Cyber Program Management
IAMGOLD has implemented and completed a 3-phased Cyber Program in the last 4 years. The Cyber Security manager will lead the design of the next chapters of the Cyber Program, taking into account the new threats in today's world and the company’s growth strategy.
Update the cyber protection vision and strategy for of IAMGOLD information assets
Benchmark current state and identify areas for further improvement as part of the go-forward objectives
Nurture buy-in and champion the success of the cyber program across the company
Ensure global compliance to the cyber management program
Establishes objectives and team performance requirements; identifies opportunities to improve skills and technical knowledge, and provides regular feedback about progress.
Continuously monitor the cyber landscape, in mining and beyond, for emerging threats
Create communication stream that keeps executive leaders informed on cyber events relevant at their level
Travel to site regularly to ensure cyber compliance and gain understanding of local threat landscape
Tactical accountabilities include but are not limited to the following:
ensure cyber security stays on organizational radar, by producing quarterly cyber newsletter for the Executive Lead Team (ELT) members and presenting trend and risk twice a year (mid-year GM’s meeting and end-or-year budget meeting)
report monthly performance on cyber security KPIs to the Cyber Program Committee composed of Sites IT Leaders, the VP of Operations, Finance & IT, the IT Director, and the Senior Manager of IT Infrastructure
work with various department and sites in the organization to reduce risk related to cyber security
communicate frequently with key stakeholders (internal and external)
Active participation to mining cyber security events, the Mining and Metal Cyber group (MM-ISAC) and other key cyber security groups
Ensure compliance to cyber policies and procedures
Annually update all policies and procedures with global IT leadership and gain IT staff sign off
Continuously audit policies and controls in place. Improve, remediate or fix any exposure
Monitor alignment with the NIST framework
Monitor internal and external compliance from vendors, contractors and employees to ensure they are working within the framework of the cyber policies
Manage the conduct annual penetration testing and vulnerability assessment conducted by a third party partner
Detail and keep current the security incident response program and conduct response exercises on a regular basis
Keep technology protected
Enforce updates and upgrades of security tools and technology with the sites' IT department
Evaluate cyber security risks related to new technologies
Present options to meet the company's needs of cyber-insurance
Establish requirements for certifications in the cyber security field among IT personnel
Assess exposure and risks from vendors, suppliers and consultants regarding their own technologies
Monitor operations and infrastructure
Ongoing review of cyber security dashboard
Manage outsourced Security Operation Center (SOC)
Follow up with sites on action items and mitigation plan
Regular review of sites initiatives to support cyber security
What we look for:
University degree with 10 – 15 years of related work experience with at least 5 years managing a technical system or process.
Professional experience across different functions and businesses in mining or related sector with a minimum experience of 5 years in Cybersecurity
Strong ability to lead, coach and develop teams with both direct and indirect reports, with minimum 5 years of recent experience in a leadership role
Active involvement in the cyber intelligence community in the past 5 years
Active participation in the areas of governance, training & awareness, incident management & root cause analysis, asset protection, vulnerability management, and stakeholder engagement.
Demonstrable experience in network architecture (e.g. segmentation, 802.1x), system and database administration (e.g. hardening), application management (e.g. security configuration), and cloud computing (e.g. O365)
Hands-on experience in the management of a security operations centre, including threat hunting
Exceptional written and oral communication skills, including ability to translate technical topics to relevant business context in an understandable style, creating policy documents, drafting incident reports, and developing training material
Excellent organization skills, being able to sort, classify, prioritize and following up on a large number and a wide variety of tasks and action items
Practical experience in designing and maintaining highly effective performance measurement dashboards at both strategic and tactical levels
Recognized as an authority in cyber security and able to provide advice and guidance to others across the organization.
Advanced knowledge of cyber security methodologies (e.g. CIS, ISO, NIST, SANS, OWASP, COBIT, ITIL) requiring their interpretation on how best to implement them in the organization
Leadership style that effectively leads through influence, not just authority
Ability to understand organizational structure and culture and how this impacts the success of a cyber security program.
Ability to think both strategically and execute tactically; have a strategic foresight to drive cyber security into the future.
Able to communicate to non-technical senior leaders about technical topics in a meaningful way, communication skills at a both tactical and executive level, written and oral
Proven project management skills
Can work autonomously
Bilingual, French and English (an asset but not required)
At least one of these certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA Recognized Certifications
ITIL Service Manager Certificate (ITIL Service Manager)
IAMGOLD is committed to treating all people in a way that respects their dignity and independence. Should you require any accommodation during the recruitment process or otherwise, please notify us of this when you apply and we will work with you to meet your accessibility needs.
Primary Location: Canada
Work Locations: 19 - Toronto Head Office 401 Bay Street Suite 3200 Toronto M5H 2Y4
Job: Information Technology
Organization: IT - CFO
Job Posting: Aug 19, 2020, 3:31:14 AM