Senior Manager, Cyber Security Risk Management
Industry
Information Technology
Location
New Brunswick
Senior Manager, Cyber Security Risk Management
Saint John, NB
JG-IRO-9446
About Irving Oil
Irving Oil is a leading refining and marketing company with operations across Canada, the United States, and Ireland. Headquartered in Saint John, New Brunswick, Irving Oil operates one of the largest refineries in North America and serves millions of customers through an extensive network of retail and commercial fuel locations. With a strong commitment to safety, operational excellence, and long-term sustainability, Irving Oil is a cornerstone of the Atlantic Canadian economy and a significant player in the global energy sector.
The Opportunity
Irving Oil is seeking a Senior Manager, Cyber Security Risk Management to lead the organisation's cyber risk programs across both IT and operational technology (OT) environments. Reporting to the Director of IT Security, this role serves as the strategic bridge between technical security teams and business leadership — translating complex cyber risks into actionable insights that drive informed decision-making. This is a high-impact leadership opportunity for a seasoned security professional ready to shape and mature enterprise-wide cyber resilience programs at scale.
Responsibilities
Required
What Irving Oil Offers
Saint John, NB
JG-IRO-9446
About Irving Oil
Irving Oil is a leading refining and marketing company with operations across Canada, the United States, and Ireland. Headquartered in Saint John, New Brunswick, Irving Oil operates one of the largest refineries in North America and serves millions of customers through an extensive network of retail and commercial fuel locations. With a strong commitment to safety, operational excellence, and long-term sustainability, Irving Oil is a cornerstone of the Atlantic Canadian economy and a significant player in the global energy sector.
The Opportunity
Irving Oil is seeking a Senior Manager, Cyber Security Risk Management to lead the organisation's cyber risk programs across both IT and operational technology (OT) environments. Reporting to the Director of IT Security, this role serves as the strategic bridge between technical security teams and business leadership — translating complex cyber risks into actionable insights that drive informed decision-making. This is a high-impact leadership opportunity for a seasoned security professional ready to shape and mature enterprise-wide cyber resilience programs at scale.
Responsibilities
- Lead a team of cybersecurity professionals to identify, assess, manage, and communicate cyber risks across the organisation, influencing decisions related to platforms, vendors, architecture, and project delivery
- Develop and execute a company-wide cyber risk assessment program that prioritises threats and aligns mitigation strategies with business objectives
- Build and deliver cyber risk reporting for internal teams, executive leadership, operating companies, and third-party partners, ensuring risks are clearly communicated and addressed at all levels
- Create and present security roadmap projections aligned with short- and long-term risk-based cybersecurity goals for Director-level review and approval
- Oversee daily operations of risk programs, including threat assessments, third-party risk evaluations, and insider threat monitoring
- Recommend and implement technical controls to address identified risks, reduce detection gaps, and support compliance and audit requirements
- Define and communicate program success metrics in collaboration with IT and business stakeholders to demonstrate measurable progress
- Oversee the development and delivery of security awareness and training programs that promote a strong cybersecurity culture across the organisation
- Lead security testing, disaster recovery planning, and threat landscape analysis to ensure systems remain resilient and risks are proactively managed
- Manage and mentor a team of security analysts, including hiring, training, performance reviews, and career development
Required
- Minimum 15 years of IT experience, including at least five years in a GRC or information security role and five years in a supervisory capacity
- Deep understanding of how cybersecurity risks impact business operations and decision-making, spanning both IT and OT environments
- Proven experience building and managing Cyber Risk Management and Enterprise Risk Management programs
- Familiarity with recognised security frameworks, including NIST CSF 2.0, ISO 27005, NIST 800-53, NIST RMF AI, ISO 42001, and ISA/IEC 62443
- Exceptional communication skills with demonstrated ability to engage technical teams, business stakeholders, and executive leadership
- Strong leadership and team development capabilities, with experience guiding security and IT personnel independently
- Skilled in project management, risk assessments, and developing strategic mitigation plans with effective resource allocation
- Bachelor's degree in Computer Science or a related technical discipline, or equivalent professional experience
- Active certification in one or more of: CISM, CISSP, CRISC, GIAC, or GRCP
- Experience managing cyber risk in an energy, manufacturing, or critical infrastructure environment
- Familiarity with OT-specific security considerations and industrial control system (ICS) environments
What Irving Oil Offers
- Onsite work environment with access to a fitness facility, onsite nurse, and café
- Competitive compensation including an annual bonus plan, pension plan, and parking allowance
- Flexible benefits plan effective from day one, with three levels of coverage
- Paid vacation with an option to purchase additional time off annually
- Annual wellness allowance, paid personal care days, and 24/7 Employee & Family Assistance Program
- Paid volunteer day and a donation-matching program
To express interest in this opportunity please apply online by clicking "Apply Now" below.
For more information, please contact Jamie Grant, Partner, at jgrant@kbrs.ca or Nick Leadbetter, Senior Recruitment Specialist, at nleadbetter@kbrs.ca. If you require accommodation to participate in the recruitment process, please let Nick know.
Meridia Recruitment Solutions connects leading organizations with top talent by building strong relationships and creating ideal matches with candidates because we are only successful when you are. We appreciate your interest in this opportunity.
For more information, please contact Jamie Grant, Partner, at jgrant@kbrs.ca or Nick Leadbetter, Senior Recruitment Specialist, at nleadbetter@kbrs.ca. If you require accommodation to participate in the recruitment process, please let Nick know.
Meridia Recruitment Solutions connects leading organizations with top talent by building strong relationships and creating ideal matches with candidates because we are only successful when you are. We appreciate your interest in this opportunity.
