POSITION OVERVIEW

As a senior member of the IT team, the Director of OT & IT Security leads the information security function across the Company to ensure consistent and high-quality information security management in support of business goals.The incumbent determines the information security approach and operating model, in consultation with stakeholders and aligned with the risk management approach.

 

   Responsible for implementing and running the enterprise information security program, including identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.                

    Accountable for developing the strategy for planning and providing support to the organization in security policy and cyber risk, as well as the related compliance and governance.

·   Create a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.

·    Assess and recommend changes for risk mitigation in OT/IT systems.

·     Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines.

·    Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.

·      Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the Company's reputation.

·      Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

·      Act as the cybersecurity resource for major technology projects, providing a strategic direction for the overall cyber risk of the organization.

·      Develop and implement a strategy and operating model that promotes a cyber risk-sensitive culture, driving risk-mitigating behaviour and raising awareness in the business.

·      Coordinate the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.

·      Provide direction, support, and in-house consulting in these areas.

 

---

QUALIFICATIONS

University education in business administration, information systems, or computer engineering.

·        Cybersecurity related certifications are an asset.

 

·        Minimum ten (10) years of experience in IT with demonstrated experience in security and cyber risk.

·        Strong experience in security policies and governance with an excellent background communicating operational and tactical risk to the business.

·        Solid experience in partnering with the business operations, ideally in a multi-site manufacturing environment.

·        Knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

·        Demonstrated success leading and developing a team of IT and security specialists.

·        Experience with external vendors, including RFP management and contract negotiation in collaboration with internal procurement.

 

·        Excellent written and verbal communication skills, combined with strong interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.

·        Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.

·        Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.

·        Excellent stakeholder management skills.

·        Strong leadership skills with demonstrated experience in coaching and mentoring a team.

        Strong analytical/problem solving skills and demonstrated success in driving complex strategies and projects.

·        Poise and ability to act calmly and competently in high-pressure situations.

·        High degree of initiative and dependability, and ability to work with little supervision while being resilient to change.

·        High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

·        Fluently bilingual in English and French – both written and spoken.

 Knowledge of English is required for this specific position as Kruger deals with partners across North America and the successful candidate will be required to communicate frequently with them. Kruger has taken all reasonable steps to avoid imposing English language requirements, including assessing the actual language needs associated with the duties to be performed, ensuring that the language skills already required of other employees were insufficient for the performance of those duties, and limiting as much as possible the number of positions with duties requiring English language skills.