Manager, Information Security - Markham, Canada - Black & McDonald Limited

Black & McDonald Limited

Verified Company

Markham, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Position:
Manager, Information Security & Compliance

Location:
Markham

Details:
Full-time, hybrid

The Company:

Founded over 100 years ago in 1921, Black & McDonald is an integrated, multi-trade service provider that safely delivers high-quality construction, facilities management, and technical solutions to government, institutional and industry clients.

We are a forward-thinking organization with a strong track record of delivering customer-focused solutions and operational excellence.

Position Overview:

Reporting to the Vice President, IT and collaborating closely with the senior leadership, the Manager Information Security & Compliance (IS&C) is
accountable for the enterprise information security program and related compliance and governance structures

The Manager, IS&C ensures security programs are in place to mitigate cyber risks, comply with regulatory requirements and to respond to incidents if/when they occur.

In this position you will manage an IT team responsible for implementing programs as well as day-to-day security operations.

Key Accountabilities:

Leads information security and compliance function.

-
Develops and implements information security management program in accordance with recognized security and technology governance frameworks such as CIS, ISO and COBIT and in alignment with business priorities.

Collaborates with the VP, IT and other senior executives and officers to provide leadership, operational expertise and strategic direction to the organization and all operational teams.
Reviews IT and security governance structures, processes, & procedures to prevent security breaches, major incidents, and noncompliance with regulatory requirements.

-
Monitors and conducts ongoing assessments of security standards necessary for breach prevention, detection, and remediation.

Assesses security infrastructure, cloud environments, including access management, firewall protection, and vulnerability assessment and testing and makes recommendations for improvement.
Provides reports to executive management and other stakeholders on IT and security matters,
Delivers user education programs on security to support compliance objectives and improve security awareness.
Implements security incident response plans and serves as the response lead during incidents.
Facilitates development of IT and security policies, standards and procedures and performs ongoing assessments to ensure continuous improvement and reports on compliance.
Contributes to the
business strategies and plans, bringing security and governance expertise; ensures the security strategies align with the company's strategic goals.
Provides mentorship, staff development and participates in succession planning.
Coaches and develops team members on risk management.
Manages other initiatives as required.

Education and Qualification Requirements:

Postsecondary education in IT or a suitable combination of education and experience.
Industry certifications such as
CISSP, CCSP, CISA, CISM or similar are expected.
Knowledgeable in frameworks such
as COBIT 5, ISO 27002, and ITIL and using these to assess and address IT governance and control gaps in organizations.
Ability to develop policies and procedures relating to IT/security governance and educate IT colleagues on governance and controls issues, particularly segregation of duties, documentation standards required, audit logs and audit trails, etc.
Proven experience in overseeing/developing IT security architecture and security improvement roadmaps.
Experience with cloud computing environments
Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, antimalware, and endpoint security management.
Ability to keep current with IT security developments and vulnerabilities.
Proven experience in relationship and stakeholder management.
Ability to obtain background checks and disclosure of personal and financial information if needed for access to restricted parts of our IT infrastructure.