Manager, Information Security

RATESDOTCA Group Ltd. Toronto, Ontario, Canada (Hybrid)

Are you ready to be part of a forward-thinking organization that thrives on creativity, collaboration, and growth? Look no further At rates.ca, we’re not just a workplace; we’re a community of passionate individuals who believe in pushing boundaries and making a difference. As a member of our team, you’ll be part of a dynamic community that values creativity, diversity, and continuous learning. We are looking for an individual who will share our energy and enthusiasm about helping Canadians make better money decisions.

Join us and let’s create something extraordinary together

**The Opportunity**:
Policy & Compliance Management
- Develop, review, and update information security policies, standards, and procedures aligned to security strategy, relevant regulations, and industry best practices.
- Collaborate with cross-functional teams, service providers, and other stakeholders to ensure consistent enforcement of policies and monitor compliance.
- Ensure the organization's adherence to applicable compliance frameworks, internal control framework, and guidelines set out by the leadership team.

Risk Management
- Implement risk management processes and capabilities to enable continuous monitoring of control effectiveness and key risk indicators.
- Identify, assess, and prioritize security risks associated with the group's information assets, systems, and services.
- Develop and implement security risk mitigation strategies and control measures to protect critical assets and sensitive information.
- Evaluate and manage cybersecurity risks associated with third-party vendors and service providers.
- Collaborate with procurement and legal teams to ensure that vendor contracts include appropriate security requirements.

Security Audits and Assessments
- Conduct regular security audits and risk assessments to identify vulnerabilities and consistently work towards the improvement of overall security maturity of the organization.
- Coordinate penetration tests and vulnerability assessments, interpreting the results and driving remediation efforts.
- Prepare and present regular reports on security risk, compliance status, and security posture to senior management and relevant stakeholders.

Business Continuity Planning and Disaster Recovery Planning
- Develop and maintain a comprehensive BCP to ensure the organization’s ability to continue operations during and after a significant disruption or crisis.
- Create a robust DR plan to restore IT infrastructure and systems following a catastrophic event, preventing data loss, and minimizing downtime.
- Coordinate regular tests and update the BCP and DR plans. Includes learning from tests and real-life events to improve the plans and ensure they remain effective and up to date.
- Identify and respond to IT system failures and cyberattacks, ensuring timely decision-making and implementation, and overseeing that procedures are strictly followed to reduce the impact on the organization.
- Manage security incidents and conduct investigations to determine the root cause and implement remediation measures.

Security Awareness and Training
- Develop and implement cybersecurity training programs for employees and technical teams to promote a culture of security awareness and compliance.

What you’ll need to succeed:

- A bachelor's or master's degree in a related field, such as computer science, information technology, or cybersecurity.
- At least two certifications in information security and risk management or similar certification such as CISSP, CISM, CRISC, CISA, or CGRC
- Proven experience (5+ years) in information security and risk management, with at least 2+ years in a leadership role.
- Solid understanding of common information security standards, frameworks, and regulations such as ISO/IEC 27001, Cloud Security Alliance, NIST, and PCI/DSS.
- Extensive knowledge of and experience with information security technologies, such as firewalls, intrusion detection and prevention systems, vulnerability scanners, and encryption technologies.
- Extensive knowledge and experience with AWS and M365
- strong leadership, communication, and interpersonal skills, as well as the ability to collaborate effectively with other departments and stakeholders within the organization.

The compensation package consists of a competitive salary, benefits and incentive bonus.

Our perks:

- You get your Birthday off
- Work from home flexibility - Hybrid Model (2 office days per week - Tuesday and Thursday)
- 4 weeks of 'Work from Anywhere Program' every year
- Full employer-paid benefits
- RRSP Matching Program
- Annual holiday festivities, free lunches and so much more
- Helping you help others with our paid volunteer programs
- Employee satisfaction survey for you to voice your opinion on working at RATESDOTCA Group Ltd.
- Free access to LinkedIn Learning
- Lounge and games room - ping-pong, foosball, and more

RATESDOTCA Grou