Senior Manager, Cyber Risk & Resilience ( Energy & Natural Resources )

EYs people in more than 150 countries are committed to operating with integrity, quality and professionalism in the provision of audit, tax, transaction and consulting services. We strive to help all of our people achieve their professional and personal goals through an inclusive environment that values everyone’s contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Recognized as one of Canadas top employers, EY continually strives to be a great place to work.

The Opportunity

We are actively seeking an accomplished Senior Manager  to join our dynamic Canadian cybersecurity consulting practice. Specializing in managing cyber risks across Operational Technology (OT) environments, with a primary focus on the Energy and Resources sector, you will play a pivotal role in safeguarding our clients' digital landscapes amidst the unique challenges faced by critical infrastructure sectors in Canada. This role extends beyond the energy sector, encompassing other vital infrastructure segments.

As a key member of our leadership team, you will contribute to the growth and strategic direction of our expanding OT cybersecurity consulting practice. Specifically, your focus will be on empowering Canadian energy and critical infrastructure clients to navigate the complexities of the digital era. Join us in our mission to #ProtectProgress and collaboratively build resilient digital foundations for our clients and the nation.

Responsibilities

As Senior Manager , OT Cybersecurity Consulting at EY, you will be at the forefront of client engagements, working closely with a diverse portfolio of clients in the Energy and Resources sector, as well as other critical infrastructure segments in Canada. As the OT cybersecurity Senior Manager , you will assume a pivotal role in cultivating and managing relationships across each customer account. This involves conducting comprehensive needs analyses to discern clients' OT cybersecurity requirements and challenges, ultimately preparing customized cybersecurity solutions tailored to meet the specific needs of each client. Being the client engagement lead, your responsibilities extend to delivering tangible outcomes for our clients. This involves overseeing the implementation of recommended OT cybersecurity solutions, coordinating cross-functional teams, and ensuring that proposed measures align with client expectations and industry standards. Your proactive approach to client engagement, coupled with your ability to comprehend and address unique challenges, will be instrumental in solidifying EY's position as a trusted advisor in the OT cybersecurity domain. This role demands a strategic mindset, effective communication skills, and an unwavering commitment to delivering exceptional value in the dynamic landscape of OT cybersecurity.

In addition to client engagements, you will play a pivotal role in creating thought leadership within the OT cybersecurity domain. This involves staying abreast of industry trends, emerging threats, and innovative solutions. You will contribute to whitepapers, research papers, and other thought leadership initiatives, showcasing EY's expertise and establishing our position as a leader in the field.

Managing teams will be a crucial aspect of your role, as you collaborate with colleagues and guide other consultants across the practice. Your leadership will be instrumental in fostering a collaborative and high-performance culture within the OT cybersecurity consulting practice. This includes mentoring team members, providing constructive feedback, and ensuring the successful delivery of projects.

The delivery of projects is central to your role, where you will be responsible for overseeing the implementation of OT cybersecurity solutions. This includes coordinating with cross-functional teams, managing project timelines and budgets, and ensuring that delivered solutions not only align with but exceed client expectations.

Desired Qualifications:

