30 Jan
Liquor Control Board of Ontario
Toronto
Location Address: 100 Queens Quay East, 9th Floor, Toronto
Number of Openings: 1
Pay $88,937.00 - $165,105.00
Job Posting Description:
Senior Manager,
Governance & Risk Management
#LI-Hybrid
Are you looking for an exciting leadership opportunity in governance and risk management with the LCBO? Then this role may be the next career step for you!
Reporting to the Director, Cyber Security Information and Technology, your main priority will be to develop and operate the LCBO’s information security program and manage all cybersecurity risks. The senior manager ensures our cybersecurity policies, standards, and procedures are in place and are followed while implementing risk assessments,
providing oversight and challenge functions to third-party security service providers.
You will also lead the security architecture practice and the development and management of the security training and awareness program while also supporting the reporting function to the Core executive team and Board level communications. Finally, the role is responsible for conducting security risk assessments as it relates to all projects that are funneled through the IT Division, including supporting RFP responses.
About the Role
(40%) - Develop and implement the LCBO’s IT Risk and Security Management Framework
- Be a trusted advisor across all LCBO divisions to identify data and technology-based risks, giving partners expert and realistic analysis to inform their decision-making process.
- Conduct regular threat risk assessments (TRA) to identify cybersecurity risks and recommend mitigation strategies. Maintain the TRA process and associated artifacts.
- Internally assess, evaluate,
and make recommendations to management regarding the adequacy of the security controls for our information and technology systems.
- Manage the LCBO-wide information security compliance program, ensuring IT activities and procedures meet defined requirements.
- Develop and maintain cybersecurity governance documents (policies, standards, baselines, and guidelines) in compliance with relevant legislation and best practices.
- Conduct cybersecurity assessments of third-party vendors and partners to ensure adherence to LCBO’s cybersecurity policies.
- Lead the Third-party Risk Management, assign resources to facilitate PRM across LCBO, create awareness and culture of risk to promote TPRM across the enterprise.
- Enhance the Risk Management practices and organizational readiness to react to evolving cyber threats.
- Oversee enterprise-wide tabletop exercises, highlight flaws, and manage the associated lessons learned and next steps.
- Foster a culture of cybersecurity awareness throughout the organization.
- Manage the creation and distribution of an executive internal security risk dashboard
- Report and communicate with Executive Core team regarding our risk posture.
- Provide oversight of Security Managed Service providers, develop metrics to ensure adequate service delivery as it pertains to TPRM.
- Act as the liaison between the MSSP and the LCBO
(20%) - Participate in the planning and design of enterprise security architecture.
- Recommend cybersecurity improvements, upgrades, andor new technologies to enhance security posture.
- Creatively and independently provide resolution to cybersecurity problems in a cost-effective manner
- Provide security design and engineering functions in support of new technology deployment or assist projects to improve overall enterprise security.
- Participate in the planning and design of enterprise security architecture.
- Oversee the deployment, integration, and configuration of cybersecurity solutions.
(20%) – Leading a team of cyber security professionals
- Manage the daily activities of the Governance and Risk Management team.
- Provide oversight of Security Managed Service providers, develop key performance and risk indicators (KPI & KRI) to ensure service delivery.
- Manage appropriate vendor relationships and contracts aligned with supporting a strong cybersecurity posture
- Provide backup function to the Director Cybersecurity.
(20%) – Leads the Enterprise Security Training & Awareness Program
- Create a high-level of corporate cybersecurity awareness including, administration of end-user cybersecurity courses and periodic phishing simulations
- Lead the security awareness program by managing phishing exercises and simulations, implementing targeted training aimed at reinforcing the required security behaviour across the enterprise.
- Report on Phishing simulation results, highlighting progress, trends, and strategies to improve security-first behaviour.
- Educate LCBO enterprise on social engineering attacks through printed posters, simulations, in-person roadshows at head-office, warehouses, and regional offices as applicable, and training campaigns.
- Recognize and celebrate employee achievements in reporting phishing attempts, while communicating and managing progressive discipline.
About You
- 5+ years’ experience in any combination of cybersecurity or information security, information technology, or IT risk management.
- Experience conducting security reviews / risk assessments on new and existing technology solutions.
- Knowledge of security and Risk frameworks such as NIST RMF/CSF, COBIT, ISO 31000/27001, CIS.
- Knowledge of Cloud environments such as Azure, AWS, and Google
- Experience implementing and governing cyber controls, policies, and procedures.
- Experience within the following security domains: GRC, IAM, Security Architecture, Data Protection.
- Experience with Payment Card Industry (PCI-DSS) compliance.
- Professional certification such as CRISC, CISA, CISM, CISSP
- Understanding of relevant Ontario provincial and Canadian Federal information security and information privacy legislation
There is a world of opportunities at the LCBO…
Join an organization where you can be challenged while achieving your true potential.
A place where you can make a positive impact supporting Ontario business and communities. Discover a safe, healthy, diverse, inclusive, and accountable workplace where your wellbeing is our top priority. At the LCBO, your contributions are respected and valued. Be part of our journey as we invest in people and technology to transform an organization. There really is a world of opportunities at the LCBO.
We foster a culture of inclusion and belonging, so everyone feels valued, respected, and heard. The LCBO is an equal opportunity employer and committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility of Ontarians with Disabilities Act. If contacted for an interview or employment opportunity, please advise if you require an accommodation.
Please submit your resume via Workday by 11:59pm on the deadline date.
We appreciate your interest and advise that only those selected for an interview will be contacted.
Work Hours: 36.25
Union / Non-Union: Non-Union
Job Posting End Date: February 11, 2025
The LCBO is an equal opportunity employer and committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act.
Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.