Director of Information Security overseeing governance, risk, and compliance functions at Aecon. Leading security operations and architecture to enhance enterprise security maturity.
Responsibilities
Own enterprise security policy framework and risk management program aligned to NIST CSF and ISO 27001.
Oversee audits, regulatory assessments, and third-party risk management.
Ensure organizational compliance with CMMC 2.0 (US), CPCSC (Canada) and all other relevant security frameworks/regulations.
Lead 24×7 incident detection and response, threat intelligence, and vulnerability management.
Define security reference architectures and patterns (Zero Trust, cloud security).
Manage multi-million-dollar budget and work on negotiations for complex contracts (MSA/SLA/SOW).
Requirements
10+ years in Information Security; 5+ years leading GRC, SecOps, and Architecture teams.
Proven experience managing large enterprise budgets and vendor contracts.
Strong knowledge of NIST CSF, ISO 27001, SOC 2, SOC 1, and Canadian privacy regulations.
Working knowledge of CMMC 2.0 would be considered an asset.
Benefits
Ensure you and your family receive the services needed to support your mental, emotional, and physical well-being.
Believe in helping you build your career through our Aecon University and Leadership Programs.
Are committed to supporting and investing in inclusive work environments, through initiatives like Equity, Diversity & Inclusion training, our Aecon Women in Trades and Aecon Diversity in Trades programs, and our Employee Resource Groups (ERGs) to ensure we are building inclusion into every aspect of our culture at Aecon.
Are a leader in sustainable construction. With a strong commitment to operating responsibly by minimizing our impact on the environment and surrounding communities.
COMSEC and Security Specialist at Telesat coordinating security for COMSEC materials and Contract Security Programs. Collaborating with government agencies and leading security audits.
Systems and Data Security Manager at Mod Op overseeing IT security operations and compliance. Managing SOC 2 Type II compliance and cloud security across systems and environments.
AWS Cloud Security Engineer strengthening cloud security posture at Fluent, Inc. Focused on implementing security controls and maintaining compliance across AWS.
Senior Advisor assisting in property management and building safety at Desjardins. Involves development projects, strategic initiatives, and stakeholder interaction in a hybrid work environment.
Security Engineer enhancing security in Java - based enterprise applications at TopQuadrant. Designing and implementing security solutions while maintaining compliance with data protection regulations.
Senior IT security advisor helping protect IT hardware, software, and data at Desjardins. Leading initiatives, advising clients, and developing policies for strategic projects.
Business strategy analyst developing plans and business intelligence for Desjardins. Analyzing business needs and solutions for various organizational initiatives with a hybrid work setup.
Security Consultant on TELUS's Cybersecurity Platforms Operations team. Providing hands - on support for critical security services and collaborating with industry - leading vendors.
Senior Cloud Cybersecurity Engineer responsible for cloud security engineering at Tanium. Collaborate to protect cloud infrastructure against threats in Azure, AWS, and Kubernetes.
Managing Consultant in Cybersecurity and NERC Compliance at Guidehouse. Leading client management and project workstreams within the electric utility sector in Canada.