WSP Group

Senior Manager for Technology and Cyber Risk

Organization/department: Information Security Office

Reports to: Global IT Risk Director

Direct reports: 2 to 3

Effective date: March 2024

About WSP

(HR to review and complete)

WSP is one of the world’s leading engineering and professional services firms. Our 67,000 trusted professionals are united by the common purpose — to create positive, long-lasting impacts on the communities we serve through a culture of innovation, integrity, and inclusion.

Senior Manager for Technology and Cyber Risk (flexible location)

WSP’s Information Security Office (ISO) is responsible for the deployment and maintenance of the information security framework for both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

To run our global Technology & Cyber Risk Management process, we are seeking a talented and experienced Senior Manager for Technology and Cyber Risk. This role will report to the Global Director of IT Risk.

As a Senior Manager for Technology and Cyber Risk, your primary role will be to manage the full IT Risk Process from identification, assessment, mitigation and monitoring. This role is a key player in fostering relationships and coordinating efforts to manage technology-related risks. It calls for a strong analytical ability, and the capacity to work effectively in a diverse, global environment.

MAIN RESPONSIBILITIES

Implement and maintain a comprehensive and effective IT risk management practice across the WSP global IT organisation. This should include identification of potential IT risks, the evaluation of their impact, the formulation of strategies to mitigate these risks, and the tracking of their mitigation and/or acceptance. Conduct regular monitoring and review of the IT risk management process to ensure its effectiveness and alignment to the organization’s risk appetite and business objectives.

Establish reporting and communication methods that ensure that relevant stakeholders within IT and business leadership have an accurate and timely view of IT risks. Analyse and process data related to risk, issues, and deficiencies to identify patterns and trends.

Work with WSPs Executive Risk Management (ERM) team on the evaluation and reporting of relevant IT Risks as part of the ERM process.

Lead and manage a team of risk analysts, fostering a collaborative environment that encourages open communication, mutual respect, and shared responsibility in managing cyber and technology risks.

Deliver risk management training within the IT community and establish a culture of risk-aware decision-making, accountability, and a commitment to maintaining an effective control environment.

Own and manage the evolution of the Integrated Risk Management Platform (Service-Now IRM). This includes entities, risk statements and controls management.

Be a subject matter expert in relation to IT risk and risk mitigation. Empower IT stakeholders to assume responsibility for the IT risks in their respective areas and encourage them to report any potential IT risks.

The successful candidate will work directly with all levels of IT Leadership and business stakeholders to ensure issues and risks are well understood so that effective decisions can be made.

Leadership and People Responsibilities:

Displays leadership and independence in performing their role.

High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.

Develop positive working relationships with other team members and business partners and partners across teams to align with WSP internal and external client demands.

Capable of rapidly assimilating and internalizing complex business, technology, and risk management concepts and dependencies.

Able to exercise judgement when policies are not well-defined.

Critical thinker with strong problem-solving and organization skill.

Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate between specialized groups of business unit and IT professionals.

Ability to work with people from different backgrounds and cultures across the region and the world.

Accommodation of schedule for international conference calls.

Requirements:

About you:

8+ years related senior level experience in Information Security, IT Audit with at least 2 years in Risk Management.

Bachelor’s degree in information technology, Computer Science, Engineering, or related field.

Experience working in large/global enterprise IT.

Working (not necessarily technical) knowledge of enterprise IT security concerns and technologies, including but not limited to VPNs, network security, encryption, authentication, application-level network protocols, Firewall, LAN/WAN, and TCP/IP

Knowledge of technology best practices (applications, network, etc)

Experience with IT Governance frameworks such as NIST and ISO 2700x

Experience with governance, compliance and audit within IT environments

Experience of risk management, including risk analysis, mitigation and monitoring

Knowledge of information security regulations

Excellent interpersonal and communication skills, able to interact with different layers of management.

Ability to work with minimal supervision and little to no instructions.

Strong organizational and project management skills.

Excellent analytical and diagnostic problem-solving skills

Demonstrated experience in understanding and demonstrating compliance with information security requirements.

Limited travelling may be required.

Due to the nature of this role, you may need to work outside of standard business hours occasionally.

* *

Preferred

Knowledge of Service-Now Integrated Risk Management platform (IRM)

Professional certification in one or more of the following disciplines — IT governance (e.g., CGEIT), security (e.g., CISSP, CISM), internal audit (CISA) or Payment Card Industry (PCI)

WSP Benefits

WSP provides a comprehensive suite of benefits focused on a providing health and financial stability throughout the employee’s career. These benefits include coverage related to medical, dental, vision, disability, and life; retirement savings; paid sick leave; paid vacation (or other personal time); paid parental leave; and paid time off for purposes of bereavement, voting, and/or attendance at naturalization proceedings.

Compensation:

Expected Salary (all locations): $140,000 - $190,300

WSP USA is providing the compensation range that the company in good faith believes it might pay and offer for this position, based on the successful applicant’s education, experience, knowledge, skills, abilities in addition to internal equity and specific geographic location. WSP USA reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant’s sex or other status protected by local, state, and/or federal law.

Expected Salary (Colorado only): $140,000 - $190,300

WSP USA is providing the compensation range that the company in good faith believes it might pay and/or offer for this position within the state of Colorado, based on the successful applicant’s education, experience, knowledge, skills, and abilities in addition to internal equity and specific geographic location. WSP USA reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant’s sex or other status protected by local, state, and/or federal law.

About WSP

WSP USA is the U.S. operating company of WSP, one of the world's leading engineering and professional services firms. Dedicated to serving local communities, we are engineers, planners, technical experts, strategic advisors and construction management professionals. WSP USA designs lasting solutions in the buildings, transportation, energy, water and environment markets. With more than 15,000 employees in over 300 offices across the U.S., we partner with our clients to help communities prosper.

www.wsp.com

WSP provides a flexible and agile workplace model while meeting client needs. Employees are also afforded a comprehensive suite of benefits including medical, dental, vision, disability, life, and retirement savings focused on providing health and financial stability throughout the employee’s career.

At WSP, we want to give our employees the challenges they seek to grow their careers and knowledge base. Your daily contributions to your team will be essential in meeting client objectives, goals and challenges. Are you ready to get started?

WSP USA (and all of its U.S. companies) is an Equal Opportunity Employer Race/Age/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Disability or Protected Veteran Status.

The selected candidate must be authorized to work in the United States.

NOTICE TO THIRD PARTY AGENCIES:

WSP does not accept unsolicited resumes from recruiters, employment agencies, or other staffing services. Unsolicited resumes include any resume or hiring document sent to WSP in the absence of a signed Service Agreement where WSP has expressly requested recruitment/staffing services specific to the position at hand. Any unsolicited resumes, including those submitted to hiring managers or other business leaders, will become the property of WSP and WSP will have the right to hire that candidate without reservation – no fee or other compensation will be owed or paid to the recruiter, employment agency, or other staffing service.