Senior Manager, Information Security & Compliance (CISO)

Position: Senior Manager, Information Security & Compliance (CISO)

Location: Markham

Details: Full-time, hybrid

*No contractors, and no full-remote work*

The Company:

Founded over 100 years ago in 1921, Black & McDonald is an integrated, multi-trade service provider that safely delivers high-quality construction, facilities management, and technical solutions to government, institutional and industry clients. We are a forward-thinking organization with a strong track record of delivering customer-focused solutions and operational excellence.

Position Overview:

Reporting to the CIO and collaborating closely with the senior leadership, the Manager Information Security & Compliance (IS&C) is accountable for the enterprise information security program and related compliance and governance structures

The Manager, IS&C ensures security programs are in place to mitigate cyber risks, comply with regulatory requirements and to respond to incidents if/when they occur. In this position you will manage an IT team responsible for implementing programs as well as day-to-day security operations.

Key Accountabilities:

• Leads information security and compliance function.
• Develops and implements information security management program in accordance with recognized security and technology governance frameworks such as CIS, ISO and COBIT and in alignment with business priorities.
• Collaborates with the CIO and other senior executives and officers to provide leadership, operational expertise and strategic direction to the organization and all operational teams.
• Reviews IT and security governance structures, processes, & procedures to prevent security breaches, major incidents, and non-compliance with regulatory requirements.
• Monitors and conducts ongoing assessments of security standards necessary for breach prevention, detection, and remediation.
• Assesses security infrastructure, cloud environments, including access management, firewall protection, and vulnerability assessment and testing and makes recommendations for improvement.
• Provides reports to executive management and other stakeholders on IT and security matters,
• Delivers user education programs on security to support compliance objectives and improve security awareness.
• Implements security incident response plans and serves as the response lead during incidents.
• Facilitates development of IT and security policies, standards and procedures and performs ongoing assessments to ensure continuous improvement and reports on compliance.
• Contributes to the business strategies and plans, bringing security and governance expertise; ensures the security strategies align with the company’s strategic goals.
• Provides mentorship, staff development and participates in succession planning.
• Coaches and develops team members on risk management.
• Manages other initiatives as required.

Education and Qualification Requirements:

• Post-secondary education in IT or a suitable combination of education and experience.
• Industry certifications such as CISSP, CCSP, CISA, CISM or similar are expected.
• Knowledgeable in frameworks such as COBIT 5, ISO 27002, and ITIL and using these to assess and address IT governance and control gaps in organizations.
• Ability to develop policies and procedures relating to IT/security governance and educate IT colleagues on governance and controls issues, particularly segregation of duties, documentation standards required, audit logs and audit trails, etc.
• Proven experience in overseeing/developing IT security architecture and security improvement roadmaps.
• Experience with cloud computing environments
• Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.
• Ability to keep current with IT security developments and vulnerabilities.
• Proven experience in relationship and stakeholder management.
• Ability to obtain background checks and disclosure of personal and financial information if needed for access to restricted parts of our IT infrastructure.

Black & McDonald welcomes and encourages applications from persons with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the recruitment and selection process.

#L!-CO1