Information Security Compliance Manager (reports to the CFO)
Our client, a 550 person Toronto headquartered software business selling software to Telecommunications software providers, has achieved accredited certification to ISO/IEC 27001:2013, the international Information Security standard.
This standard requires the whole company to act responsibly towards information
security events and demonstrate its policies and processes meet the standards requirements, at all times.
To this end, an Information Security Compliance Manager role is seen as key to the effective management of the
company Information Security Management System (ISMS). This role will be the prime contact for all aspects of
the ISO27001 standard and other related regulation adopted by the company over time.
The Information Security Compliance Manager is a highly motivated, collaborative, technically experienced and
well-organized individual. This role will be in charge of the company-wide Information Security Management
function, providing line management, leadership and strategic direction for the function and liaising closely with
other managers. The purpose of the Information Security Management function, in turn, is to bring the
organization’s information security risks under explicit management control through its ISMS.
The ideal candidate will also assist my client in driving its compliance and certification programs; leading efforts to
produce actionable plans to meet the varying compliance requirements.
As an Information Security Compliance Manager, you will be working on an international team, being
responsible for both internal and external customer-centered compliance efforts. This position may require
international business travel.
ROLE AND RESPONSIBILITIES
- Provides leadership and strategic direction for the ISMS Compliance function; ranging from planning and
assistance with budgeting, through to motivational and promotional activities
- Liaises with and offers strategic direction to related governance functions (such as Physical
Security/Facilities, Risk Management, IT, HR, Legal and Finance)
- Serves as the internal contact, supports ad hoc customer audits and completes security questionnaires and
risk assessment requests.
- Leads the design, implementation, operation and maintenance of the Information Security Management
System based on the ISO27000 series standards. Including its ongoing certification, plus incorporation of
other related regulatory standards.
- Establishes and maintains a “Centre of excellence” on the Data Privacy regulatory needs. Offering internal
management consultancy advice and practical assistance on Data Privacy matters.
- Interfaces with our clients customers regarding potential compliance and security areas
- Interfaces with auditors and assessor organizations to facilitate compliance audits.
- Reviews and/or makes changes to existing policies and procedures for the general operation of the
company and its compliance program to prevent illegal, unethical, or improper conduct.
- Leads the design and operation of related compliance monitoring and improvement activities to ensure
compliance both with internal security policies etc. and applicable laws and regulations
- Leads the internal and external ISMS audit processes, establishing the audit plan to ensure the ongoing
certification against the ISO27001 standard, monitoring effectiveness of controls and agreeing corrective
actions with the control owners and stakeholders.
- Designs and executes audit procedures to assess and measure company compliance with its security
policies and procedures
- Reports on the overall effectiveness to the Compliance and Security Governance Committee on a regular
basis, creating and communicating the action plans accordingly, liaising with the Certification bodies
regarding timing and scope of the required external audits.
- Leads or commissions suitable information security awareness, training and educational activities
- Liaises with relevant parties to commission activities relating to contingency planning, business continuity
management and IT disaster recovery.
Key personal characteristics and competencies of the ideal candidate
- University degree in a related discipline.
- At least 5-7 years of work experience in information security compliance management and/or related
- Demonstrable extensive experience in implementing ISO27001 Information security management standard
and have relevant qualifications such as ISO27001 Certified ISMS Lead Auditor or ISO27001 Certified ISMS
- Extensive hands-on experience writing policies and procedures.
- Solid working knowledge of IT security and privacy related rules and regulations. (ISC)² Information Security
related certification is a definite asset.
- Excellent written and verbal communications skills.
- Strong background in MS Office, particularly in Word, Excel and PowerPoint.
- Ability to work independently