Head of Information Security

1 week ago


Montreal, Canada WSP Full time
Head of Information Security / VP of Information Security [OneIT]

WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

The role of Head of Information Securityreports to our Chief Information Security Officer and is responsible for leading a team of Business and Regional Information Security Officers across WSPs global business. It is a primarily internally facing role, though it may involve some interaction with clients and third parties.

This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party security management.

Responsibilities:

  • Information Security Strategy: Collaborate with the CISO to define the organization's information security strategy, vision, and goals. Translate strategic objectives into actionable plans and initiatives that align with business objectives and industry best practices.
  • Team Leadership: Lead and manage a team of Information Security Officers located across WSPs regions. Provide guidance, mentorship, and support to ensure their professional development and effective execution of their responsibilities.
  • Information Security Governance: Oversee WSPs implementation and maintenance of itsISO27001 certified Data and Information Security Management System. Establish and maintain theInformation Security Governance framework; including running theInformation Security Committees; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes.
  • Risk Management: Oversee the identification, assessment, and mitigation of information security risks. Work closely with cross-functional teams to ensure risk management practices are embedded in business processes and projects. Monitor the effectiveness of risk mitigation measures and drive continuous improvement.
  • Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs to promote a security-conscious culture throughout the organization. Collaborate with stakeholders to address security education needs and ensure employees understand their roles and responsibilities in protecting information assets.
  • Acquisition, Mergers and Integrations: Direct the security matters relating to all aspects of Acquisitions, Mergers, Integrations and Divestments. Including the security evaluation of potential acquisitions through to the integration of the acquired businesses into WSP’s security ecosystem.
  • Client Support: Develop and maintain a program of client support, to ensure that all client security requirements are identified, assessed, delivered and reported to relevant business leaders.
  • Vendor and Third-Party Risk Management: Develop and maintain a robust vendor and third-party risk management program. Conduct assessments of vendors and service providers to ensure they meet information security requirements and adhere to contractual obligations.
  • Incident Response and Management: Develop and maintain an incident response plan and coordinate the response to information security incidents. Lead investigations, root cause analyses, and corrective actions to mitigate the impact of incidents and prevent future occurrences.
  • Security Incident Reporting and Metrics: Develop and maintain metrics, reports, and dashboards to track the effectiveness of the information security program. Provide regular updates to senior leadership on the organization's security posture and recommend remedial actions as needed.

Leadership and People Responsibilities:

  • Displays personal and team leadership in performing their role, with an ability to make complex decisions with limited input and review from senior staff.
  • High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
  • Assist in the training, and coaching of new and existing staff, and provide coaching to staff executing all aspects of information security and risk assessment and support.
  • Develop positive working relationships with other team members and business partners and partner across teams to align with WSP internal and external client demands.
  • Capable of rapidly assimilating and internalizing complex business, technology, and risk management concepts and dependencies.
  • Capable of clearly defining, presenting and selling recommended strategies to senior management teams.
  • Critical thinker with strong problem-solving skills, project management skills; financial/budget management, scheduling and resource management.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate between specialized groups of business unit and IT professionals.
  • Accommodation of schedule for international conference calls.

Finance/Budgetary Responsibilities:

  • Support the CISO in developing the budget projections based on objectives
  • Responsible for the budget for the Information Security Office

Requirements:

Required

  • 10+ years related senior level experience in Information Security, IT risk, IT Audit or a similar position involving IT and business change, including leading a team of IT professionals.
  • Graduate of a four-year college or university, preferably with a degree in computer science or information management, or Professional certification in one or more of the following disciplines — IT governance (e.g., CGEIT), security (e.g., CISSP, CISM), internal audit (CISA).
  • Working (not necessarily technical) knowledge of security technologies (encryption, data protection, network intrusion prevention, host intrusion prevention, firewalls, privilege access, etc.)
  • Working (not necessarily technical) knowledge of enterprise IT security concerns and technologies, including but not limited to VPNs, network security, encryption, authentication, application-level network protocols, PKI, IPSec, Firewall, SSH, SSL, DES, LAN/WAN, and TCP/IP
  • Knowledge of security best practices (applications, network and client setups)
  • Experience with IT Governance frameworks such as COBIT, ITIL and ISO 2700x
  • Experience with governance, compliance and audit within IT environments
  • Experience of risk management, including risk analysis, mitigation and monitoring
  • Knowledge of information security regulations applicable to WSP
  • Fluent Bilingual English and French

Preferred

  • Master's degree in IT, Computer Science, Engineering or related field

WSPis one of the world's leading professional services firms. Our purpose is to future proof our cities and environments.

