Job Details

Information Security Compliance Manager

MBR Partners
MBR Partners

Information Security Compliance Manager (reports to the CFO)


Our client, a 550 person Toronto headquartered software business selling software to Telecommunications software providers, has achieved accredited certification to ISO/IEC 27001:2013, the international Information Security standard.

This standard requires the whole company to act responsibly towards information

security events and demonstrate its policies and processes meet the standards requirements, at all times.

To this end, an Information Security Compliance Manager role is seen as key to the effective management of the

company Information Security Management System (ISMS). This role will be the prime contact for all aspects of

the ISO27001 standard and other related regulation adopted by the company over time.

The Information Security Compliance Manager is a highly motivated, collaborative, technically experienced and

well-organized individual. This role will be in charge of the company-wide Information Security Management

function, providing line management, leadership and strategic direction for the function and liaising closely with

other managers. The purpose of the Information Security Management function, in turn, is to bring the

organization’s information security risks under explicit management control through its ISMS.

The ideal candidate will also assist my client in driving its compliance and certification programs; leading efforts to

produce actionable plans to meet the varying compliance requirements.

As an Information Security Compliance Manager, you will be working on an international team, being

responsible for both internal and external customer-centered compliance efforts. This position may require

international business travel.


- Provides leadership and strategic direction for the ISMS Compliance function; ranging from planning and

assistance with budgeting, through to motivational and promotional activities

- Liaises with and offers strategic direction to related governance functions (such as Physical

Security/Facilities, Risk Management, IT, HR, Legal and Finance)

- Serves as the internal contact, supports ad hoc customer audits and completes security questionnaires and

risk assessment requests.

- Leads the design, implementation, operation and maintenance of the Information Security Management

System based on the ISO27000 series standards. Including its ongoing certification, plus incorporation of

other related regulatory standards.

- Establishes and maintains a “Centre of excellence” on the Data Privacy regulatory needs. Offering internal

management consultancy advice and practical assistance on Data Privacy matters.

- Interfaces with our clients customers regarding potential compliance and security areas

- Interfaces with auditors and assessor organizations to facilitate compliance audits.

- Reviews and/or makes changes to existing policies and procedures for the general operation of the

company and its compliance program to prevent illegal, unethical, or improper conduct.

- Leads the design and operation of related compliance monitoring and improvement activities to ensure

compliance both with internal security policies etc. and applicable laws and regulations

- Leads the internal and external ISMS audit processes, establishing the audit plan to ensure the ongoing

certification against the ISO27001 standard, monitoring effectiveness of controls and agreeing corrective

actions with the control owners and stakeholders.

- Designs and executes audit procedures to assess and measure company compliance with its security

policies and procedures

- Reports on the overall effectiveness to the Compliance and Security Governance Committee on a regular

basis, creating and communicating the action plans accordingly, liaising with the Certification bodies

regarding timing and scope of the required external audits.

- Leads or commissions suitable information security awareness, training and educational activities

- Liaises with relevant parties to commission activities relating to contingency planning, business continuity

management and IT disaster recovery.

Key personal characteristics and competencies of the ideal candidate

- University degree in a related discipline.

- At least 5-7 years of work experience in information security compliance management and/or related


- Demonstrable extensive experience in implementing ISO27001 Information security management standard

and have relevant qualifications such as ISO27001 Certified ISMS Lead Auditor or ISO27001 Certified ISMS

Lead Implementer.

- Extensive hands-on experience writing policies and procedures.

- Solid working knowledge of IT security and privacy related rules and regulations. (ISC)² Information Security

related certification is a definite asset.

- Excellent written and verbal communications skills.

- Strong background in MS Office, particularly in Word, Excel and PowerPoint.

- Ability to work independently

Send application

Mail this job to me so I can apply later

Apply With CV

You are not logged in. If you have an account, log in to your account. If you do not have an account, why not sign up? It only takes a minute!

latest videos

Upcoming Events