Cyber Security Manager

About BVD Group

BVD Group is a leading Canadian family business, established in 1999, specializing in fuel services. Originating from a single gas station in Ontario, it has grown to become Canada's largest fuel network, serving thousands daily across North America. The company offers comprehensive fleet card programs, loyalty options, and credit solutions, supporting businesses of all sizes with over 850 partnering locations. Additionally, BVD Group empowers the supply chain through its BVD Capital division, ensuring timely delivery of North American goods. Their commitment to customer support and business growth makes them a top choice for truck drivers, road trippers, and commuters. Join BVD Group at their Brampton location for rewarding opportunities and be a part of their growing success!

Job Description

We are looking for a Cyber Security Manager responsible for overall vulnerability management, application hardening, and complete security analysis of project phases. The Cyber Security Manager is also responsible for ensuring that the final deliverable of a software development project meets all the intended security and hardening needs of the business. You must be able to provide strategic advice, problem solve and provide input into the cyber security program and solutions to address complex challenges.

The Cyber Security Manager will need to understand the SDLC and Agile models and what their specific activities are to manage an application development project from an ethical hacking and security perspective. You must be able to conceptualize, interpret, and evaluate security exposures across business units throughout the Corporation. The Cyber Security Manager will deliver a solid set of security requirements and documented artifacts to understand the project standards.

The successful candidate will develop and implement solid security test plans and ethical hacking test cases/scenarios to accurately test all aspects of the system while maintaining detailed and accurate documentation per all project standards. You will have the opportunity to work on multiple high-priority IT projects based on your performance.

Job Requirements

- Develop, manage, and lead various security projects to include development and management of security project plans

- Ensure all projects align with global security standards including ISO/IEC 27001/27002, NIST CSF, and CIS Benchmarks

- Develop and test privileged access use cases and alerts for the enterprise Security Information & Event Management (SIEM) solution

- Develop and support Endpoint Privilege Management (EPM) policies and governance

- Provide leadership, advice, and direction on business risk planning and coordination

- Coordinate with the team in responding, investigating, mitigating, and resolving incidents across the Corporation

- Experience in assessing financial needs within the cybersecurity & risk portfolio

- Define and deliver individual security deliverables as a part of the overall program deliverables and manage tasks to a schedule with the team

- Effectively manage security project efforts, including project plan, scope, time management, and resource planning

- Perform pre-project application security requirements generation utilizing OWASP ASVS to ensure secure-by-design principles are established

- Conduct manual and automated code reviews following OWASP Top 10 and SANS Top 25 to identify logic flaws and insecure coding practices within the SDLC

- Execute aggressive "cracking" and exploitation of applications and offensive testing of infrastructure to identify deep-seated vulnerabilities

- Lend support to various business and technology teams during project delivery, specifically regarding O365, Azure, AWS, and security tools

- Communicate effectively in both verbal and written form. Must possess superior communication skills with experience executing reports aimed at both the executive/non-technical management level and technical analyst level

- Accurately assess the risks associated with each solution design/project, focusing on software and application hardening

- Proven ability to articulate complex risks to C-suite executives and lead comprehensive security incident post-mortems to drive organizational resilience

- Conduct comprehensive post-project application testing and security reviews to verify remediation and ensure production readiness

- Act as project manager on business-facing security initiatives

Qualifications

- Must have one or more of the following certifications: (ISC)2 CISSP (preferred), GIAC Security Essentials, GIAC Security Leadership, ISACA CISM, Microsoft Certified Systems Engineer: Security, (ISC)2 SCCP, or (ISC)2 ISSAP

- Additional designations, such as ITIL, COBIT, or cloud-provider certifications (e.g., AWS, Azure), are considered an asset

- Hands-on experience with firewall technologies and NAC frameworks (e.g., Cisco ISE, Aruba Barracuda, etc.)

- Deep understanding of security protocols and their application in securing complex enterprise architectures

- Demonstrated knowledge and experience in project management methodology, principles, and practices

- Knowledge of IT cyber security and cloud technology principles, methodologies, mechanisms, and techniques with specialized knowledge of infrastructure products, services, and troubleshooting

- Knowledge of cyber security technologies, governance processes and practices, cyber threat risk concepts, protocols, and principles

- Ability to apply common security analysis techniques including threat modeling (STRIDE/PASTA) and attack surface mapping

- Capacity to initiate and develop strong working relationships with internal and external colleagues and stakeholders

- Advanced knowledge and experience with Microsoft/Linux Operating System and Office 365 security features

- Proficiency in Windows-based software including Word, Excel, and graphic software

- Knowledge of the Occupational Health and Safety Act, its regulations, and the hazards associated with the work

Education Qualifications

- University Degree in a relevant discipline and a minimum of (9) years of experience in technology security services with at least 5 years leading enterprise-scale Cyber Security programs

Work Schedule

- 8-hour shift (40-44 Hours/week)

Location

- This is not a work from home or hybrid position and is on-site at our Brampton Office

Job Types: Full-time, Permanent

Pay: $95,000.00-$105,000.00 per year

Benefits:

- Dental care

- Extended health care

- Paid time off

- Vision care

Work Location: In person