Apply now »

Director, Cyber Risk & Resilience ( Energy & Natural Resources )

Location:  Calgary
Other locations:  Primary Location Only
Salary: Competitive
Date:  Feb 22, 2024

Job description

Requisition ID:  1470080
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
 

EYs people in more than 150 countries are committed to operating with integrity, quality and professionalism in the provision of audit, tax, transaction and consulting services. We strive to help all of our people achieve their professional and personal goals through an inclusive environment that values everyone’s contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Recognized as one of Canadas top employers, EY continually strives to be a great place to work.

The Opportunity

We are actively seeking a seasoned Cybersecurity Professional to take on the influential position of Director within our Canadian cybersecurity consulting practice. Specializing in expertly managing risk across both IT and OT environments, particularly for our Energy and Natural Resource clients, you will play a pivotal role in safeguarding our clients' digital landscapes amidst the profound economic, business model, and technological transformations facing this sector. As a vital member of our leadership team, your contribution will fuel the growth and strategic direction of our expanding cybersecurity consulting practice, with a specific focus on empowering Canadian energy and natural resource clients to navigate the complexities of the digital era. Join us in our mission to #ProtectProgress and collaboratively build a resilient energy future for our clients and all Canadians.

Responsibilities

As the Director of our cybersecurity practice at EY, you will be at the forefront of client engagements, working closely with a diverse portfolio of clients in the energy and natural resource sectors. In this role you will assume a pivotal position in cultivating and managing relationships across each customer account. This involves conducting comprehensive needs analyses to discern clients' cybersecurity requirements and challenges, ultimately preparing customized cybersecurity solutions tailored to meet the specific needs of each client. Your client-facing responsibilities extend to delivering tangible outcomes for our clients. This involves overseeing the implementation of recommended solutions, coordinating cross-functional teams, and ensuring that proposed cybersecurity measures align with client expectations and industry standards. Your proactive approach to client engagement, coupled with your ability to comprehend and address their unique challenges, will be instrumental in solidifying EY's position as a trusted advisor in the cybersecurity domain for our clients. This role demands a strategic mindset, effective communication skills, and an unwavering commitment to delivering exceptional value to our clients in the dynamic landscape of cybersecurity.

In addition to client engagements, you will play a pivotal role in creating thought leadership within the cybersecurity domain. This involves staying abreast of industry trends, emerging threats, and innovative solutions. You will contribute to whitepapers, research papers, and other thought leadership initiatives, showcasing EY's expertise and establishing our position as a leader in the field.

Managing teams will be a crucial aspect of your role, as you collaborate with colleagues and guide other consultants across the practice. Your leadership will be instrumental in fostering a collaborative and high-performance culture within the cybersecurity consulting practice. This includes mentoring team members, providing constructive feedback, and ensuring the successful delivery of projects.

Desired Qualifications:

  • Extensive Cybersecurity Experience: A minimum of 10 years of hands-on experience in cybersecurity, demonstrating a proven track record of successfully leading and delivering complex cybersecurity projects.
  • Industry Expertise: Specific experience in the energy sector, showcasing a deep understanding of the unique challenges and regulatory requirements that energy and natural resource clients face in Canada.
  • Leadership Skills: Demonstrated ability to lead and manage diverse teams effectively. Proven experience in overseeing and mentoring consultants, fostering a collaborative team environment, and driving successful project delivery.
  • Client Relationship Management: A track record of building and maintaining strong client relationships within the energy sector. Proven ability to understand client needs, provide strategic guidance, and deliver solutions that align with client objectives.
  • Strategic Thinker: Strong strategic thinking capabilities, enabling the analysis of cybersecurity landscapes, anticipation of emerging threats, and provision of proactive solutions aligned with the long-term goals of both clients and the consulting practice.
  • Innovative Problem Solver: Ability to think creatively and find innovative solutions to complex cybersecurity challenges, utilizing the latest technologies and best practices.
  • Excellent Communication Skills: Strong verbal and written communication skills, with the ability to articulate complex cybersecurity concepts to both technical and non-technical stakeholders. This includes the capability to author compelling thought leadership pieces.
  • Certifications: Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or other industry-recognized certifications would be highly desirable.
  • Advanced Degree: A master's degree in a related field such as cybersecurity, information technology, or business administration would be advantageous.
  • Security Clearance is preferred.

