Manager, Information Security

Info-Tech is one of the world’s fastest-growing IT research and advisory companies, proudly serving over 30,000 IT professionals. We are looking for a strong** Manager, Information Security & Privacy** to join our team.

Why join us?

We are a growth focused, entrepreneurially spirited company that has consistently achieved YoY growth in our 25 years of operation and are especially proud of our double-digit growth in the midst of a global pandemic.

When you join Info-Tech you get access to unlimited opportunities for professional growth and development in your field of expertise or areas you are interested in. We promote learning to help you be a better professional and we will also pay for some of those certifications.

You will work in a highly collaborative team that functions efficiently even in a remote work setting. You will have flexibility to work from home, at the office (located in London / Toronto Ontario and quite fun), or in a hybrid mode.

We offer great competitive salaries, benefits plan, and RRSP matching plans.

The **Manager, Information Security & Privacy** role is to assist the CIO by providing vision and leadership to develop, implement and support security & privacy initiatives within our organization. The Manager, Information Security & Privacy will accomplish this by directly assessing and holistically managing all aspects of risk regarding IT security, privacy, and legislative/regulatory compliance issues as it relates to technology operations and strategy.

**Focus Areas**

1) Strategy Planning 10%

2) Training and Awareness 20 %

3) Operational Management 70%

**Areas of Responsibilities**

Operational Management (70%)
- Complete security and contract reviews requested by clients in support of sales process. Review with CIO results, review trends and evolving client requirements.
- Participate in investigations into problematic activities and security incidents.
- Participate in the design and execution of vulnerability assessments penetration tests and security audits.
- Act as advocate for the company’s security vision via regular written and in-person communications with the company’s executive’s, department heads and end users.
- Work closely with IT department on corporate technology development to fully secure information computer network and processing systems.
- Ensure that facilities premises and equipment adhere to all applicable laws and regulations and meet compliance requirements (SOC, ISO, NIST, etc.).
- Recommend and implement changes in security & privacy policies and practices in accordance with changes in laws of serviced markets.
- Assess and communicate all security risks associated with all purchases or practices performed by the company.
- Collaborate with IT, senior leadership, legal counsel and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
- Demonstrate ownership for security and privacy technologies that include; Vendor Management, training, satisfaction, ROI, roadmap, integrations, security and compliance.

Training and Awareness (20%)
- Develop and deliver security and privacy awareness program with periodic testing
- Manage training and simulation platform

Strategy Planning (10%)
- Develop and maintain policies and programs to enforce and improve security
- Maintain awareness of privacy legislation in all serviced markets and potential impact to strategy
- Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation deployment and management of current and future security technologies using a risk-based assessment methodology.
- Develop and communicate security strategies and plans to executive team staff partners customers and stakeholders.
- Assist with the design and implementation of disaster recovery and business continuity plans procedures audits and enhancements.
- Develop implement maintain and oversee enforcement of policies procedures and associated plans for system security administration and user system access based on industry-standard best practices.

**Education/Certification/Experience**
- Post-secondary education ideally in the fields of computer science and/or business administration. 15+ years of experience working in IT; 10+ years of experience holding security & privacy responsibilities.

**One or more of the following certifications would be an asset**:

- Certified Information Systems Security Professional (CISSP)
- Certified Information Privacy Professional (CIPP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)

Experience achieving compliance in one or more of the following: Statement on Standards for Attestation Engagements no. 16 (SSAE 16); SOC 2; SOC 3; ISO/IEC 27001

Demonstrated understanding of applicable laws and regulations and their implications to business: General Data Protect