- Company Name
- Government of Nova Scotia
- Job Title
- Manager, Cyber and Risk
- Job Description
-
Job title: Manager, Cyber and Risk
Role Summary:
Lead a cyber risk team to assess, embed, and manage cybersecurity risk throughout the technology delivery lifecycle. Drive a risk‑aware culture, support procurement and RFP processes, and facilitate secure‑by‑design practices across government, healthcare, and education initiatives.
Expectations:
- Build and mentor a high‑performing cyber and risk team.
- Integrate cybersecurity frameworks into project design and delivery (Agile, DevSecOps).
- Deliver accurate risk assessments, treatment plans, and clear risk communications.
- Partner with business owners and delivery teams to shape risk‑based decisions.
- Continuously improve assessment processes and maintain industry‑aligned standards.
Key Responsibilities:
1. Lead, coach, and develop cyber risk professionals.
2. Collaborate with delivery partners to define scope, expectations, and risk assessment requirements.
3. Execute comprehensive risk assessments for systems, applications, services, vendors, AI, and cloud platforms.
4. Review control effectiveness, identify risks, and provide actionable recommendations.
5. Identify cybersecurity requirements in RFPs, evaluate proposals, and advise on contractual terms.
6. Maintain risk treatment plans, reporting, and documentation (risk logs, dashboards).
7. Establish, refine, and promote cybersecurity standards, processes, and assurance frameworks.
8. Facilitate workshops, meetings, and trainings for non‑technical stakeholders on security risks and trade‑offs.
9. Foster cross‑functional relationships and secure‑by‑design thinking across the organization.
10. Adapt risk assessment procedures to evolving cybersecurity threats and regulatory changes.
Required Skills:
- Leadership: 5+ years of progressive cyber/security/risk management with direct people management.
- Technical knowledge: NIST CSF/800‑53, ISO/IEC 27001, CIS Controls, SOC 2 and related frameworks.
- Integration: Experience embedding security in system/solution design, Agile and DevSecOps environments.
- Risk Documentation: Expertise in risk tracking, decision logs, dashboards, and formal reporting.
- Procurement: Ability to define cybersecurity requirements, evaluate responses, and negotiate contractual terms.
- Communication: Proficient at translating complex security concepts to non‑technical audiences.
- Change Management: Demonstrated cross‑functional collaboration and ability to lead change in multi‑stakeholder contexts.
Required Education & Certifications:
- Undergraduate degree in Computer Science, Engineering, Science, or related technical field (equivalent experience acceptable).
- Professional certifications preferred (e.g., CISSP, CISM, CISA, CRISC, or equivalent).
---