An ideal candidate would also possess a diverse set of technical knowledge across the following domains:

  1. Cloud Security:
    • In-depth understanding of cloud platforms such as AWS, Azure, and Google Cloud.
    • Experience with securing cloud-based infrastructure, applications, and data.
    • Knowledge of cloud security best practices and compliance requirements specific to the energy sector.
  2. OT (Operational Technology) Security:
    • Expertise in securing industrial control systems (ICS) and SCADA systems within the energy industry.
    • Understanding of unique challenges in OT environments and strategies to mitigate associated risks.
  3. ERP (Enterprise Resource Planning) Security:
    • Familiarity with ERP systems commonly used in the energy sector (e.g., SAP, Oracle).
    • Experience in securing ERP applications and databases, ensuring data integrity and confidentiality.
  4. MDR/XDR (Managed Detection and Response/Extended Detection and Response):
    • Knowledge of MDR/XDR solutions and services, including threat detection, incident response, and proactive threat hunting.
    • Experience in implementing and managing MDR/XDR programs for energy clients.
  5. Network Security:
    • Proficiency in designing and implementing robust network security architectures.
    • Knowledge of network protocols, firewalls, intrusion detection/prevention systems, and VPN technologies.
  6. Endpoint Security:
    • Expertise in endpoint protection strategies, including antivirus, endpoint detection and response (EDR), and device management.
    • Experience in securing diverse endpoint devices within an organization.
  7. Identity and Access Management (IAM):
    • Understanding of IAM principles, including user authentication, authorization, and identity governance.
    • Experience in implementing IAM solutions to manage access to critical systems and data.
  8. Incident Response and Forensics:
    • Knowledge of incident response methodologies and best practices.
    • Experience in digital forensics and the ability to investigate and analyze security incidents.
  9. Regulatory Compliance:
    • Familiarity with cybersecurity regulations relevant to the energy sector in Canada.
    • Experience ensuring compliance with standards such as NERC CIP, CSAE 3416, and provincial regulations.
  10. Emerging Technologies:
    • Awareness of emerging cybersecurity technologies and trends, such as AI/ML-driven security solutions and zero-trust architectures.


Responsibilities

As a Director within our cybersecurity practice at EY, you will be at the forefront of client engagements, working closely with a diverse portfolio of clients in the energy and natural resource sectors. As a cyber security Client Engagement Lead, you will assume a pivotal role in cultivating and managing relationships across each customer account, conducting comprehensive needs analyses to understand clients' cybersecurity requirements and challenges and preparing customized cybersecurity solutions tailored to meet the specific needs of each client. Being the client engagement lead, you will play a crucial role in delivering tangible outcomes for our clients. This involves overseeing the implementation of recommended solutions, coordinating cross-functional teams, and ensuring that the proposed cybersecurity measures align with client expectations and industry standards. Your proactive approach to client engagement and your ability to understand and address their unique challenges will be key in solidifying EY's position as a trusted advisor in the cybersecurity domain. This role requires a strategic mindset, effective communication skills, and a commitment to delivering exceptional value to our clients in the dynamic landscape of cybersecurity.

In addition to client engagements, you will play a pivotal role in creating thought leadership within the cybersecurity domain. This involves staying abreast of industry trends, emerging threats, and innovative solutions. You will contribute to whitepapers, research papers, and other thought leadership initiatives, showcasing EY's expertise and establishing our position as a leader in the field.

Managing teams will be a crucial aspect of your role, as you collaborate with colleagues and guiding other consultants across the practice. Your leadership will be instrumental in fostering a collaborative and high-performance culture within the cybersecurity consulting practice. This includes mentoring team members, providing constructive feedback, and ensuring the successful delivery of projects.

Delivery of projects is central to your role, where you will be responsible for overseeing the implementation of cybersecurity solutions. This includes coordinating with cross-functional teams, managing project timelines and budgets, and ensuring that the delivered solutions align with, and exceed client expectations.

