Senior Program Lead – Vendor Risk Management

Are you looking for a role that will challenge you? CNL is looking for a dynamic, versatile leader with assessment and auditing experience and strong computer technology background, to develop and lead a supply chain audit and assessment program for digital products and services employed in operational technology environments. Critical infrastructure organizations rely on thousands of digital devices and software applications to perform safety and security functions. These assets need to be acquired, deployed, operated and maintained and each activity that involves a procurement transaction represents a cyber attack opportunity. For example, a compromise could occur at the manufacturer’s location, could be introduced by one of the manufacturer’s suppliers, could occur during transit to the end user, or could occur during maintenance by a third party – to name a few. To reduce supply chain risk, regulation, standards and contract language that address cyber security concerns are growing in importance and prevalence, and with them, the need to measure compliance. CNL is looking for an individual who can develop and execute a supply chain audit and assessment program that is focused on cyber security risk management. This will involve piloting and refining a prototype assessment methodology that takes a graded approach and is modelled upon commercial grade dedication and safety qualification processes for programmable electronic systems. This work will require education and engagement with customers and their suppliers, liaising with other departments to integrate associated processes and procedures with existing quality assurance and procurement processes, leading hands-on testing efforts, developing training, and in general, being a champion for advancing cyber security supply chain risk reduction among critical infrastructure industries. This is an opportunity to grow a team, shape a program, and be a change-maker in procurement practices of important digital equipment.

What you will be doing!

• Developing and leading a cyber security audit / assessment program for suppliers of computer-based systems and/or services used in safety, security or operationally significant applications.
• Performing planning activities to support audit/assessment/feasibility activities.
• Coordinating audit/assessment activity with team members.
• Evaluating supplier management, manufacturing, and service providers systems through documentation review, onsite observation and interviews, and testing.
• Identifying and document areas of conformance and non-conformance.
• Writing comprehensive reports and recommendations based on audit/assessment/feasibility findings.
• Reviewing audit/assessment results with suppliers and customers. Make presentations to stakeholders concerning audit results.
• Evaluating and approve corrective actions.
• Liaising with adjacent departments to support the integration of cyber security assessment and auditing practices with existing company processes and procedures (e.g., procurement, quality assurance, audits).
• Providing input to senior leadership to inform governance.
• Preparing policy and process documentation in support of the program.
• Preparing and deliver training material to support program implementation.
• Preparing and deliver training material to raise awareness among buyers and suppliers.
• Acting as a liaison and buyer contact for supplier audit and assessment projects.
• Assisting in the development of computer security contract terms with suppliers.
• Maintaining professional relationships with management, stakeholders, and suppliers. Co‑ordinate with these groups and be an influencer of change to these groups that results in a high level of satisfaction among internal and external participants. This includes communicating contentious and subtle issues and addressing potential conflicts.
• Other duties as assigned by your manager.
  
  

What We Are Looking For

• Education
• Candidates must have completed a post-secondary program in a science, engineering, or technology subject area or have equivalent experience.
• Experience
• Broad knowledge and extensive experience in computer security and/or broad knowledge and extensive experience in assessments and audits.
• Specialization in one or more areas of security by design, computer security, cyber security, information protection, software development lifecycle, engineering lifecycle, software testing, and critical infrastructure regulation and standards.
• Specialization in one or more areas of audit and assessments, procurement, and quality assurance.
• Familiarization with related provincial, national and international codes, standards and regulations.
• Requires experience in a leadership capacity to effectively motivate, coach, facilitate, and empower others to attain optimal work performance with a high level of personal responsibility and self-management.
• Knowledge, Skills & Abilities
• Ability to define problems, collect data, establish facts, and draw valid conclusions.
• Strong communication and interpersonal skills.
• Sound judgment, organizational, and analytical skills.
• Strong project management skills.
• Excellent computer, writing and presentation skills.
• Security Clearance Eligibility Required
• Level 2 Secret requires a minimum of 7 years of verifiable history in Canada, Australia, New Zealand, the United States, and/or the United Kingdom. CNL implements security screening in accordance with the Treasury Board of Canada Secretariat's “Standard on Security Screening” and the “Policy on Government Security.”
  

Why CNL?

Does working with a team across Canada to advance nuclear science and technology for a clean and secure world speak to you? We're reinventing ourselves to be the pacesetters so we can lead the charge in solving the problems that matter, like building the next generation of clean nuclear and hydrogen energy solutions, developing new and better-targeted cancer treatments, and continuing to lead the world in environmental remediation.

We Offer a Complete Total Rewards Package

• Paid time off (vacation, sick, floater & personal);
• Benefits effective day one, that’s right, no waiting period;
• Tuition support
• and a pension!
  
  

Do Our Priorities Resonate with You?

• Clean energy for today and tomorrow.
• Restore and protect the Environment.
• Contribute to the health of Canadians.
  
  

Location:

CNL’s Fredericton office, sits right in the capital city of Fredericton, New Brunswick. It’s a quaint city that is rich in culture and history and combines the comfort of a small town with world-class facilities.

CNL is committed to providing an atmosphere free from barriers that promotes equity, diversity and inclusion in achieving our mission. CNL welcomes and celebrates employees, stakeholders and partners of all racial, cultural, and ethnic identities. Read here further on our DE&I Commitment.

CNL also supports a workplace environment and a corporate culture that is built on our Core Values: Respect, Teamwork, Accountability, Safety, Integrity and Excellence which encourage equitable employment practices and career prospects inclusive of accommodations for all employees.

CNL is committed to being an equal-opportunity employer. If you require accommodation measures during any phase of the hiring process, please indicate via our ATS when applying. All information received in relation to accommodation requests will be kept confidential.

CNL recognizes and respects that the territory on which our Fredericton office is based is the unceded and unsurrendered traditional territory of the Wabanaki peoples – predominantly the lands of the Miꞌkmaq, Wolastoqey (Maliseet) and Peskotomahkati (Passamaquoddy). We express our gratitude and appreciation to those Indigenous people who have been living and working on these lands since time immemorial.