Share this Job

Senior Manager, Enterprise Cybersecurity & Technology Operations

Date: Jun 16, 2022

Location: Toronto, ON, CA

Company: Hydro One Networks Inc

44920 - Toronto - Regular - ongoing 

Safety Comes First is a core value at Hydro One, and we remain committed to taking every reasonable precaution to ensure a respectful, safe and healthy working environment. Further to this commitment, we have adopted a COVID-19 Vaccination Policy to protect the health of our employees from the hazard of COVID-19. New employees will be required to declare their vaccination status to Hydro One. Employees who do not provide proof of vaccination status may not enter any 3rd party locations that require full vaccination (e.g. customer properties).

Hydro One is proud to be the largest electricity transmission and distribution provider in Ontario, serving nearly  1.5 million customers. We have a long history in the industry with our roots dating back over 110 years to 1906. Since then, we have worked to grow and evolve to meet the changing needs of our customers and communities across Ontario. Today, we’re focused on providing exceptional customer service and ensuring we are building safe communities where we live, work and play.

It’s an exciting time to join the team at Hydro One!

*NOTE* Hydro One introduced a Hybrid Work Pilot Project in 2022 for most office-based roles. Employees work in-office/on-site two days a week and remotely from home for three days a week. Hydro One is adding refreshed workspaces and technology to support these changes.  Join us as we ‘trial & learn’ a new modern way of working and be a key driver of future state!

In office but with intention – a time for team and trust building, collaboration, and socialization. Please reach out to us to learn more!

Reporting to Director, Cybersecurity, this role is accountable for cybersecurity operations, the associated security technology used to identify and mitigate cyber risk and the lifecycle management of those security technologies used within the enterprise at Hydro One. This includes working with the enterprise security architect in planning, acquisition, and managing the implementation of the technology. This role is also responsible for the effective and efficient operations of the 24/7 cyber incident responses processes including the hybrid operational model between Hydro One and our Managed Security Services Provider.

 

The role is accountable for ensuring Hydro One is appropriately positioned against an evolving cyber threat landscape from a security technology and operations perspective. As the landscape evolves, this role is required to ensure the security technologies and the associated processes evolve to ensure effective identification, mitigation and response to the current and future cyber-related events, threats and risks.

 

Specific Accountabilities

  • Manage a team of security technology professionals
  • The position is accountable for life cycle management of security technologies .
  • Leverage security products and technologies to ensure the controls provide the required level of security protection and compliance.
  • Identify new products to add to the security architect portfolio, ensuring Hydro One is positioned to identify and defend against threats and the evolving associated landscape.
  • Work with the various stakeholders to make security product and technology acquisition decisions
  • Requires vendor management and working with Supply Chain to ensure pricing structures, vendor governance and risk management practices are adhered to.

 

Operations Leadership Accountability

  • Accountable for the configuration of the products and technologies to provide the organization with day to day security protection and compliance. This includes following up and investigating alerts, evolving the coverage of these products and technologies (updates, new use cases, installing on new platforms, identifying gaps in coverage etc.).
  • Develop and instill a culture that day to day operations are important and a key element of managing cybersecurity risk, resilience and compliance.
  • Further developing and operationalizing the organizations vulnerability management program, patch management program and penetration testing program.
  • Approval of fire wall rule changes, extraordinary access control requests, and approval of operational readiness of all project prior to going "live".
  • Security Incident Management
  • Accountable for security incident management and managing an on call schedule 7 x 24 x 365
  • Ensure the organization has the appropriate arrangements in place for incident and forensic services
  • Ensure effective response processes and management of security events, incidents, emergencies and crisis to timely conclusion
  • Participate in mock drills and simulations for security incident management

Project Leadership

  • Accountable for driving a number of security technology projects to completion in a timely basis.
  • Accountable for ensuring security technologies and operations are properly positioned as part of the project lifecycle and the projects going live have all of the required security technologies and operations coverage.
  • Ensure new systems are properly setup and being monitored to the right level.
  • Certifying that new infrastructure has been hardened and patched prior to go live and tools are installed and monitored appropriately etc.,

 

Risk Management and Reporting

  • Augment existing metrics to create an ongoing real time state of operational security, risk management and compliance for the organization.
  • Position security risk and operational reporting within the context of the threats and risks facing the organization

 

Financial Management

  • Manage the budget for the area and contribute to the Multi-year Security Technology Operations Investment Plan.

 

Key Stakeholders

  • This position works across the organization - key stakeholders include Architecture, Technology Management - Leadership, Project and Program Managers, Internal Audit, Risk Management, Compliance etc.

 

Selection Criteria:

  • University Degree in Computer Science, Engineering, Business or another related discipline.
  • Professional Certification will be an asset: e.g. CISSP, CISM, PMP, TOGAF, ITIL..etc
  • 12-15 years related IT and Security Experience.
  • Relevant Experience in a Management-Leadership Role - direct management responsibility for 5-8 security technicalstaff.
  • Experience in architecture development.
  • Experience improving IT Service Management, Asset Management, Change and Configuration Management of an IT organization.
  • Experience implementing large, complex enterprise IT/Security technology/system.
  • Experience working in unionized environment.
  • Experience managing teams of contractors, staff at multitple geographic locations.
  • Experience managing third party Security and IT Providers.
  • Demonstrated track record leading and implementing change across a complex matrix organization.
  • Strong Project Delivery Skills - Ability to meet tight deadlines.
  • 7 x 24 rotational on-call required for high priority security incidents.


At Hydro One we understand that the success and strength of our business rests with our people. When we develop their skills, we are investing in both their success and ours. To secure the best talent, we seek to create a workforce that reflects the diverse populations of the communities where we live and work and to create a culture based on safety, innovation and inclusiveness.

 

We are honoured to be recognized by Forbes in its list of Canada’s Best Employers for 2021.

 

Thank you for considering a career with Hydro One, we welcome applications from all qualified candidates. If you are having difficulty using our online application system and you need an accommodation due to a disability, please email careers@hydroone.com. Hydro One will provide reasonable accommodation for qualified individuals with disabilities in the job application process.

 

Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.

 

Deadline: July 4, 2022

 

 

In the event you are experiencing difficulties applying to this job please consult our help page here.


Job Segment: Information Technology, IT Manager, Operations Manager, Supply Chain Manager, Risk Management, Operations, Technology, Finance