Teck is a leading Canadian resource company that is focused on responsibly producing the metals essential for global development and the energy transition. With world-class copper and zinc operations and an industry-leading copper growth portfolio.
Reporting to the Director, Cyber Security and CISO, the Manager, Cyber Threat Prevention will oversee the resources that define the organization's cyber security design requirements. This motivated individual will champion security requirements, ensuring alignment between security architecture and business needs. In collaboration with staff and Enterprise Architecture, and Risk Management, the role will establish secure design methodologies, facilitate assessments through threat modeling, and provide technical consultation. Collaborating with a team, you will mentor solution architects and system administrators on secure practices.
This exciting role is an outstanding opportunity to collaborate with customers through the creation of architectural patterns, technical standards, and configuration baselines! Don't miss out on this prominent opportunity to be part of one of Canada's leading mining companies and join our team!
Champion the 3 lines of defense model for risk management and act as a 2nd line of defense facilitator regularly interacting with the 1st line
Manage the cyber threat prevention team, including the security architects and secure applications and platform design specialists
Own the development and maintenance of a Security Architecture Methodology and Threat Modeling Methodology that are aligned with business, technology and threat drivers across both IT and OT environments
Establish and maintain Key Performance and Key Risk Measures that provide clear security mentorship to build programs on release readiness
Contribute to the Digital Risk and Cyber Security strategic plans and roadmaps using sound enterprise architecture practices and information security principles
Lead all aspects of the design and sustainment of security architecture artifacts, used to demonstrate security capabilities in projects and operations while meeting the risk tolerances of the organization
Track developments and changes in the business and threat environments to ensure that these are adequately addressed in plans and artifacts
Coordinate the drafting of technical security standards for review and approval by the CISO and executive management as required
Administer the establishment of baseline security configuration standards for applications and platforms inclusive of data and development pipelines, operating systems, and network zones and devices
Collaborate with DevOps teams to advocate a secure development lifecycle, using established measures to report performance to the CISO
Evaluate technical security assessments and system reviews in order to prioritize remediation based on the risk profile of the asset and mentorship from the CISO
Lead security processes and technologies to make recommendations for their use based on security, financial and operational requirements
Facilitate resource assignments to various committees and boards, including the advisory board, architecture review board, and digital solution review
Support the internal audit team in their review and assessment of design and operational efficiency of security-related controls
10+ years of cyber security architect experience in a relevant domain: cloud computing security, network security, application security, endpoint security, logging and monitoring, cyber incident response, and risk management
Bachelor's degree in Cyber Security, Computer Science, Mathematics, Engineering, or equivalent experience. A Master's or postgraduate degree is an asset
Relevant technical certifications in security and architecture (GIAC, SABSA, TOGAF, Zachman, ITIL) or professional management (Certified Information Security Manager, Certified Information Systems Security Professional or Auditor)
Proven understanding of IT Service Management (incident, problem, change, asset, and configuration management) and infrastructure (applications, databases, operating systems, hypervisors, IP networks, storage networks)
Solid understanding of the methodologies to conduct threat-modeling exercises on applications, infrastructure and cloud services
Direct experience crafting IAM technologies/services on prem and in cloud, with additional experience in the deployment of applications and infrastructure into public cloud services
At Teck, we offer more than just a job - we provide a pathway to personal and professional enrichment. With captivating projects set against stunning backdrops, a culture of inclusivity and collaboration, and boundless opportunities to learn and grow, joining us means embracing a fulfilling and dynamic career adventure.
Teck employees receive access to our total rewards program and comprehensive benefits package that promote physical, mental, financial, and emotional well-being. This includes but is not limited to:
The actual base salary offered is determined based on the successful candidate's relevant experience, skills, and competencies and considers internal equity.
At Teck, we value diversity. Our teams work collaboratively and respect each person's unique perspective and contribution.
Teck is one of Canada's leading mining companies, focused on providing products that are essential to building a better quality of life for people around the globe. Our commitment to our people is why Teck has been named one of Canada's Top 100 Employers for seven consecutive years, listed as one of Canada's Top Employers for Young People and named to the 2024 Bloomberg Gender-Equality Index. The pursuit of sustainability guides Teck's approach to business and we are proud to be recognized as one of the 2024 Global 100 Most Sustainable Corporations by Corporate Knights. Headquartered in Vancouver, Canada, its shares are listed on the Toronto Stock Exchange under the symbols TECK.A and TECK.B and the New York Stock Exchange under the symbol TECK.
Learn more about Teck at www.teck.com or follow @TeckResources.
We wish to thank all applicants for their interest and effort in applying for the position; however, only candidates selected for interviews will be contacted.