Manager, IT Security Culture & Metrics

Company: CGL 
Department: IT
Employment Type: Regular Full-Time
Work Model: Remote
Language: This role operates in English.

The Opportunity:

We are a leading Canadian financial services co-operative committed to being a catalyst for a sustainable and resilient society and our team is essential to deliver on this strategy. That’s why we prioritize our people, to ensure we provide a strong culture and development opportunities which enables our team to thrive and to live our purpose. The best part is that you will work with people that care passionately about you, our clients, and our communities.

Our Information Technology team aspires to be a leader in applying technology to power business strategies. We connect concepts with solutions to create value and efficiencies for our clients, employees, and communities. Our success is driven by our skilled and diverse team who are passionate about excellence, innovation, and agility.

The Manager, IT Security Culture & Metrics is responsible for leading a dynamic and high performing team accountable for designing, implementing, and managing the information security training and awareness programs; and developing, implementing, and managing a comprehensive metrics and reporting program for The Co-operators group of companies, in line with regulatory/legislative requirements and industry best practices. 

How you will create impact:

• Provide leadership and direction to the Information Security Culture & Reporting services team and foster a collaborative and high-performance culture, promoting continuous learning and professional development.
• Develop, implement, and oversee comprehensive information security training programs tailored to various roles within the organisation, ensuring adherence to industry best practices and regulatory standards.
• Create engaging training materials such as e-learning modules, workshops, and informative resources to enhance understanding of security policies and procedures.
• Collaborate with cross-functional teams to identify training needs and integrate feedback into the program design.
• Develop and deliver effective social engineering testing engagements.
• Design, develop, implement, and manage an information security champions program.
• Promote a culture of security awareness through ongoing communication efforts, including social media posts, events, and informational campaigns.
• Develop and sustain an information security metrics framework in alignment with the adopted standards, regulatory requirements, and organizational objectives.
• Set up key performance indicators (KPIs) and key risk indicators (KRIs) to assess security efficacy effectively.
• Design and automate reporting procedures to guarantee prompt and precise metric and report dissemination.
• Work closely with IT, business and security teams to compile and verify data from diverse sources.
• Compile and present reports on information security performance and risk management to senior leadership and pertinent committees.

How you will succeed:

• You have an innovative mindset to improve operational efficiencies and ability to influence change, with a primary focus on client needs.
• You use critical thinking skills to recognize assumptions, evaluate arguments, draw conclusions and proactively propose solutions.
• You have strong communications skills to clearly convey messages and explore diverse points of view.
• You build trusting relationships and provide guidance to support the development of colleagues.

To join our team:

• A bachelor’s degree in information technology, Cybersecurity, or a similar area is required; a master’s degree is preferred.
• Over 7 years of experience in information security training, awareness, or related fields.
• In-depth knowledge of information security principles, policies, and regulations.
• Comprehensive understanding of information security frameworks (e.g., NIST CSF, ISO 27001) and risk management practices.
• Previous experience leading information security training and awareness programs in medium to large organizations.
• Experience in managing information security metrics and reporting programs in medium to large organizations.
• Excellent communication skills, capable of presenting complex information clearly and effectively to varied audiences.
• Strong analytical abilities to evaluate training effectiveness and identify areas for enhancement.
• Proficiency with data analysis tools and techniques; experience with reporting software like Tableau or Power BI is advantageous.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) are beneficial.
• Capacity to work collaboratively within a team-oriented setting and manage multiple projects concurrently.

What you need to know:

• Detail oriented work that requires a high degree of mental concentration for extended periods of time.
• You will be subject to a Background check as a condition of employment, in the event you are the successful candidate.

What’s in it for you?

• Training and development opportunities to grow your career.
• Flexible work options and paid time off to support your personal and family needs.
• A holistic approach to your well-being, with physical and mental health programs and a supportive workplace culture.
• Paid volunteer days to give back to your community.
• In addition to our competitive salary and incentive programs, eligible employees also benefit from a comprehensive total rewards package including group retirement savings plans, pension and benefits (e.g., health and wellness, dental, disability and life coverage), mental health support and an employee assistance program.