Manager, Cyber Threat Prevention

Closing Date: November 30, 2024

Position Status: Vacant

Teck is a leading Canadian resource company that is focused on responsibly producing the metals essential for global development and the energy transition. With world-class copper and zinc operations and an industry-leading copper growth portfolio.

Reporting to the Director, Cyber Security and CISO, the Manager, Cyber Threat Prevention will oversee the resources that define the organization's cyber security design requirements. This motivated individual will champion security requirements, ensuring alignment between security architecture and business needs. In collaboration with staff and Enterprise Architecture, and Risk Management, the role will establish secure design methodologies, facilitate assessments through threat modeling, and provide technical consultation. Collaborating with a team, you will mentor solution architects and system administrators on secure practices.

This exciting role is an outstanding opportunity to collaborate with customers through the creation of architectural patterns, technical standards, and configuration baselines! Don't miss out on this prominent opportunity to be part of one of Canada's leading mining companies and join our team!

Responsibilities

• Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures

• Champion the 3 lines of defense model for risk management and act as a 2nd line of defense facilitator regularly interacting with the 1st line

• Manage the cyber threat prevention team, including the security architects and secure applications and platform design specialists

• Own the development and maintenance of a Security Architecture Methodology and Threat Modeling Methodology that are aligned with business, technology and threat drivers across both IT and OT environments

• Establish and maintain Key Performance and Key Risk Measures that provide clear security mentorship to build programs on release readiness

• Contribute to the Digital Risk and Cyber Security strategic plans and roadmaps using sound enterprise architecture practices and information security principles

• Lead all aspects of the design and sustainment of security architecture artifacts, used to demonstrate security capabilities in projects and operations while meeting the risk tolerances of the organization

• Track developments and changes in the business and threat environments to ensure that these are adequately addressed in plans and artifacts

• Coordinate the drafting of technical security standards for review and approval by the CISO and executive management as required

• Administer the establishment of baseline security configuration standards for applications and platforms inclusive of data and development pipelines, operating systems, and network zones and devices

• Collaborate with DevOps teams to advocate a secure development lifecycle, using established measures to report performance to the CISO

• Evaluate technical security assessments and system reviews in order to prioritize remediation based on the risk profile of the asset and mentorship from the CISO

• Lead security processes and technologies to make recommendations for their use based on security, financial and operational requirements

• Facilitate resource assignments to various committees and boards, including the advisory board, architecture review board, and digital solution review

• Support the internal audit team in their review and assessment of design and operational efficiency of security-related controls

Qualifications

• 10+ years of cyber security architect experience in a relevant domain: cloud computing security, network security, application security, endpoint security, logging and monitoring, cyber incident response, and risk management

• Bachelor’s degree in Cyber Security, Computer Science, Mathematics, Engineering, or equivalent experience. A Master's or postgraduate degree is an asset

• Relevant technical certifications in security and architecture (GIAC, SABSA, TOGAF, Zachman, ITIL) or professional management (Certified Information Security Manager, Certified Information Systems Security Professional or Auditor)

• Proven understanding of IT Service Management (incident, problem, change, asset, and configuration management) and infrastructure (applications, databases, operating systems, hypervisors, IP networks, storage networks)

• Solid understanding of the methodologies to conduct threat-modeling exercises on applications, infrastructure and cloud services

• Direct experience crafting IAM technologies/services on prem and in cloud, with additional experience in the deployment of applications and infrastructure into public cloud services

Why Join Us?

At Teck, we offer more than just a job – we provide a pathway to personal and professional enrichment. With captivating projects set against stunning backdrops, a culture of inclusivity and collaboration, and boundless opportunities to learn and grow, joining us means embracing a fulfilling and dynamic career adventure.

Teck employees receive access to our total rewards program and comprehensive benefits package that promote physical, mental, financial, and emotional well-being. This includes but is not limited to:

• Annual Performance Bonus
• Profit Share Plan
• Health Spending Account
• Personal Spending Account
• Extended Health Care
• Dental and Vision Care
• Employer Paid Pension Plan
• Life Insurance and Disability Coverage
• Paid Sick Leave, Vacation and Holidays
• Virtual Telemedicine and additional support for overall well-being
• Employee and Family Assistance Program (EFAP)

Salary Range: $144,000 - $178,000

The actual base salary offered is determined based on the successful candidate’s relevant experience, skills, and competencies and considers internal equity.

About Teck