Senior Manager, Cyber Security Risk Management
Top Benefits
About the role
As a Senior Manager of Cyber Security Risk Management, you will lead the oversight of cyber risk programs that span both IT and OT environments, serving as a strategic bridge between Technology leadership and technical teams. In this role, you will be responsible for cybersecurity third-party risk management, security governance, awareness and training initiatives, and disaster recovery capabilities. Your goal is to drive risk-informed decision-making by translating complex technical risks into business-relevant insights, guiding risk-based priorities, and ensuring effective control implementation. Your success will be measured by your ability to influence risk-informed decisions, ensure stakeholder alignment, and deliver measurable improvements in cyber resilience.
What We Offer:
- Work Environment – Work onsite in our beautiful home office building with access to a fitness facility, onsite nurse, and a café
- Competitive Compensation – Includes an annual bonus plan, pension plan, and parking allowance
- Flexible Benefits Plan – In effect from day one and offers three levels of coverage to select from to meet your unique, personal needs
- Paid Vacation – There is an annual option to purchase additional vacation, too
- Wellness Support – With an annual wellness allowance, paid personal care days and a 24/7 Employee & Family Assistance Program
- Opportunity to give back to some amazing causes in our community – Choose when and where to make an impact with a paid volunteer day, company volunteer opportunities, and a donation-matching program
Your Responsibilities:
- Lead a team of cybersecurity professionals to identify, assess, manage, and communicate cyber risks across the organization, influencing decisions related to platforms, vendors, processes, architecture, and project timelines.
- Develop and execute a company-wide cyber risk assessment program that prioritizes threats and outlines mitigation strategies and security initiatives aligned with business objectives.
- Create and present security roadmap projections aligned with short- and long-term risk-based cybersecurity goals for review and approval by the Director of IT Security.
- Build and deliver cyber risk reporting for internal teams and executive leadership, including operating companies and third-party partners, ensuring risks are cascaded and addressed.
- Oversee daily operations of risk programs such as threat assessments, third-party evaluations, and insider threat monitoring.
- Recommend and implement technical controls to address identified risks and reduce detection gaps, while supporting compliance and audit requirements.
- Define and communicate program success metrics in collaboration with IT and business stakeholders to demonstrate progress and impact.
- Oversee the development and delivery of security awareness and training programs to promote a strong cybersecurity culture across the organization, ensuring content is relevant, engaging, and aligned with evolving threat landscapes.
- Lead security testing, disaster recovery planning, and threat landscape analysis to ensure systems are resilient and risks are proactively managed.
- Manage and mentor a team of security analysts, including hiring, training, performance reviews, and career development.
Your Skills:
- Deep understanding of how cybersecurity risks impact business operations and decision-making.
- Proven experience with Cyber Risk Management and Enterprise Risk Management programs.
- Strong leadership and team development skills, with the ability to guide security and IT personnel independently.
- Exceptional communication skills for engaging technical teams, business stakeholders, and executive leadership.
- Familiarity with legal, privacy, audit, and compliance functions, and recognized security frameworks like NIST CSF 2.0, ISO 27005, NIST 800-53, NIST RMF AI, ISO 42001, ISA/IEC 62443.
- Skilled in driving change and influencing cross-functional teams in complex organizational environments.
- Skilled in project management, risk assessments, and developing strategic mitigation plans with effective resource allocation.
Your Experience:
- A minimum of 15 years of IT experience, with five years in a GRC / information security role and at least five years in a supervisory capacity.
- A technical bachelor's degree, preferably in Computer Science, or equivalent work experience.
- Cyber Security Certifications: CISM, CISSP, CRISC, GIAC or GRCP.
*Irving Oil is committed to supporting a diverse and inclusive work environment. We thrive on the good energy that’s**created when our people from different backgrounds, identities, cultures and experiences share their unique perspectives.*Diversity is key to our success and inclusion is everyone’s responsibility.
