Compliance & Audit Manager, Information Security

The Opportunity: WSP is a global consulting firm assisting public and private clients to plan, develop, design, construct, operate and maintain thousands of critical infrastructure projects around the world.
WSP's Information Security Office (ISO) is responsible for the deployment and maintenance of the information security framework for both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients. 
We are currently seeking an experienced Information Security Compliance and Audit Manager to lead the design, optimization, and implementation of our compliance program based on ISO27K. Your primary responsibilities will include overseeing the entire internal audit ISO27K lifecycle, from planning and scoping to execution and reporting, with a strong emphasis on identifying and mitigating security risks. You will collaborate closely with cross-functional teams, including IT, compliance, and risk management, to drive continuous improvement and ensure alignment with best practices (e.g: ISO 27001, NIST). Effective communication skills are essential to convey audit findings, provide actionable recommendations, and influence stakeholders to prioritize information security initiatives.
If you have excellent communication skills, a strong understanding of Compliance, and a passion for driving continuous improvement, we encourage you to apply for this pivotal role.
We value and are committed to upholding a culture of inclusion and belonging
Our Flexible Work Policy – we recognize the importance of balance in our lives and encourage you to prioritize the balance in yours. We will support you on and off the job so you can be fully present in both your work and home lives.
Enhance the world around you - from the environment to the highways, to the buildings and the terrain, WSP is the fabric of Canada.
We offer attractive pay, flexible work options, a great corporate culture, comprehensive and employee-focused benefits including virtual healthcare and a wellness platform as well as great savings programs, and a clear vision for the future.
#Audit Execution & Reporting: Review audit evidence across IT systems and processes as part of the ISO27K internal audit lifecycle, assess compliance with ISO 27001 requirements, and issue structured audit reports that highlight findings, recommend corrective actions, and support continuous improvement.
Develop and Implement Audit Plans: Lead the development and implementation of comprehensive audit plans tailored to assess compliance with ISO27K and other best standards (i.e: NIST)
Execute Audits: Lead and conduct audits of IT systems, processes, and controls to evaluate adherence to ISO27K requirements, ensuring the effectiveness and adequacy of information security measures.
Provide Recommendations: Analyse audit findings and provide actionable recommendations to enhance information security posture, mitigate risks, and address any non-compliance with best standards ISO27K.
Collaborate with Stakeholders: Collaborate closely with global and regional IT teams, business units, and other stakeholders to communicate audit objectives, gather relevant information, and foster a culture of continuous improvement in information security practices.
Stay Current with Standards: Stay abreast of developments in information security best practices, industry standards, and regulatory requirements related to best standards (e.g: ISO 27001, NIST), and incorporate relevant updates into the audit program as needed.
Minimum of combined 5-year specialization in compliance, audit, or risk management activities.
Knowledge of, and experience with, current IT/Information Security/Governance frameworks (e.g., Knowledge of security technologies and best practices, pertinent regulation and legislation, risk management and operations with relation to systems, applications, network, and client setups.
Proficient with MS Office and GRC tools (e.g., Service-Now IRM).
Excellent interpersonal skills, including interfacing effectively with a broad range of people and roles, such as Regional Information Security Officers, Accounting/ Finance, Internal Audit, Financial Compliance, and other corporate functions.
and the ability to take initiative with minimal direction.
Possess strong time management to meet deadlines.
Accommodation of schedule for international conference calls.
Bachelor's degree in an IT, Computer Science/Engineering - or related field, or a similar level of training.