Head of Information Security

**WSP **is one of the world's leading professional services firms. Our purpose is to future proof our cities and environments.

We have over 65,000 team members across the globe. In Canada, our 12,000+ people are involved in everything from environmental remediation to urban planning, from engineering iconic buildings to designing sustainable transportation networks, from finding new ways to extract essential resources to developing renewable power sources for the future.

At **WSP**:

- We value our people and our reputation
- We are locally dedicated with international scale
- We are future focused and challenge the status quo
- We foster collaboration in everything we do
- We have an empowering culture and hold ourselves accountable

**MONTREAL**
**The Opportunity**:
WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

The role of **Head of Information Security **reports to our Chief Information Security Officer and is responsible for leading a team of Regional Information Security Officers across WSPs global business. It is a primarily internally facing role, though it may involve some interaction with clients and third parties.

This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party security management.

***

**Why WSP?**
- We value and are committed to upholding a culture of **Inclusion **and **Belonging**:

- Our **Flexible Work Policy** - we recognize the importance of balance in our lives and encourage you to prioritize the balance in yours. We will support you on and off the job so you can be fully present in both your work and home lives.
- Our **Hybrid Work Policy**:

- a combination of in-person and remote working, enables us to purposefully think of how we work, who we need to work with, and where the work should be done.
- A **Canadian **success story - we're **proud **to wear the red and white of this beautiful country and show the world what Canada has to offer.
- **Enhance **the world around you - from the environment to the highways, to the buildings and the terrain, WSP is the fabric of Canada.
- **Outstanding** career opportunities - we're growing and pushing ourselves every day to be greater than yesterday - we're open to **your **ideas and trying **new **things.
- A phenomenal **collaborative **culture and a workforce filled with genuinely **good people** who are doing humbly important work. Come find out for yourself what it's like to be a part of our journey.

**We offer attractive pay, flexible work options, a great corporate culture, comprehensive and employee-focused benefits including virtual healthcare and a wellness platform as well as great savings programs, and a clear vision for the future.**

**#WeAre**WSP**

**A day in the life**:

- **Information Security Strategy**: Collaborate with the CISO to define the organization's information security strategy, vision, and goals. Translate strategic objectives into actionable plans and initiatives that align with business objectives and industry best practices.
- **Team Leadership**: Lead and manage a team of Information Security Officers located across WSPs regions. Provide guidance, mentorship, and support to ensure their professional development and effective execution of their responsibilities.
- **Information Security Governance**: Oversee WSPs implementation and maintenance of its ISO27001 certified Data and Information Security Management System. Establish and maintain the Information Security Governance framework; including running the Information Security Committees; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes.
- **Risk Management**: Oversee the identification, assessment, and mitigation of information security risks. Work closely with cross-functional teams to ensure risk management practices are embedded in business processes and projects. Monitor the effectiveness of risk mitigation measures and drive continuous improvement.
- **Security Awareness and Training**: Develop and deliver comprehensive security awareness and training programs to promote a security-conscious culture throughout the organization. Collaborate with stakeholders to address security education needs and ensure employees understand their roles and responsibilities in protecting information assets.
- **Acquisition, Mergers and Integrations**: Direct the security matters relating to all aspects of Acquisitions, M