Information Security Lead

SUMMARY:

My client is seeking an Information Security Compliance Manager to identify, manage, and report on the company’s compliance regulatory, legislative, and contractual requirements. Responsibilities will include performing reviews, assessments, and audits, conducting research and facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.

POSITION INFO:

Strategy and Planning

• Improve existing compliance programs and processes.
• Develop, review, and modify information security and privacy policies.
• Design and execute audit procedures to assess and measure company compliance with its security policies and procedures.
• Monitor advancements in information privacy laws to ensure organizational adaptation and compliance.
• Determine whether a security incident violates a privacy principle or legal standard requiring legal action.

Compliance and Audit Assessments

• Manages compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required.
• Conducts internal security risk assessments and security compliance audits.
• Establishes IT security audit procedures
• Coordinates third-party audits.

Communication

• Develop materials and tools to effectively communicate compliance and corporate requirements.
• Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders.
• Document, investigate, and report cybersecurity compliance issues and incidents, where necessary.
• Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
• Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
• Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
• Liaise with relevant parties to commission activities relating to contingency planning, business continuity management, and IT disaster recovery.

Formal Education & Certification

• University degree in Computer Science or related discipline required.
• Minimum of 3 years of IT experience.
• CISSP, CISA, CISM, or other relevant security-related designation(s) an asset.

Knowledge & Experience

• Significant knowledge of and experience with legal and regulatory compliance standards such as [GDPR, PCI-DSS, ISO 2700-1, NIST 800-23, HIPAA, HITRUST, etc.].
• Experience with IT governance, risk, and compliance management.
• Knowledge of computer networking concepts and protocols and network security methodologies.
• Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of risk management processes.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.

NB! This job is now closed. You can apply for other jobs by uploading your CV.