• Extensive OT Cybersecurity Experience: A minimum of 10 years of hands-on experience in OT cybersecurity, showcasing expertise in securing industrial control systems (ICS) and SCADA systems within the energy and critical infrastructure sectors. This includes a proven track record of successfully leading and delivering complex OT cybersecurity projects.
• Industry Expertise: Specific experience in the Energy and Resources sector, demonstrating a deep understanding of the unique challenges and regulatory requirements. Familiarity with other critical infrastructure sectors in Canada is highly desirable.
• Leadership Skills: Demonstrated ability to lead and manage diverse teams effectively. Proven experience in overseeing and mentoring consultants, fostering a collaborative team environment, and driving successful project delivery.
• Client Relationship Management: A track record of building and maintaining strong client relationships within the energy and critical infrastructure sectors. Proven ability to understand client needs, provide strategic guidance, and deliver solutions that align with client objectives.
• Strategic Thinker: Strong strategic thinking capabilities, enabling the analysis of OT cybersecurity landscapes, anticipation of emerging threats, and provision of proactive solutions aligned with the long-term goals of both clients and the consulting practice.
• Innovative Problem Solver: Ability to think creatively and find innovative solutions to complex OT cybersecurity challenges, utilizing the latest technologies, best practices, and in-depth knowledge of industrial networks, control systems, and associated components.
• Excellent Communication Skills: Strong verbal and written communication skills, with the ability to articulate complex OT cybersecurity concepts, including industrial network designs, architectures, and control system components, to both technical and non-technical stakeholders. This includes the capability to author compelling thought leadership pieces.
• Certifications: Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), GICSP (Global Industrial Cyber Security Professional), or ISA 62443 certifications, in addition to other industry-recognized certifications, would be highly desirable.
• Advanced Degree: A master's degree in a related field such as cybersecurity, information technology, or business administration would be advantageous.
• Security Clearance is preferred.
   

An ideal candidate would also possess a diverse set of technical knowledge across the following domains:

1. OT Security:
   • Expertise in industrial network designs, architectures, and the nuances of securing OT environments.
   • Comprehensive understanding of industrial control systems, their components, and protocols.
   • Familiarity with different critical vendors, OEMs, and their systems within the energy and critical infrastructure sectors.
2. Cloud Security:
   • In-depth understanding of cloud platforms such as AWS, Azure, and Google Cloud.
   • Experience with securing cloud-based infrastructure, applications, and data.
   • Knowledge of cloud security best practices and compliance requirements specific to the energy and critical infrastructure sectors.
3. Network Security:
   • Proficiency in designing and implementing robust network security architectures.
   • Knowledge of network protocols, firewalls, intrusion detection/prevention systems, and VPN technologies.
4. Endpoint Security:
   • Expertise in endpoint protection strategies, including antivirus, endpoint detection and response (EDR), and device management.
   • Experience in securing diverse endpoint devices within an organization.
5. Identity and Access Management (IAM):
   • Understanding of IAM principles, including user authentication, authorization, and identity governance.
   • Experience in implementing IAM solutions to manage access to critical systems and data.
6. Incident Response and Forensics:
   • Knowledge of incident response methodologies and best practices.
   • Experience in digital forensics and the ability to investigate and analyze security incidents.
7. Regulatory Compliance:
   • Familiarity with cybersecurity regulations relevant to the energy and critical infrastructure sectors in Canada, including NIST and IEC 62443 standards.
   • Experience ensuring compliance with standards such as NERC CIP, CSAE 3416, and provincial regulations.
8. Emerging Technologies:
   • Awareness of emerging cybersecurity technologies and trends, such as AI/ML-driven security solutions and zero-trust architectures.

Must have:

• Willingness and ability to travel
   

What we offer

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package allows you decide which benefits are right for you and which ones help you create a solid foundation for your future. Our Total Rewards package includes a discretionary bonus program, a comprehensive medical, prescription drug and dental coverage, a defined contribution pension plan, a great vacation policy plus firm paid days that allow you to enjoy longer long weekends throughout the year, statutory holidays and paid personal days (based on province of residence), and a range of exciting programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:

• Support and coaching from some of the most engaging colleagues in the industry
• Learning opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

About EY

As a global leader in assurance, tax, transaction and consulting services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. Recognized as one of Canadas top employers, EY continually strives to be a great place to work and with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

Diversity and Inclusion at EY

Diversity and inclusiveness are at the heart of who we are and how we work. We’re committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. We embrace diversity and are committed to combating systemic racism, advocating for the 2SLGBT+ community, promoting our Neurodiversity Centre of Excellence and Accessibility initiatives, and are dedicated to amplifying the voices of Indigenous people (First Nations, Inuit, and Métis) nationally as we strive towards reconciliation. Our diverse experiences, abilities, backgrounds, and perspectives make our people unique and help guide us. Because when people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.