Cyber Security Manager

We are accepting applications for a permanent full-time Cyber Security Manager to join our Information Systems team. The Cyber Security Manager (Manager) plays a leadership role in ensuring the confidentiality, integrity and availability of the CVRD’s information and systems. The Manager is directly responsible for delivering the IT security program for the organization, including related training, corporate awareness, policies, procedures, security breach investigations, and remedial action plans to ensure compliance with cybersecurity frameworks and security of all CVRD data.

Reporting to the Senior Manager of Information Systems and GIS, the primary responsibilities of this role include:

• Managing the development, implementation and delivery of the CVRD’s Information Security Program;
• Coordinating the development of security improvement initiatives;
• In consultation with the Senior Manager, developing organization-wide information security policies and procedures;
• Working with managers and staff across the organization to ensure that all CVRD staff remain adequately trained in best practices from a cybersecurity perspective;
• Overseeing and managing all corporate Firewalls, VPN appliances, security systems and security cameras;
• Overseeing and managing protection of Microsoft 365 with Microsoft Entra;
• Maintaining an awareness of current and emerging threats, completing risk assessments and directing appropriate responses;
• Acting as a key resource and support to the CVRD’s Chief Administrative Officer and local authorities on internal and external investigations involving security breaches and other IT policy contraventions;
• Working collaboratively within the Information Systems management team to establish and monitor the CVRD’s cyber-security exposure, and changes in the threat landscape;
• Participating in the development of business continuity planning; developing and sustaining an information security incident response readiness and exercise function;
• Collaborating with Engineering Services and other CVRD staff to define shared responsibilities around the secure and resilient operation of critical systems, identifying needed improvements, and implementing and monitoring progress;
• Conducting regular planning and preparedness exercises and events to ensure the CVRD has the knowledge, ability, and plans to respond and recover from security threats;
• Assisting in the development of Privacy Impact Assessments as they relate to information and data security;
• Identifying system weaknesses and implementing remediation protocols to improve overall system security;
• Setting the overall remote access security policy and thresholds for the organization and employees;
• Ensuring data safety and security in both the implementation and ongoing support of payroll and HRIS legacy systems;
• Mentoring other Information Systems staff responsible for day-to-day security monitoring and response and the delivery of information security projects;
• Managing vendors and consultants providing information security software, systems and services;
• Directing and leading IT security personnel, including recruiting, training, performance management, and fostering continuous professional growth;
• Establishing and maintaining effective working relationships with internal and external stakeholders;
• Managing the security budget and resources.

Our ideal candidate is:

• A strong communicator with demonstrated success in facilitation, consensus building, and conflict resolution;
• Well-versed in security systems configuration and operation technologies and practices including end-to-end problem management and root cause analysis;
• Skilled and experienced in risk management and risk assessment principles with a strong understanding of confidentiality and discretion commensurate with the level of trust and access held by the position;
• Educated in Computer Science or Information Technology with a related bachelor’s degree supplemented by at least five years’ recent related experience implementing and maintaining technology related to information security prevention, detection, and response;
• A certified Information Security Manager (CISM), Information Systems Security Professional (CISSP), or equivalent;
• Knowledgeable in the legal requirements pertaining to the privacy of personal information including the Province of British Columbia’s Freedom of Information and Protection of Privacy Act (FOIPPA);
• A relationship builder able to successfully initiate and facilitate effective contacts with external consultants, vendors and service providers;
• Team-oriented with experience supervising staff, including the ability to lead, coach and motivate;
• Able to explain technical concepts/information to users of various ability levels;
• Motivated with the ability to plan, prioritize, and meet deadlines under pressure;
• Current in new technology and industry initiatives with a strong understanding of Microsoft Entra;
• A certificate in project management is preferred.

A valid BC Class 5 driver’s license is required for this role. Successful candidates will be required to consent to a Canadian Criminal Record Check.

This is an exempt position with a current annual salary of $102,753 to $122,019.