Job Description
Position: Senior Manager, Information Security & Compliance (CISO) Location: Markham
Details: Full-time, hybrid
*No contractors, and no full-remote work*
The Company Founded over 100 years ago in 1921, Black & McDonald is an integrated, multi-trade service provider that safely delivers high-quality construction, facilities management, and technical solutions to government, institutional and industry clients. We are a forward-thinking organization with a strong track record of delivering customer-focused solutions and operational excellence.
Position Overview Reporting to the CIO and collaborating closely with the senior leadership, the Manager Information Security & Compliance (IS&C) is
accountable for the enterprise information security program and related compliance and governance structures The Manager, IS&C ensures security programs are in place to mitigate cyber risks, comply with regulatory requirements and to respond to incidents if/when they occur. In this position you will manage an IT team responsible for implementing programs as well as day-to-day security operations.
Key Accountabilities - Leads information security and compliance function.
- Develops and implements information security management program in accordance with recognized security and technology governance frameworks such as CIS, ISO and COBIT and in alignment with business priorities.
- Collaborates with the CIO and other senior executives and officers to provide leadership, operational expertise and strategic direction to the organization and all operational teams.
- Reviews IT and security governance structures, processes, & procedures to prevent security breaches, major incidents, and non-compliance with regulatory requirements.
- Monitors and conducts ongoing assessments of security standards necessary for breach prevention, detection, and remediation.
- Assesses security infrastructure, cloud environments, including access management, firewall protection, and vulnerability assessment and testing and makes recommendations for improvement.
- Provides reports to executive management and other stakeholders on IT and security matters,
- Delivers user education programs on security to support compliance objectives and improve security awareness.
- Implements security incident response plans and serves as the response lead during incidents.
- Facilitates development of IT and security policies, standards and procedures and performs ongoing assessments to ensure continuous improvement and reports on compliance.
- Contributes to the business strategies and plans, bringing security and governance expertise; ensures the security strategies align with the company’s strategic goals.
- Provides mentorship, staff development and participates in succession planning.
- Coaches and develops team members on risk management.
- Manages other initiatives as required.
Education And Qualification Requirements - Post-secondary education in IT or a suitable combination of education and experience.
- Industry certifications such as CISSP, CCSP, CISA, CISM or similar are expected.
- Knowledgeable in frameworks such as COBIT 5, ISO 27002, and ITIL and using these to assess and address IT governance and control gaps in organizations.
- Ability to develop policies and procedures relating to IT/security governance and educate IT colleagues on governance and controls issues, particularly segregation of duties, documentation standards required, audit logs and audit trails, etc.
- Proven experience in overseeing/developing IT security architecture and security improvement roadmaps.
- Experience with cloud computing environments
- Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.
- Ability to keep current with IT security developments and vulnerabilities.
- Proven experience in relationship and stakeholder management.
- Ability to obtain background checks and disclosure of personal and financial information if needed for access to restricted parts of our IT infrastructure.
Black & McDonald welcomes and encourages applications from persons with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the recruitment and selection process.
#L!-CO1
Job Tags
Full time, Remote job, For contractors,