We have over 65,000 team members across the globe. In Canada, our 12,000+ people are involved in everything from environmental remediation to urban planning, from engineering iconic buildings to designing sustainable transportation networks, from finding new ways to extract essential resources to developing renewable power sources for the future.

AtWSP:

  • We value ourpeople and our reputation
  • We are locally dedicated with international scale
  • We are future focused and challenge the status quo
  • We foster collaboration in everything we do
  • We have an empowering culture and hold ourselves accountable
Position Summary

WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

The role of Head of Information Securityreports to our Chief Information Security Officer and is responsible for leading a team of Business and Regional Information Security Officers across WSPs global business. It is a primarily internally facing role, though it may involve some interaction with clients and third parties.

This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party security management.

Responsibilities:

  • Information Security Strategy: Collaborate with the CISO to define the organization's information security strategy, vision, and goals. Translate strategic objectives into actionable plans and initiatives that align with business objectives and industry best practices.
  • Team Leadership: Lead and manage a team of Information Security Officers located across WSPs regions. Provide guidance, mentorship, and support to ensure their professional development and effective execution of their responsibilities.
  • Information Security Governance: Oversee WSPs implementation and maintenance of itsISO27001 certified Data and Information Security Management System. Establish and maintain theInformation Security Governance framework; including running theInformation Security Committees; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes.
  • Risk Management: Oversee the identification, assessment, and mitigation of information security risks. Work closely with cross-functional teams to ensure risk management practices are embedded in business processes and projects. Monitor the effectiveness of risk mitigation measures and drive continuous improvement.
  • Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs to promote a security-conscious culture throughout the organization. Collaborate with stakeholders to address security education needs and ensure employees understand their roles and responsibilities in protecting information assets.
  • Acquisition, Mergers and Integrations: Direct the security matters relating to all aspects of Acquisitions, Mergers, Integrations and Divestments. Including the security evaluation of potential acquisitions through to the integration of the acquired businesses into WSP’s security ecosystem.
  • Client Support: Develop and maintain a program of client support, to ensure that all client security requirements are identified, assessed, delivered and reported to relevant business leaders.
  • Vendor and Third-Party Risk Management: Develop and maintain a robust vendor and third-party risk management program. Conduct assessments of vendors and service providers to ensure they meet information security requirements and adhere to contractual obligations.
  • Incident Response and Management: Develop and maintain an incident response plan and coordinate the response to information security incidents. Lead investigations, root cause analyses, and corrective actions to mitigate the impact of incidents and prevent future occurrences.
  • Security Incident Reporting and Metrics: Develop and maintain metrics, reports, and dashboards to track the effectiveness of the information security program. Provide regular updates to senior leadership on the organization's security posture and recommend remedial actions as needed.

Leadership and People Responsibilities:

  • Displays personal and team leadership in performing their role, with an ability to make complex decisions with limited input and review from senior staff.
  • High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
  • Assist in the training, and coaching of new and existing staff, and provide coaching to staff executing all aspects of information security and risk assessment and support.
  • Develop positive working relationships with other team members and business partners and partner across teams to align with WSP internal and external client demands.
  • Capable of rapidly assimilating and internalizing complex business, technology, and risk management concepts and dependencies.
  • Capable of clearly defining, presenting and selling recommended strategies to senior management teams.
  • Critical thinker with strong problem-solving skills, project management skills; financial/budget management, scheduling and resource management.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate between specialized groups of business unit and IT professionals.
  • Accommodation of schedule for international conference calls.

