Compliance & Audit Manager, Information Security

**The Opportunity**:
WSP is a global consulting firm assisting public and private clients to plan, develop, design, construct, operate and maintain thousands of critical infrastructure projects around the world.

WSP’s Information Security Office (ISO) is responsible for the deployment and maintenance of the information security framework for both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

We are currently seeking an experienced Information Security Compliance and Audit Manager to lead the design, optimization, and implementation of our compliance program based on ISO27K. In this role, you will be responsible for WSP ISO27K cetification program.

Your primary responsibilities will include overseeing the entire internal audit ISO27K lifecycle, from planning and scoping to execution and reporting, with a strong emphasis on identifying and mitigating security risks. You will collaborate closely with cross-functional teams, including IT, compliance, and risk management, to drive continuous improvement and ensure alignment with best practices (e.g: ISO 27001, NIST). Effective communication skills are essential to convey audit findings, provide actionable recommendations, and influence stakeholders to prioritize information security initiatives.

**Why choose WSP?**
- We value and are committed to upholding a culture of **inclusion**and **belonging**:

- Our **Flexible**Work Policy - we recognize the importance of balance in our lives and encourage you to prioritize the balance in yours. We will support you on and off the job so you can be fully present in both your work and home lives.
- A **Canadian**success story - we're **proud**to wear the red and white of this beautiful country and show the world what Canada has to offer.
- **Enhance**the world around you - from the environment to the highways, to the buildings and the terrain, WSP is the fabric of Canada.
- **Outstanding**career opportunities - we're growing and pushing ourselves every day to be greater than yesterday - we're open to **your**ideas and trying **new**things.
- A phenomenal **collaborative**culture and a workforce filled with genuinely **good**people**who are doing humbly important work. Come find out for yourself what it's like to be a part of our journey.

We offer attractive pay, flexible work options, a great corporate culture, comprehensive and employee-focused benefits including virtual healthcare and a wellness platform as well as great savings programs, and a clear vision for the future.

**WeAreWSP**

**What you can expect to do here**:

- **Audit Execution & Reporting**:Review audit evidence across IT systems and processes as part of the ISO27K internal audit lifecycle, assess compliance with ISO 27001 requirements, and issue structured audit reports that highlight findings, recommend corrective actions, and support continuous improvement.
- Develop and Implement Audit Plans: Lead the development and implementation of comprehensive audit plans tailored to assess compliance with ISO27K and other best standards (i.e: NIST)
- **Execute Audits**:Lead and conduct audits of IT systems, processes, and controls to evaluate adherence to ISO27K requirements, ensuring the effectiveness and adequacy of information security measures.
- **Provide Recommendations**:Analyse audit findings and provide actionable recommendations to enhance information security posture, mitigate risks, and address any non-compliance with best standards ISO27K.
- **Collaborate with Stakeholders**:Collaborate closely with global and regional IT teams, business units, and other stakeholders to communicate audit objectives, gather relevant information, and foster a culture of continuous improvement in information security practices.
- **Stay Current with Standards**:Stay abreast of developments in information security best practices, industry standards, and regulatory requirements related to best standards (e.g: ISO 27001, NIST), and incorporate relevant updates into the audit program as needed.

**What you’ll bring to WSP**:

- Minimum of combined 5-year specialization in compliance, audit, or risk management activities.
- Knowledge of, and experience with, current IT/Information Security/Governance frameworks (e.g., ITGC for 52-109, Sarbanes-Oxley, SSAE-18 SOC1 & SOC2).
- Proficient with MS Office and GRC tools (e.g., Service-Now IRM).
- Excellent written and verbal communication skills.
- Excellent interpersonal skills, including interfacing effectively with a broad range of people and roles, such as Regional Information Security Officers, Accounting/ Finance, Internal Audit, Financial Compliance, and other corporate functions.
- Ability to work independently and as part of a team; and the ability to take initiative with mínimal direction.
- Strong attention to detail and the ability to hand