Manager, Information Security & Privacy - Info-Tech Research Group Inc. - Canada | London, ON

Info-Tech is one of the world’s fastest-growing IT research and advisory companies, proudly serving over 30,000 IT professionals. We are looking for a strong Manager, Information Security & Privacy to join our team.

Why join us?

We are a growth focused, entrepreneurially spirited company that has consistently achieved YoY growth in our 25 years of operation and are especially proud of our double-digit growth in the midst of a global pandemic.

When you join Info-Tech you get access to unlimited opportunities for professional growth and development in your field of expertise or areas you are interested in. We promote learning to help you be a better professional and we will also pay for some of those certifications.

You will work in a highly collaborative team that functions efficiently even in a remote work setting. You will have flexibility to work from home, at the office (located in London / Toronto Ontario and quite fun), or in a hybrid mode.

We offer great competitive salaries, benefits plan, and RRSP matching plans.

The Manager, Information Security & Privacy role is to assist the CIO by providing vision and leadership to develop, implement and support security & privacy initiatives within our organization. The Manager, Information Security & Privacy will accomplish this by directly assessing and holistically managing all aspects of risk regarding IT security, privacy, and legislative/regulatory compliance issues as it relates to technology operations and strategy.

Focus Areas

1) Strategy Planning 10%

2) Training and Awareness 20 %

3) Operational Management 70%

Areas of Responsibilities

Operational Management (70%)

Complete security and contract reviews requested by clients in support of sales process. Review with CIO results, review trends and evolving client requirements.
Participate in investigations into problematic activities and security incidents.
Participate in the design and execution of vulnerability assessments penetration tests and security audits.
Act as advocate for the company’s security vision via regular written and in-person communications with the company’s executive’s, department heads and end users.
Work closely with IT department on corporate technology development to fully secure information computer network and processing systems.
Ensure that facilities premises and equipment adhere to all applicable laws and regulations and meet compliance requirements (SOC, ISO, NIST, etc.).
Recommend and implement changes in security & privacy policies and practices in accordance with changes in laws of serviced markets.
Assess and communicate all security risks associated with all purchases or practices performed by the company.
Collaborate with IT, senior leadership, legal counsel and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
Demonstrate ownership for security and privacy technologies that include; Vendor Management, training, satisfaction, ROI, roadmap, integrations, security and compliance.

Training and Awareness (20%)

Develop and deliver security and privacy awareness program with periodic testing
Manage training and simulation platform

Strategy Planning (10%)

Develop and maintain policies and programs to enforce and improve security
Maintain awareness of privacy legislation in all serviced markets and potential impact to strategy
Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation deployment and management of current and future security technologies using a risk-based assessment methodology.
Develop and communicate security strategies and plans to executive team staff partners customers and stakeholders.
Assist with the design and implementation of disaster recovery and business continuity plans procedures audits and enhancements.
Develop implement maintain and oversee enforcement of policies procedures and associated plans for system security administration and user system access based on industry-standard best practices.

Education/Certification/Experience

Post-secondary education ideally in the fields of computer science and/or business administration. 15+ years of experience working in IT; 10+ years of experience holding security & privacy responsibilities.

One or more of the following certifications would be an asset:

Certified Information Systems Security Professional (CISSP)
Certified Information Privacy Professional (CIPP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)

Experience achieving compliance in one or more of the following: Statement on Standards for Attestation Engagements no. 16 (SSAE 16); SOC 2; SOC 3; ISO/IEC 27001

Demonstrated understanding of applicable laws and regulations and their implications to business: General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), Sarbanes’ Oxley Act of 2002 (SOX), California Consumer Privacy Act (CCPA)

ITRG is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants without regard to race, color, religion, sex, national origin, age, disability, or any other legally protected factors. To that end, upon request, ITRG will ensure, to the extent possible, that accommodation be made available to applicants throughout the recruitment and hiring process.

Quick Apply