Job Details

Information Security Compliance Manager

MBR Partners
Advertiser
MBR Partners
Location
Toronto
Rate
-



Information Security Compliance Manager (reports to the CFO)





SUMMARY


Our client, a 550 person Toronto headquartered software business selling software to Telecommunications software providers, has achieved accredited certification to ISO/IEC 27001:2013, the international Information Security standard.





This standard requires the whole company to act responsibly towards information


security events and demonstrate its policies and processes meet the standards requirements, at all times.





To this end, an Information Security Compliance Manager role is seen as key to the effective management of the


company Information Security Management System (ISMS). This role will be the prime contact for all aspects of


the ISO27001 standard and other related regulation adopted by the company over time.





The Information Security Compliance Manager is a highly motivated, collaborative, technically experienced and


well-organized individual. This role will be in charge of the company-wide Information Security Management


function, providing line management, leadership and strategic direction for the function and liaising closely with


other managers. The purpose of the Information Security Management function, in turn, is to bring the


organization’s information security risks under explicit management control through its ISMS.





The ideal candidate will also assist my client in driving its compliance and certification programs; leading efforts to


produce actionable plans to meet the varying compliance requirements.





As an Information Security Compliance Manager, you will be working on an international team, being


responsible for both internal and external customer-centered compliance efforts. This position may require


international business travel.





ROLE AND RESPONSIBILITIES


- Provides leadership and strategic direction for the ISMS Compliance function; ranging from planning and


assistance with budgeting, through to motivational and promotional activities


- Liaises with and offers strategic direction to related governance functions (such as Physical


Security/Facilities, Risk Management, IT, HR, Legal and Finance)


- Serves as the internal contact, supports ad hoc customer audits and completes security questionnaires and


risk assessment requests.


- Leads the design, implementation, operation and maintenance of the Information Security Management


System based on the ISO27000 series standards. Including its ongoing certification, plus incorporation of


other related regulatory standards.


- Establishes and maintains a “Centre of excellence” on the Data Privacy regulatory needs. Offering internal


management consultancy advice and practical assistance on Data Privacy matters.


- Interfaces with our clients customers regarding potential compliance and security areas


- Interfaces with auditors and assessor organizations to facilitate compliance audits.


- Reviews and/or makes changes to existing policies and procedures for the general operation of the


company and its compliance program to prevent illegal, unethical, or improper conduct.


- Leads the design and operation of related compliance monitoring and improvement activities to ensure


compliance both with internal security policies etc. and applicable laws and regulations


- Leads the internal and external ISMS audit processes, establishing the audit plan to ensure the ongoing


certification against the ISO27001 standard, monitoring effectiveness of controls and agreeing corrective


actions with the control owners and stakeholders.





- Designs and executes audit procedures to assess and measure company compliance with its security


policies and procedures


- Reports on the overall effectiveness to the Compliance and Security Governance Committee on a regular


basis, creating and communicating the action plans accordingly, liaising with the Certification bodies


regarding timing and scope of the required external audits.


- Leads or commissions suitable information security awareness, training and educational activities


- Liaises with relevant parties to commission activities relating to contingency planning, business continuity


management and IT disaster recovery.


Key personal characteristics and competencies of the ideal candidate


- University degree in a related discipline.


- At least 5-7 years of work experience in information security compliance management and/or related


functions.


- Demonstrable extensive experience in implementing ISO27001 Information security management standard


and have relevant qualifications such as ISO27001 Certified ISMS Lead Auditor or ISO27001 Certified ISMS


Lead Implementer.


- Extensive hands-on experience writing policies and procedures.


- Solid working knowledge of IT security and privacy related rules and regulations. (ISC)² Information Security


related certification is a definite asset.


- Excellent written and verbal communications skills.


- Strong background in MS Office, particularly in Word, Excel and PowerPoint.


- Ability to work independently


Send application

Mail this job to me so I can apply later

Apply With CV

You are not logged in. If you have an account, log in to your account. If you do not have an account, why not sign up? It only takes a minute!

latest videos

Upcoming Events