Senior Manager, Cybersecurity

Why DUCA? 

At DUCA, we strive for excellence in everything we do. Our commitment to Do more, Be more, Achieve more is what sets us apart and drives our company culture. DUCA’s impact goes beyond our financial solutions - we're dedicated to making a real difference in the lives of our members and in our community.

We believe our employees are our most valuable resource! We are committed to providing you with the tools, support, and challenge you need to develop your career and achieve a healthy work-life balance while contributing to our outstanding culture. DUCA offers a strong total compensation package including competitive salaries and bonuses, employer-paid benefits, banking perks, wellness days, and much more.

Apply today and see what DUCA can do for you! 

Job Purpose & Summary

The Senior Manager, Cybersecurity is involved with continuous improvement in managing the Information Security control framework at DUCA.  This is normally achieved through audit for policy compliance, utilization and development of procedures, security awareness training, and through the introduction of new security technologies. 

The Cybersecurity Manager concentrates on managing DUCA’s overall Cybersecurity Program, creating and maintaining the roadmap along with providing Cybersecurity advice and expertise to multiple business stakeholders and IT Operations.

Key Accountabilities & Duties

• Develop, implement, and continuously improve the enterprise cyber risk and security program in alignment with the NIST Cyber Security Framework 
• Provide security communication awareness and training for audiences which may range from senior leaders to individual contributors 
• Develop playbooks security incident response processes and perform internal alert triaging, coordinating, and remediation activities 
• Recommend and facilitate the implementation of technical controls to support and enforce defined security policies 
• Work with the broader IT organization and business management to align priorities and plans with key business objectives 
• Manage and maintain all security tools and security technology stack 
• Conduct and report on risk assessments and propose meaningful plans to protect the business 
• Manage security projects and provide expert guidance on security matters for other technology projects 
• Assessment and ongoing management of vendors applications and other third-party risk to cyber security at DUCA 
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools 
• Work with IT leadership and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program. 
• Work to ensure ongoing alignment with Audit and Compliance requirements as identified by the business 
• Assist in the development and ongoing management of IT budgets and assess the ROI of existing security measures.
• Conduct and/or oversee periodic security audits 
• Develop Threat Risk Assessments (TRA) for DUCA environment
• Assist with the development and facilitation of enterprise Disaster Recovery and Business Continuity programs 
• Responsible for working in a 24x7 Security Operation Center (SOC) environment
• Part of an on-call escalation process 
• Other duties as required 

Occupational Experience & Education Requirements

• Bachelor’s degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience
• 5+ years of progressive information technology and cybersecurity experience
• Experience with NIST Framework and application as required within the DUCA environment
• Ability to consume information from threat intelligence sources and produce/update a TRA for DUCA’s environment
• Understanding of common network vulnerabilities and penetration testing tools including but not limited to Metasploit, Qualys, Nessus, and Nmap
• Broad information cybersecurity knowledge, including familiarity with common attack methodologies, tactics and protocols, Advance Persistent Threat groups, Hacker activities, etc.

Knowledge, Skills & Attributes

• Excellent social verbal and written communication skills with demonstrated ability to effectively present analytical data to a variety of technical and nontechnical audiences 
• Ability to translate complex technical information into terms and products in a business context so that the value and impact is clearly understood by upper-level management 
• You embrace new challenges and are open to different perspectives and adapt quickly to an evolving environment. 
• Self-motivated and drive others to achieve significant results through focus and prioritization 
• Demonstrated proficiency managing and leading cybersecurity solutions, platforms, and technologies 
• Experience with SIEM Operations, Incident Response, Vulnerabilities Assessments and Multi factor authentication solution implementation and support. 
• Thorough understanding of enterprise security controls in Active Directory / Windows environments 
• Experience working with the following applications:
  • Microsoft Defender ATP
  • Microsoft Security Center
  • Microsoft Azure Sentinel
  • Microsoft Endpoint Security
  • PDQ Inventory & PDQ Deploy
• Understanding / Knowledge of global frameworks and standards: NIST SOX ISO FIPS GDPR PCI PIPEDA etc. 
• Bachelor’s degree in Computer Science Information Systems Engineering or a related discipline 
• Certified Information Systems Security Professional (CISSP) is preferred
• Certifications in ITIL Azure Security+ Certified Cloud Security Professional (CCSP) an asset

Working Conditions

Works in a 24x7 Security Operations Centre (SOC) environment and part of an on-call escalation process. 

Generally, normal office/hybrid environment with a standard work week of 38 hours. Additional time may be required to meet deadlines and project deliverables. Occasional evening and weekend work, sometimes with little advance notice.

Department: Information Technology 

Primary Location: Corporate Office 

Employment Status: Full-time

Hours per Week: 38

DUCA is committed to employment equity and encourages applications from all qualified candidates. Recruitment related accommodations will be provided upon request.

Qualified applicants are encouraged to submit their application. Applications must include a resume, cover letter optional. We thank all applicants but only those considered for an interview will be contacted.