Senior Manager, Cyber Security Risk Management

As a Senior Manager of Cyber Security Risk Management, you will lead the oversight of cyber risk programs that span both IT and OT environments, serving as a strategic bridge between Technology leadership and technical teams. In this role, you will be responsible for cybersecurity third-party risk management, security governance, awareness and training initiatives, and disaster recovery capabilities. Your goal is to drive risk-informed decision-making by translating complex technical risks into business-relevant insights, guiding risk-based priorities, and ensuring effective control implementation. Your success will be measured by your ability to influence risk-informed decisions, ensure stakeholder alignment, and deliver measurable improvements in cyber resilience.

- Work Environment – Work onsite in our beautiful home office building with access to a fitness facility, onsite nurse, and a café

- Competitive Compensation – Includes an annual bonus plan, pension plan, and parking allowance

- Flexible Benefits Plan – In effect from day one and offers three levels of coverage to select from to meet your unique, personal needs

- Paid Vacation – There is an annual option to purchase additional vacation, too

- Wellness Support – With an annual wellness allowance, paid personal care days and a 24/7 Employee & Family Assistance Program

- Opportunity to give back to some amazing causes in our community – Choose when and where to make an impact with a paid volunteer day, company volunteer opportunities, and a donation-matching program

Your Responsibilities

- Lead a team of cybersecurity professionals to identify, assess, manage, and communicate cyber risks across the organization, influencing decisions related to platforms, vendors, processes, architecture, and project timelines

- Develop and execute a company-wide cyber risk assessment program that prioritizes threats and outlines mitigation strategies and security initiatives aligned with business objectives

- Create and present security roadmap projections aligned with short- and long-term risk-based cybersecurity goals for review and approval by the Director of IT Security

- Build and deliver cyber risk reporting for internal teams and executive leadership, including operating companies and third-party partners, ensuring risks are cascaded and addressed

- Oversee daily operations of risk programs such as threat assessments, third-party evaluations, and insider threat monitoring

- Recommend and implement technical controls to address identified risks and reduce detection gaps, while supporting compliance and audit requirements

- Define and communicate program success metrics in collaboration with IT and business stakeholders to demonstrate progress and impact

- Oversee the development and delivery of security awareness and training programs to promote a strong cybersecurity culture across the organization, ensuring content is relevant, engaging, and aligned with evolving threat landscapes

- Lead security testing, disaster recovery planning, and threat landscape analysis to ensure systems are resilient and risks are proactively managed

- Manage and mentor a team of security analysts, including hiring, training, performance reviews, and career development

Your Skills

- Deep understanding of how cybersecurity risks impact business operations and decision-making

- Proven experience with Cyber Risk Management and Enterprise Risk Management programs

- Strong leadership and team development skills, with the ability to guide security and IT personnel independently

- Exceptional communication skills for engaging technical teams, business stakeholders, and executive leadership

- Familiarity with legal, privacy, audit, and compliance functions, and recognized security frameworks like NIST CSF 2.0, ISO 27005, NIST 800-53, NIST RMF AI, ISO 42001, ISA/IEC 62443

- Skilled in driving change and influencing cross-functional teams in complex organizational environments

- Skilled in project management, risk assessments, and developing strategic mitigation plans with effective resource allocation

Your Experience

- A minimum of 15 years of IT experience, with five years in a GRC / information security role and at least five years in a supervisory capacity

- A technical bachelor's degree, preferably in Computer Science, or equivalent work experience

- Cyber Security Certifications: CISM, CISSP, CRISC, GIAC or GRCP

Irving Oil is committed to supporting a diverse and inclusive work environment. We thrive on the good energy that’s created when our people from different backgrounds, identities, cultures and experiences share their unique perspectives. Diversity is key to our success and inclusion is everyone’s responsibility.

Information Technology, Management