Desired Qualification

  • Extensive Cybersecurity Experience: A successful candidate should have a minimum of 10 years of hands-on experience in the cybersecurity field, with a proven track record of successfully leading and delivering complex cybersecurity projects.
  • Industry Expertise: Specific experience in the energy sector, with a deep understanding of the unique challenges and regulatory requirements that energy and natural resource clients face in Canada.
  • Leadership Skills: Demonstrated ability to lead and manage diverse teams effectively. Proven experience in overseeing and mentoring consultants, fostering a collaborative team environment, and driving successful project delivery.
  • Client Relationship Management: A track record of building and maintaining strong client relationships within the energy sector. Proven ability to understand client needs, provide strategic guidance, and deliver solutions that align with client objectives.
  • Strategic Thinker: The ideal candidate should possess strong strategic thinking capabilities, being able to analyze cybersecurity landscapes, anticipate emerging threats, and provide proactive solutions that align with the long-term goals of both clients and the consulting practice.
  • Innovative Problem Solver: Ability to think creatively and find innovative solutions to complex cybersecurity challenges, utilizing the latest technologies and best practices.
  • Excellent Communication Skills: Strong verbal and written communication skills, with the ability to articulate complex cybersecurity concepts to both technical and non-technical stakeholders. This includes the capability to author compelling thought leadership pieces.
  • Certifications: Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or other industry-recognized certifications would be highly desirable.
  • Advanced Degree: A master's degree in a related field such as cybersecurity, information technology, or business administration would be advantageous.
  • Security Clearance is preferred.

An ideal candidate would also possess a diverse set of technical knowledge across the following domains:

  1. Cloud Security:
    • In-depth understanding of cloud platforms such as AWS, Azure, and Google Cloud.
    • Experience with securing cloud-based infrastructure, applications, and data.
    • Knowledge of cloud security best practices and compliance requirements specific to the energy sector.
  2. OT (Operational Technology) Security:
    • Expertise in securing industrial control systems (ICS) and SCADA systems within the energy industry.
    • Understanding of unique challenges in OT environments and strategies to mitigate associated risks.
  3. ERP (Enterprise Resource Planning) Security:
    • Familiarity with ERP systems commonly used in the energy sector (e.g., SAP, Oracle).
    • Experience in securing ERP applications and databases, ensuring data integrity and confidentiality.
  4. MDR/XDR (Managed Detection and Response/Extended Detection and Response):
    • Knowledge of MDR/XDR solutions and services, including threat detection, incident response, and proactive threat hunting.
    • Experience in implementing and managing MDR/XDR programs for energy clients.
  5. Network Security:
    • Proficiency in designing and implementing robust network security architectures.
    • Knowledge of network protocols, firewalls, intrusion detection/prevention systems, and VPN technologies.
  6. Endpoint Security:
    • Expertise in endpoint protection strategies, including antivirus, endpoint detection and response (EDR), and device management.
    • Experience in securing diverse endpoint devices within an organization.
  7. Identity and Access Management (IAM):
    • Understanding of IAM principles, including user authentication, authorization, and identity governance.
    • Experience in implementing IAM solutions to manage access to critical systems and data.
  8. Incident Response and Forensics:
    • Knowledge of incident response methodologies and best practices.
    • Experience in digital forensics and the ability to investigate and analyze security incidents.
  9. Regulatory Compliance:
    • Familiarity with cybersecurity regulations relevant to the energy sector in Canada.
    • Experience ensuring compliance with standards such as NERC CIP, CSAE 3416, and provincial regulations.
  10. Emerging Technologies:
    • Awareness of emerging cybersecurity technologies and trends, such as AI/ML-driven security solutions and zero-trust architectures.

Must have:

  • Willingness and ability to travel

What we offer

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package allows you decide which benefits are right for you and which ones help you create a solid foundation for your future. Our Total Rewards package includes a discretionary bonus program, a comprehensive medical, prescription drug and dental coverage, a defined contribution pension plan, a great vacation policy plus firm paid days that allow you to enjoy longer long weekends throughout the year, statutory holidays and paid personal days (based on province of residence), and a range of exciting programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:

  • Support and coaching from some of the most engaging colleagues in the industry
  • Learning opportunities to develop new skills and progress your career
  • The freedom and flexibility to handle your role in a way that’s right for you

Diversity and Inclusion at EY

Diversity and inclusiveness are at the heart of who we are and how we work. We’re committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. From our actions to combat systemic racism and our advocacy for the LGBT+ community to our innovative Neurodiversity Centre of Excellence and Accessibility initiatives, we welcome and embrace the diverse experiences, abilities, backgrounds and perspectives that make our people unique and help guide us. Because when people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.

 
EY | Building a better working world
 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Apply now »