Job Description

Description :

Saskatchewan Blue Cross\xc2\xae, one of Saskatchewan\xe2\x80\x99s Top Employers, is currently recruiting for a full-time permanent Manager, Cybersecurity to join our team in the Cybersecurity department. This position offers the flexibility to be in-office or participate in hybrid options in our Saskatoon or Regina office.

JOB FUNCTION

If you are passionate about cybersecurity, then we\xe2\x80\x99re looking for you! Reporting to the Director, Information Systems & Technology, the Manager, Cybersecurity is accountable to develop, operationalize and enhance SBC\xe2\x80\x99s security solutions through leadership of the Cybersecurity team and in alignment with SBC\xe2\x80\x99s business plan, strategy, and values. This position will establish and maintain enterprise security stance through policy, architecture and training processes. The Manager, Cybersecurity is also responsible for the selection of appropriate security solutions and oversight of any vulnerability audits and assessments, and to lead collaboration with internal and external stakeholders, uphold SBC\xe2\x80\x99s mission, vision, and values, and ensure protection of its brand, corporate image, and reputation.

WHY CHOOSE SASKATCHEWAN BLUE CROSS?

We\xe2\x80\x99re driven by a mission to empower communities on their journey to whole health and wellness, and have a lot of exciting things ahead of us. We\xe2\x80\x99re improving our members\xe2\x80\x99 experiences through investment in our people, technology, services and products. When you join our team, you\xe2\x80\x99re joining an organization where employees are valued, recognized for their contributions and empowered to make us stronger. The wellbeing of our employees, our members, our partners and our communities is at the heart of our operations.

Our industry is evolving fast, and so are we! We\xe2\x80\x99re looking for people who:

• Share our values
• Believe that creating great experiences is totally within their control
• Collaborate and always set others up for success
• Build positive relationships and an understanding of what people\xe2\x80\x99s needs are
• See solutions and possibilities (not problems!)
• Are simply outstanding at what they do

• Maintain and enhance SBC\xe2\x80\x99s security architecture, security awareness training program, security documents (policies, standards, baselines, guidelines and procedures), malware defences, data protection program, and disaster recovery plan
• Maintain and mature core security functions including change management, hardware and software asset management, governance, risk management, and compliance programs
• Maintain up-to-date knowledge of the cybersecurity industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors
• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the organization\xe2\x80\x99s existing procurement processes
• Oversee the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard security frameworks and the enterprise\xe2\x80\x99s security policies
• Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories
• Support organizational adherence to internal security policies and compliance to external regulatory bodies
• Ensure the enforcement of enterprise security policies and procedures
• Supervise all investigations into problematic activity and provide on-going communication with senior leadership
• Supervise the design and execution of vulnerability assessments, penetration tests, and security audits
• Oversee regular security awareness training and testing for all employees to ensure consistently high levels of adherence with enterprise security policies
• Engage in ongoing communications with peers in the IT Systems and Networking department, Application Development department as well as the Operational Leadership Team and other business groups as needed to ensure enterprise-wide understanding of security goals, to solicit feedback, and to foster co-operation and maintain a strong security culture
• Oversee the overall operations of the Cybersecurity team including threat hunting, threat intelligence research, dark web monitoring, vulnerability management, and security assessments of vendors, tools, and projects

• Bachelor\xe2\x80\x99s Degree in Computer Science or a related field
• 8+ years of related experience with 1-3 years of supervisory accountability
• Completion of one or more of the following certifications or equivalent: GIAC Security Essentials, GIAC Security Leadership, ISACA Certified Information Security Manager, Microsoft Certified Systems Engineer: Security, (ISC)2 SCCP, (ISC)2 CISSP, or (ISC)2 ISSAP
• Working knowledge of:

• the application of security controls to core IT infrastructure and cloud resources;
• agile concepts and frameworks;
• the development of policies regarding Acceptable Use, Vulnerability Management, Incident Response, Patch Management, Security Awareness and Training, Password Management, Remote Access, etc.
• Strong comprehension of:

• incident response management as well as intrusion and endpoint detection and response;
• security standards and frameworks including NIST CSF, ISO 27001 and CIS Controls;
• configuring and hardening IoT devices, networking devices and servers in a Windows environment;
• securing email/attachments and Microsoft 365 using Advanced Threat Protection and Secure Score;
• IP, TCP/IP, and other network administration protocols
• Experience in:

• enterprise security architecture design, the development and enhancement of security policies, and developing business continuity and disaster recovery plans;
• effectively leading and managing projects and teams;
• designing and delivering employee security awareness training;
• securing company systems and data through configuration of firewalls, email filtering services, endpoint protection tools, servers
• Ability to collaborate, build relationships, engage, and influence key stakeholders
• Broad understanding of business operations, strategies, and processes to guide the design, development, and implementation of technology solutions that support business objectives
• High level of problem solving, critical thinking, and analytical skills with ability to identify alternative solutions and recommend best options in support of organizational goals
• A demonstrated focus in ongoing professional education and development is required
• The successful candidate may be required to undergo a background check
• Must be legally entitled to work in Canada on an unrestricted basis

Blue Cross