Manager, Risk Management

Key Responsibilities

• Ensure organizational compliance with stipulated security standards including CSA Cybersecurity Act, CCoP, LTA Code of Practice for Cyber Security in MRT Systems (CP8), and CSA publications.
• Oversee cybersecurity risk management, including implementing risk control measures and monitoring follow-up actions to mitigate identified risks.
• Manage contracts and deliverables for regulatory audits (CCoP/CP8, Risk Assessment, Vulnerability Assessment) and support audit activities.
• Manage processes such as waiver request submissions, reviews, and monitoring follow-up actions from audits and assessments.
• Support the Policy & Governance team in developing and implementing policies, standards, and guidelines for managing cybersecurity risks to OT systems.
• Gatekeep submissions of Material Change Form and corresponding CII Information Record (S10) Form within specified timelines.
• Report on the status of OT Cybersecurity to Authority and/or Management.
• Support cybersecurity training and competency development programs to build awareness and culture in SMRT.
• Provide guidance to the OT Cybersecurity Operations team on managing asset information, security baselines, Identity Management, and Access Control technical solutions.