Supervisor II, Cyber Supply Chain Risk Management

The Cyber Supply Chain Risk Management Supervisor will lead the cyber supply chain risk management team for the IT Cybersecurity GRC group. This role supports the IT Cybersecurity team in managing multiple domains of cyber risk in an increasingly complex and challenging cyber supply chain. The CSCRM Supervisor shall focus their expertise upon cyber supply chain controls, vulnerabilities, threats, and the impacts that have the potential to harm Liberty Utilities.

The CSCRM Supervisor will ensure suppliers are assessed for an adequate security program to appropriately address the cyber risks posed to Liberty Utilities. In addition to overseeing and sometimes performing assessments, this role will assist with creating or updating policies, standards, procedures, and supporting tools. Daily activities may include providing guidance to junior level analysts, performing assessments, documenting findings, and providing risk-based recommendations to stakeholders. This role requires collaboration with representatives from a broad range of roles and functions of the organization (e.g., information technology, physical security, procurement/acquisition, legal, logistics, marketing, and business development).

GRC experience is a requirement and incumbent must demonstrate expertise of security risk identification, response, and continuous monitoring. Requiring in-depth understanding of cyber security frameworks, for example: NIST CSF, NIST 800-53, NIST 800-171, NIST 800-61, NIST 800-86, FedRAMP, ISO27001, CSA Star, and their application to security operational capacities. A requirement is also to be familiar with GRC tools such as Archer GRC, ServiceNow GRC, MetricStream, etc.

#LI-Remote

• Supervise the Supply Chain Risk Management (SCRM) program which illuminates potential security risks and informs the business and IT on effective countermeasures to fortify the supply chain of the enterprise
• Lead and foster enterprise-wide commitment involving multiple disciplines including comprehensive information sharing and adherence of industry practices pertaining to cyber SCRM.
• Support implementation of Liberty Utilities GRC tool, Archer GRC, by providing requirements, performing testing, and creating procedures related to the tool's usage by the SCRM team.
• Perform SCRM assessments and due diligence by assessing products, service providers, and other third parties.
• Assist in the incorporation of the SCRM Requirements into commercial terms and contracts. Use the SCRM-related cybersecurity, compliance and risk requirements as a primary metric within commercial terms (such as cost, schedule, and performance) for measuring a vendor's compliance with the contract. Leverage the NIST SP 800-161 and standard enterprise cybersecurity terms as guidelines.
• Monitor the compliance of vendors to the Liberty Utilities SCRM-related security requirements throughout the supply chain lifecycle, including the termination and offboarding of supplier relationships

• University - Bachelor degree or equivalent experience
• 5 +years of cybersecurity experience
• Relevant security certifications is an asset (i.e., GCIA, GCIH, GSOC, Security+, CISSP,CRISC etc.)
• Experience with legal contract reviews
• Cyber Risk Assessment Experience
• GRC tool implementation and management is a requirement
• Strong leadership skills and have the ability to coach and mentor a team