Information Security Manager

Our client a leading technology consultant is seeking an Information Security Manager to oversee the organization's information security program, compliance with ISO 27001, and SOC 2 Type 2 standards. The ideal candidate will have a strong background in information security management, risk assessment, and compliance frameworks, and a proven track record of implementing and managing compliance and governance.

Information Security Manager

• Maintain comprehensive information security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of all data and information systems.
• Collaborate with both internal stakeholders and external parties to conduct regular risk assessments and vulnerability scans to identify security and compliance issues and weaknesses.
• Monitor security systems and respond promptly to security incidents, breaches, or unauthorized access attempts.
• Regularly conduct ISMS Compliance checks with various business unit leaders and subject matter experts and report findings and develop recommendations for mitigation
• Maintain compliance with various emerging legislation to stakeholders.

ISO 27001 Compliance

• Lead the organization's efforts to achieve and maintain ISO 27001 certification.
• Develop and maintain the Information Security Management System (ISMS) documentation, including policies, procedures, controls, and risk registers.
• Coordinate and facilitate internal and external audits to ensure compliance with ISO 27001 standards.
• Drive continuous improvement initiatives to enhance the effectiveness of the ISMS and ensure alignment with evolving business needs and industry best practices.
• Collaborate with internal stakeholders and external auditors to prepare for a future SOC 2 Type 2 audit.

Information Security Management

• Collaborate with teams to develop and communicate roles and responsibilities for key security and compliance areas, including: information security policies/procedures, governance/risk management, security training, privacy and data protection requirements.
• Foster a culture of compliance awareness and accountability throughout the organization and provide status and recommendations for improvements.
• Establish with stakeholders a vendor risk management program to assess, monitor, and mitigate risks associated with third-party relationships.
• Work jointly with the Data Protection Officer (DPO) and other stakeholders to manage and maintain privacy compliance assessments and documentation (ex: Privacy impact assessments).

Qualifications

• Bachelor's degree in Information Technology, Computer Science, or a related field; advanced degree or professional certifications (e.g., CISSP, CISM, CISA) preferred.
• Proven experience in information security management, including ISO 27001 and SOC 2 compliance.
• Strong understanding of cybersecurity principles, best practices, and regulatory requirements.
• Experience implementing and managing security controls, risk management frameworks, and incident response procedures.
• Excellent communication and interpersonal skills, with the ability to effectively engage with stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities, with a keen attention to detail and a commitment to delivering high-quality results.
• Ability to work independently and collaboratively, managing multiple priorities and deadlines effectively.

AIP Connect believes in equal opportunity. Our recruitment consultants are committed to inclusive recruitment and selection practices and will not discriminate based on age, colour, ability, national origin, race, religion, sex, or sexual orientation.
Accessibility:  If you need any accommodations during the interview process, please let us know.