Information Security Advisor

We are hiring an Information Security Advisor to join our team in Toronto or Winnipeg. In this role, you will be a key player in protecting the organization’s critical information assets and ensuring compliance with industry standards and regulations. You will leverage a unique blend of technical expertise and strategic business insight to identify, assess, and mitigate security risks across all business operations.

**The Information Security Advisor will**:

- **Security Risk Assessment & Solutions**: Advise business and technology leaders on conducting security risk assessments and recommending appropriate security solutions.
- **Policy & Standards Development**: Collaborate with the Information Security team to develop, align, and maintain security policies and standards, ensuring they meet business needs and industry regulations (e.g., ISO 27001, NIST).
- **Compliance & Remediation Initiatives**: Recommend security compliance initiatives and remediation actions to protect the business, ensure ongoing effectiveness of security programs, and meet regulatory and client requirements.
- **Industry Awareness & Research**: Stay current with security and privacy trends, best practices, technologies, and regulations to ensure competitive positioning and security solution improvements.
- **Security Strategy & Planning**: Assist in developing and executing security strategies, plans, and budgets in alignment with business objectives and risk tolerance under the direction of the CISO.
- **Benchmarking & Cost Studies**: Participate in security benchmarking and cost-effectiveness studies to maximize business value and efficiency.
- **Business Case Development**: Prepare business cases for security solutions, focusing on risk assessment and alignment with organizational goals.
- **Understanding the Business**: Maintain a thorough understanding of the company’s technologies, processes, systems, data, and partnerships to align security strategies.
- **Leadership & Advising**: Act as the primary security advisor for local teams, collaborating with IT, finance, HR, legal, and other departments as necessary.
- **Cybersecurity Program Leadership**: Provide strategic and tactical leadership for the cybersecurity program, supporting enterprise-wide security initiatives.
- **Incident Management & Partner Engagement**: Serve as the main contact for security incidents and collaborate with partner firms to achieve security program objectives.
- **Industry Participation**: Represent the security program in industry conferences, forums, and meetings relevant to the company’s cybersecurity objectives.
- **Risk Evaluation & Controls**: Identify, evaluate, and recommend security controls to mitigate risks and ensure compliance with Information Security Policies and Standards.
- **Threat Intelligence**: Stay informed about security threats and vulnerabilities, sharing knowledge across the business to reduce risk.
- **KPI & Metrics Development**: Work with security and business leaders to define and communicate key performance indicators (KPIs) that align with business objectives, ensuring they are clear and understandable for non-technical teams.

**T**o be successful**as a** Information Security Advisor** with People Corporation, you will need**:

- **Leadership**: Able to influence both business and technical outcomes, leading cross-functional teams and guiding indirect reporting relationships to achieve goals and deliver business results.
- **Resilience**: Thrives in dynamic environments with competing priorities and multiple stakeholders, demonstrating initiative and the ability to take ownership of solutions with mínimal oversight.
- **Strategy & Program Planning**: Skilled at translating high-level goals into actionable steps, managing multiple projects to ensure continuous progress and alignment with organizational objectives.
- **Communication**: Strong verbal and written communication skills, capable of adapting messaging for both technical and non-technical audiences. Effectively negotiates with stakeholders while managing risks and ensuring delivery.
- **Analytical Thinking**: Demonstrates a deep understanding of business operations and how different components work together to design and implement efficient processes and technology.
- **Judgment & Integrity**: Makes sound decisions with a sense of urgency, prioritizing high standards of ethics, customer service, regulatory compliance, and business integrity.
**- Extensive experience in security and risk assessments, with a focus on identifying and mitigating risks in complex environments.
- Strong background in security technologies and frameworks for protecting business data and systems.
- Proven ability to assess business risks and align security strategies, ideally in the financial sector.
- Excellent communication and relationship-building skills with both business and technical teams.
- Knowledgeable in security standards and frameworks like ISO 27001 and other indust