Job Requirements - Work Experience
Information Technology, Management
Job Requirements - Education
Bachelors: Information Technology
Senior Manager, Cyber Security Risk Management
Top Benefits
About the role
As a Senior Manager of Cyber Security Risk Management, you will lead the oversight of cyber risk programs that span both IT and OT environments, serving as a strategic bridge between Technology leadership and technical teams. In this role, you will be responsible for cybersecurity third-party risk management, security governance, awareness and training initiatives, and disaster recovery capabilities. Your goal is to drive risk-informed decision-making by translating complex technical risks into business-relevant insights, guiding risk-based priorities, and ensuring effective control implementation. Your success will be measured by your ability to influence risk-informed decisions, ensure stakeholder alignment, and deliver measurable improvements in cyber resilience.
What We Offer:
- Work Environment – Work onsite in our beautiful home office building with access to a fitness facility, onsite nurse, and a café
- Competitive Compensation – Includes an annual bonus plan, pension plan, and parking allowance
- Flexible Benefits Plan – In effect from day one and offers three levels of coverage to select from to meet your unique, personal needs
- Paid Vacation – There is an annual option to purchase additional vacation, too
- Wellness Support – With an annual wellness allowance, paid personal care days and a 24/7 Employee & Family Assistance Program
- Opportunity to give back to some amazing causes in our community – Choose when and where to make an impact with a paid volunteer day, company volunteer opportunities, and a donation-matching program
Your Responsibilities:
- Lead a team of cybersecurity professionals to identify, assess, manage, and communicate cyber risks across the organization, influencing decisions related to platforms, vendors, processes, architecture, and project timelines.
- Develop and execute a company-wide cyber risk assessment program that prioritizes threats and outlines mitigation strategies and security initiatives aligned with business objectives.
- Create and present security roadmap projections aligned with short- and long-term risk-based cybersecurity goals for review and approval by the Director of IT Security.
- Build and deliver cyber risk reporting for internal teams and executive leadership, including operating companies and third-party partners, ensuring risks are cascaded and addressed.
- Oversee daily operations of risk programs such as threat assessments, third-party evaluations, and insider threat monitoring.
- Recommend and implement technical controls to address identified risks and reduce detection gaps, while supporting compliance and audit requirements.
- Define and communicate program success metrics in collaboration with IT and business stakeholders to demonstrate progress and impact.
- Oversee the development and delivery of security awareness and training programs to promote a strong cybersecurity culture across the organization, ensuring content is relevant, engaging, and aligned with evolving threat landscapes.
- Lead security testing, disaster recovery planning, and threat landscape analysis to ensure systems are resilient and risks are proactively managed.
- Manage and mentor a team of security analysts, including hiring, training, performance reviews, and career development.
Your Skills:
- Deep understanding of how cybersecurity risks impact business operations and decision-making.
- Proven experience with Cyber Risk Management and Enterprise Risk Management programs.
- Strong leadership and team development skills, with the ability to guide security and IT personnel independently.
- Exceptional communication skills for engaging technical teams, business stakeholders, and executive leadership.
- Familiarity with legal, privacy, audit, and compliance functions, and recognized security frameworks like NIST CSF 2.0, ISO 27005, NIST 800-53, NIST RMF AI, ISO 42001, ISA/IEC 62443.
- Skilled in driving change and influencing cross-functional teams in complex organizational environments.
- Skilled in project management, risk assessments, and developing strategic mitigation plans with effective resource allocation.
Your Experience:
- A minimum of 15 years of IT experience, with five years in a GRC / information security role and at least five years in a supervisory capacity.
- A technical bachelor's degree, preferably in Computer Science, or equivalent work experience.
- Cyber Security Certifications: CISM, CISSP, CRISC, GIAC or GRCP.
*Irving Oil is committed to supporting a diverse and inclusive work environment. We thrive on the good energy that’s**created when our people from different backgrounds, identities, cultures and experiences share their unique perspectives.*Diversity is key to our success and inclusion is everyone’s responsibility.
Job Requirements - Work Experience
Information Technology, Management
Job Requirements - Education
Bachelors: Information Technology