Regional Information Security Officer

**WSP **is one of the world's leading professional services firms. Our purpose is to future proof our cities and environments.

We have over 65,000 team members across the globe. In Canada, our 12,000+ people are involved in everything from environmental remediation to urban planning, from engineering iconic buildings to designing sustainable transportation networks, from finding new ways to extract essential resources to developing renewable power sources for the future.

The excellence we bring to our work and to our workplace has been recognized far and wide. We are among the LinkedIn Top 25 Companies two years in a row, one of the Top 100 Sustainable Companies in the World (and among the Top 10 in Canada), and we earned Platinum Elite Recognition through our participation in more than half of Canada's Top 100 Infrastructure Projects.

At **WSP**:

- We value our people and our reputation
- We are locally dedicated with international scale
- We are future focused and challenge the status quo
- We foster collaboration in everything we do
- We have an empowering culture and hold ourselves accountable

**MONTREAL**

**The Opportunity**:
**WSP’** s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organisation and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

The role of Regional Information Security Officer is a business facing role, though it may involve some interaction with clients and third parties. The role has a dual reporting relationship to the CISO and to the regional CIO.

This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party contract management.

***

**Why WSP?**
- We value and are committed to upholding a culture of **Inclusion **and **Belonging**:

- Our **Flexible Work Policy** - we recognize the importance of balance in our lives and encourage you to prioritize the balance in yours. We will support you on and off the job so you can be fully present in both your work and home lives.
- A **Canadian **success story - we're **proud **to wear the red and white of this beautiful country and show the world what Canada has to offer.
- **Enhance **the world around you - from the environment to the highways, to the buildings and the terrain, WSP is the fabric of Canada.
- **Outstanding** career opportunities - we're growing and pushing ourselves every day to be greater than yesterday - we're open to **your **ideas and trying **new **things.
- A phenomenal **collaborative **culture and a workforce filled with genuinely **good people** who are doing humbly important work. Come find out for yourself what it's like to be a part of our journey.

**We offer attractive pay, flexible work options, a great corporate culture, comprehensive and employee-focused benefits including virtual healthcare and a wellness platform as well as great savings programs, and a clear vision for the future.**

**#WeAre**WSP**

**A day in the life**:

- Working directly with business leadership within region and at all levels of the organisation to deliver an effective, world class information security program.
- Establish and maintain the Information Security Governance framework; including running the regional Information Security Committee; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes.
- Implementing and Operating the ISO270001 aligned Data and Information Security Management System in region.
- Enhancing the security culture within region, driving business change initiatives and owning security e-learning.
- Developing and maintaining an understanding of regional IS requirements, including client and regulatory/legal requirements. Working with key stakeholders, including the Head of Legal and business leads to provide input and security assurance for new bids and acquisitions.
- Working with corporate and regional IT teams and providing security guidance for new IT projects in region (working with the Security Architect function where needed)
- Liaise with the relevant regional functions - Risk Management, Commercial, HR, Legal, Compliance, Procurement, Facilities / Physical Security - to ensure IS coordination and risk management in region.
- The management and co-ordination of any security incident response within region.
- Provide SME and guidance to their region on any security needs or requirements. Act as an advisor to their regional CIO on all information security related matters.
- Work with the CISO and ISO on the Global Information Security