Finance/Budgetary Responsibilities:

  • Support the CISO in developing the budget projections based on objectives
  • Responsible for the budget for the Information Security Office

Requirements:

Required

  • 10+ years related senior level experience in Information Security, IT risk, IT Audit or a similar position involving IT and business change, including leading a team of IT professionals.
  • Graduate of a four-year college or university, preferably with a degree in computer science or information management, or Professional certification in one or more of the following disciplines — IT governance (e.g., CGEIT), security (e.g., CISSP, CISM), internal audit (CISA).
  • Working (not necessarily technical) knowledge of security technologies (encryption, data protection, network intrusion prevention, host intrusion prevention, firewalls, privilege access, etc.)
  • Working (not necessarily technical) knowledge of enterprise IT security concerns and technologies, including but not limited to VPNs, network security, encryption, authentication, application-level network protocols, PKI, IPSec, Firewall, SSH, SSL, DES, LAN/WAN, and TCP/IP
  • Knowledge of security best practices (applications, network and client setups)
  • Experience with IT Governance frameworks such as COBIT, ITIL and ISO 2700x
  • Experience with governance, compliance and audit within IT environments
  • Experience of risk management, including risk analysis, mitigation and monitoring
  • Knowledge of information security regulations applicable to WSP
  • Fluent Bilingual English and French

Preferred

  • Master's degree in IT, Computer Science, Engineering or related field

WSPis one of the world's leading professional services firms. Our purpose is to future proof our cities and environments.

We have over 65,000 team members across the globe. In Canada, our 12,000+ people are involved in everything from environmental remediation to urban planning, from engineering iconic buildings to designing sustainable transportation networks, from finding new ways to extract essential resources to developing renewable power sources for the future.

AtWSP:

  • We value ourpeople and our reputation
  • We are locally dedicated with international scale
  • We are future focused and challenge the status quo
  • We foster collaboration in everything we do
  • We have an empowering culture and hold ourselves accountable
Please Note:
Health and Safety is a core paramount value of WSP. Given the importance of keeping one another safe it is expected that you comply with our Health, Safety & Environment (HSE) policy at all times as well as client HSE policies when working at client locations.

Offers of employment for safety-sensitive positions involving fieldwork are contingent upon candidates being able to perform key physical tasks of the job as described in the job posting and interview. This may include the ability to work in a variety of environmental conditions, such as remote or isolated areas, working alone, and in inclement weather (within safe and reasonable limits).

WSP welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

WSP is committed to the principles of employment equity. Only the candidates selected will be contacted.

WSP does not accept unsolicited resumes from agencies. For more information pleaseREAD THE FULL POLICY.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr

  • Montreal, Canada WSP Full time

    Position Summary WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our...


  • Montreal, Canada WSP Full time

    Position Summary WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our...


  • Montreal, Canada WSP Full time

    Position Summary WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our...

  • Information Security Engineer III

    Found in: Talent CA C2 - 2 days ago


    Montreal, Canada US Tech Solutions Full time

    JOB DESCRIPTION: Cyber Security Specialist Months Montreal, QC Hybrid The position at a glance We are currently seeking an IT Infra & Cyber Security Specialist with expertise in Vulnerability Management to be located in our Montreal site. This position will report to the Production Security Vulnerability Management head. In detail •...

  • Business Information Security Officer

    Found in: Talent CA C2 - 2 weeks ago


    Montreal, Canada WSP Full time

    Description About WSP At WSP, we are driven by inspiring future-ready pioneers to innovate. We’re looking to grow our teams with people who are ready to collaborate in building communities and expanding our skylines. To do this, we hire candidates of all experiences, skillsets, backgrounds and walks of life. We actively foster a work environment and...


  • Montreal, Canada Barclay Simpson Full time

    Senior Information Security Manager required for a market-leading bank. The role will be focused on supporting the information security function with the management of 2 analysts. Responsibilities Adherence to the Information Security Standards by control owners Training and Awareness Programme Phishing Tests of staff, reporting and training Actionable...


  • Montreal, Canada Barclay Simpson Full time

    Senior Information Security Manager required for a market-leading bank. The role will be focused on supporting the information security function with the management of 2 analysts. Responsibilities Adherence to the Information Security Standards by control owners Training and Awareness Programme Phishing Tests of staff, reporting and training Actionable...


  • Montreal, Canada Barclay Simpson Full time

    Senior Information Security Manager required for a market-leading bank. The role will be focused on supporting the information security function with the management of 2 analysts. Responsibilities Adherence to the Information Security Standards by control owners Training and Awareness Programme Phishing Tests of staff, reporting and training Actionable...

