.

Requirements

• At least 5 years in cybersecurity GRC
• At least 5 years of experience leading process analysis and redesign initiatives using Lean methodology.
• Proven experience leading others on process analysis and redesign initiatives.
• Strong analytical skills and ability to translate data into measurable actions and present projects to management for evaluation and prioritization.
• Ability to present complex processes in easy-to-understand terms to various cross-functional stakeholders in order to gain their approval and set priorities.
• Ability to prioritize and manage multiple projects, large and small, with competing deadlines, and present progress to management.
• Significant skills in process improvement, business transformation, customer service, communication, leadership, problem solving, and team building.
• Experience in applying security frameworks (e.g., ISO 27001, COBIT), laws, and standards (e.g., NIST, GDPR, Law25)
• Ability to work on deliverable projects with minimal supervision and present progress and results to the Director for approval.
• Lean certification and cybersecurity an asset