Job Specifications
Position Title: Manager, Cyber Risk Management
Position Type: Regular - Full-Time
Requisition ID: 39340
At McCain, we believe in meaningful technology – using digital technology not just for innovation, but to make a difference globally. Join a team where innovation drives purpose and technology shapes the future. This is your chance to develop sought-after expertise, work on exciting, high-impact projects, and create solutions that truly make a difference. If you're ready to push boundaries, tackle purposeful challenges, and build a career that matters, we want you on our team.
In every role, McCainers are ambitious, curious, and passionate about creating exceptional work experiences - together. With a customer-first mindset, we make doing business with McCain easy.
About The Role.
This high profile role will report directly to the CISO. They will be responsible for contributing to the design, implementation, operationalization, and sustainment of McCain’s cyber risk function, including Third Party Risk Management (TPRM). This role will collaborate with various departments to foster a culture of compliance and mitigate risks associated with critical systems. This is an existing vacancy for McCain which is actively seeking to be hired.
What You’ll Be Doing.
Cyber Risk Management:
Lead and conduct risk assessments across technology platforms and architectures, including but not limited to cloud, AI and SaaS based solutions.
Maintain McCain cyber risk framework (e.g. IT and AI risk frameworks), ensuring alignment across IT and business functions.
Actively govern cyber risk in the McCain risk register.
Define KRIs and KPIs to provide cyber risks insights to McCain executives.
Empower technology teams to establish cyber risk ownership and action plans for remediation.
Develop and lead annual maturity and audit assessments as per annual plans (e.g. SWIFT and NIST-based assessments)
Third Party Risk Managament (TPRM)
Managing and enhancing a TPRM Security Program to mitigate security threats emanating from third-party vendors, suppliers, and strategic partner engagements.
Own oversight of the global third-party cyber risk governance strategy and framework.
Conducting comprehensive risk assessments of third-party vendors, suppliers, and strategic partners including evaluation of vendor security controls.
Engage with procurement and technology governance, risk and compliance stakeholders to represent third party cyber risk management interests in process integration efforts.
Contributing to the on-going development of the TPRM strategy, framework, policy, standards, processes and tools.
Reviewing risk management activities performed in relation to McCain’s third-party ecosystem.
Managing the completion of control assessment questionnaires and act as the point of contact with the third party to ensure completeness, consistency and quality of responses.
Participating in and supporting security related engagements such as audits and questionnaires.
Serve as a key interface with external and internal auditors for vendor security compliance related activities.
Establish KRI’s and KPI’s to report on and assess vendor security posture. Managing risk within organizational risk appetite.
Serve as a trusted advisor, providing input and commentary on overall TPRM program effectiveness to leadership and / or risk committees as required.
Collaborate with legal teams to ensure appropriate security language and controls are addressed in third-party contracts and other agreements.
Maintain a continuous monitoring program for Third Parties including cyber security incidents to ensure ongoing protection of McCain operations, IT and data assets.
Leadership Requirement
Demonstrated ability to lead cross-functional risk governance initiatives by proactively partnering across Digital Technology, business functions, legal, and procurement to break down silos and drive integrated solutions to complex cyber and third-party risk challenges. Proven track record of influencing without authority to align diverse stakeholders around a common risk management vision, priorities, and standards. Takes personal ownership for creating clarity in roles and decision-making, setting explicit expectations and KPIs that foster an environment of shared accountability and continuous improvement. Champions a culture where teams are empowered to act like owners, mindful of achieving both short-term and long-term risk objectives for the enterprise.
What You’ll Need To Be Successful.
You have 7+ years of experience managing Information Security risk and TPRM within medium to large sized organizations.
Firm understanding of AI risk frameworks and assessment techniques for Gen AI solutions.
Experience partnering with senior leadership on risk management initiatives
You have strong and proven leadership capabilities with communication, coaching, influence, negotiation and conflict resolution.
You have experience working with vendor risk management s
About the Company
At McCain, we believe food plays an important role in people’s lives, with the power to bring individuals, families, and communities together.
As a privately owned family company with over 67 years of experience, a presence in over 160 countries, and a global team of 23,000+ people, our values and culture are at the heart of everything we do. Our product quality, people and customer dedication help us achieve global sales in excess of CDN $14 billion. Through our investment and innovation agenda, we continue to be a globa...
Know more