Senior Manager Information Security Jobs

Establish a risk management framework for retail, identifying, assessing, and prioritizing cybersecurity risks and implementing mitigation strategies.

Oversee security incident response, ensuring effective management, investigation, and communication.

Ensure compliance with industry-specific regulations and standards, such as PCI-DSS, GDPR, and other data privacy requirements.

Maintain a deep understanding of retail-specific regulatory requirements, industry standards, and compliance obligations.

Relevant certifications such as CISO, CISSP, or similar leadership-level certifications are strongly preferred.

7-10 years of experience in cybersecurity, with at least 10 years in leadership positions.

- Strong planning, budgeting, project, and time/project management skills

- Implement and maintain the Region Information Security Management System (ISMS)

- Oversee the Region's Vulnerability Management and Information Security Incident Management program

- Extensive progressive experience in an Information Security environment

- Experience supervising and leading staff

- Demonstrated experience in leading internal cyber audits and preparing external security reviews

Maintain communication with clients, stakeholders, and senior management on relevant project updates.

Bachelors’ Degree in Project Management or Business Management

Experience in a higher education environment is a strong asset

Plan, schedule, and manage project timelines, dependencies, and milestones through the use of a project plan.

Proactively manage project risks, including the identification of mitigation strategies.

Prepare and manage the project budget and project charters.

• Knowledge of security industry standards and certification frameworks such as ISO27001, PCI, HIPPA etc.

• In dept knowledge of SMTP, SSL/TSL

Senior Information Security Specialist (Cloud and application security)

• BS Degree in Information Security, Cyber Security, Computer Science or equivalent

Proven experience in relationship and stakeholder management.

Assesses security infrastructure, cloud environments, including access management, firewall protection, and vulnerability assessment and testing and makes recommendations for improvement.

Provides reports to executive management and other stakeholders on IT and security matters,

Coaches and develops team members on risk management.

Post-secondary education in IT or a suitable combination of education and experience.

Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.

Experience with common information security management frameworks, such as ISO 2700x, COBIT, or NIST

Strong management and team-building skills

Problem-solving, negotiation and decision-making skills to influence management, as well as internal and external partners

Implement a security framework to manage technological risk management

Implement a security framework to manage technological risk management including TRA/PIA assessments during project delivery cycle

Works with IS management team and 3rd party PaaS, SaaS and IaaS vendors

Significant experience in a team management and development role;

In-depth knowledge and understanding of information security management frameworks, standards and best practices (ISO 27001, NIST, COBIT, ITIL, etc.);

As the owner of the security risk management framework, oversee its evolution, application and compliance;

Coordinate, plan and execute the security assurance program, including security testing, tabletop exercises, configuration management, compliance monitoring, etc.;

Represent Information Security on working groups for various initiatives or activities to ensure communication of and compliance with information security requirements;

In-depth knowledge and understanding of application, cloud and systems security, and proficiency in applicable security solutions;

Proven ability to work with competing resources, budget limitations, and strong conflict management and problem-solving skills.

Process/Project Management: skilled at figuring out and managing the processes and timelines necessary to get work accomplished

Manage reporting staff, including selection, coaching, mentoring, development, performance management and all other people-management practices, including DE&I.

Manage Hootsuite’s various application security testing processes, including internal and external pen-tests, code scans, architectural reviews and vulnerability management.

Manage day-to-day operations of our Security Incident Response team, on-call schedule and relationship with our Managed Security Service Provider (MSSP)

Manage SecDevOps aspects of our production and IT infrastructure in coordination with the cloud operations, R&D and IT teams.

Demonstrated organizational, project management and documentation skills

Prepare metrics and reports for management on the status of GRC objectives

Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.

Experience in a remote-first and distributed environment

Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested

Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms

* Excellent organizational, project management, and follow-up skills

* Experience managing local and remote team members

* Strong Vulnerability Management background

CISA, CISSP, CISM, or other security certification(s).

Senior Manager of Information Security

* 5-10 years’ experience in IT Security, Risk and/or Compliance or equivalent