  • IT Security Specialist

    Found in: beBee jobs CA - 1 week ago


    Montreal, Quebec, Canada DELAN - IT Head Hunters Full time

    Tasks/Responsibilities We are currently looking for an IT Security Specialist for a 6-month contract with the possibility of being renewed. MANDATEContribute to the effectiveness of the company's Security Operations Center (SOC) Monitor vulnerabilities, analyze security incidents, and document them in the system Apply the necessary solutions and procedures...

  • Security Researcher

    Found in: Talent CA C2 - 1 week ago


    Montreal, Canada Ubisoft Full time

    Job DescriptionUbisoft Security & Risk Management (SRM) department, a part of Ubisoft IT, is looking for a Security Researcher embedded in Rainbow 6 Siege (R6).As a Security Researcher, you will be responsible for conducting an in-depth analysis of security vulnerabilities in R6, analyzing exploits, and devising countermeasures to enhance the security...

  • Security Researcher

    7 days ago


    Montreal, Canada Ubisoft Entertainment Full time

    Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to...

  • Security Researcher

    1 week ago


    Montreal, Canada Ubisoft Entertainment Full time

    Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to...

  • Security Researcher

    2 weeks ago


    Montreal, Canada Ubisoft Entertainment Full time

    Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to enrich players’ lives with original and memorable gaming experiences. Their commitment and talent have brought to life many acclaimed franchises such as Assassin’s Creed, Far Cry, Watch Dogs, Just Dance, Rainbow Six, and many more to...

  • information technology

    Found in: Talent CA 2 C2 - 4 days ago


    Montreal, Canada ilir inc Full time

    Work Term: PermanentWork Language: FrenchHours: 40 hours per weekEducation: Bachelor's degreeExperience: 5 years or moreInformation technology or equivalent experienceWork settingConsulting firmTasksConfer with clients to identify requirementsDocument technical requirements to ensure that products, processes and solutions meet business requirementsPrepare...

  • information technology

    Found in: Talent CA 2 C2 - 3 days ago


    Montreal, Canada ilir inc Full time

    Durée de l'emploi: PermanentLangue de travail: FrançaisHeures de travail: 40 hours per weekEducation: Expérience: EducationBachelor's degreeInformation technology or equivalent experienceWork settingConsulting firmTasksConfer with clients to identify requirementsDocument technical requirements to ensure that products, processes and solutions meet business...

  • Security Researcher

    7 days ago


    Montreal, Canada Ubisoft Full time

    Ubisoft Welcome to the official website for Ubisoft, creator of Assassin's Creed, Just Dance, Tom Clancy's video game series, Rayman, Far Cry, Watch Dogs and many others. Learn more about our breathtaking games here! View company page Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to...

  • Security Researcher

    2 weeks ago


    Montreal, Canada Ubisoft Full time

    Ubisoft Welcome to the official website for Ubisoft, creator of Assassin's Creed, Just Dance, Tom Clancy's video game series, Rayman, Far Cry, Watch Dogs and many others. Learn more about our breathtaking games here! View company page Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to...

  • Security Researcher

    1 week ago


    Montreal, Canada Ubisoft Full time

    Ubisoft Welcome to the official website for Ubisoft, creator of Assassin's Creed, Just Dance, Tom Clancy's video game series, Rayman, Far Cry, Watch Dogs and many others. Learn more about our breathtaking games here! View company page Ubisoft’s 19,000 team members, working across more than 30 countries around the world, are bound by a common mission to...

  • IT Security Specialist

    Found in: beBee S CA - 3 weeks ago


    Montreal, Canada DELAN - IT Head Hunters Full time

    Tasks/Responsibilities We are currently looking for an IT Security Specialist for a 6-month contract with the possibility of being renewed. MANDATE Contribute to the effectiveness of the company's Security Operations Center (SOC) Monitor vulnerabilities, analyze security incidents, and document them in the system Apply the necessary solutions and...

  • Expert, Information Security Third Party Risk Management

    Found in: Talent CA C2 - 1 week ago


    Montreal, Canada CN Full time

    Job Summary The purpose of this role is to maintain and grow an industry leading Information Security Third Party Risk Management (TPRM) practice to support the mission of empowering the business by building resilience against evolving cyber threats. This will include program governance, policy and guideline development, risk assessments, information...