Senior IT Security Engineer at NEAR Foundation leading information security program and compliance initiatives. Partnering with IT teams for secure architectural design and risk management.
About the role
- Director of Information Security overseeing governance, risk, and compliance functions at Aecon. Leading security operations and architecture to enhance enterprise security maturity.
Responsibilities
- Own enterprise security policy framework and risk management program aligned to NIST CSF and ISO 27001.
- Oversee audits, regulatory assessments, and third-party risk management.
- Ensure organizational compliance with CMMC 2.0 (US), CPCSC (Canada) and all other relevant security frameworks/regulations.
- Lead 24×7 incident detection and response, threat intelligence, and vulnerability management.
- Define security reference architectures and patterns (Zero Trust, cloud security).
- Manage multi-million-dollar budget and work on negotiations for complex contracts (MSA/SLA/SOW).
Requirements
- 10+ years in Information Security; 5+ years leading GRC, SecOps, and Architecture teams.
- Proven experience managing large enterprise budgets and vendor contracts.
- Certifications: CISSP, CISM, CRISC, CCSP preferred.
- Strong knowledge of NIST CSF, ISO 27001, SOC 2, SOC 1, and Canadian privacy regulations.
- Working knowledge of CMMC 2.0 would be considered an asset.
Benefits
- Ensure you and your family receive the services needed to support your mental, emotional, and physical well-being.
- Believe in helping you build your career through our Aecon University and Leadership Programs.
- Are committed to supporting and investing in inclusive work environments, through initiatives like Equity, Diversity & Inclusion training, our Aecon Women in Trades and Aecon Diversity in Trades programs, and our Employee Resource Groups (ERGs) to ensure we are building inclusion into every aspect of our culture at Aecon.
- Are a leader in sustainable construction. With a strong commitment to operating responsibly by minimizing our impact on the environment and surrounding communities.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Bilingual Security Director for International SOS driving revenue growth of health security subscription services in Canada. Supporting consulting, training, and managed services with trusted client relationships.
Program Manager driving complex engineering projects within the Product Security organization at CrowdStrike. Collaborating cross - functionally to ensure timely delivery of security solutions across product portfolios.
Security Engineer focused on matching technology opportunities with customer business objectives at Tenable. Delivering technical presentations and driving successful customer engagements in cybersecurity solutions.
Business Development & Capture Lead for Global Spatial Technology Solutions driving revenue growth in defence sector. Engaging senior stakeholders and leading proposal development across global markets from a remote location.
IT & Security Specialist managing IT operations, security, and infrastructure for Senstar, a leader in security technology. Hands - on role blending end - user support, cybersecurity, and infrastructure management.
HR Systems Security Specialist responsible for design, configuration, and administration of security within Workday and SAP. Collaborating with HR and stakeholders to ensure effective access design and compliance.
Cybersecurity advisor working within the DCYB to develop IT security measures. Collaborating with teams to fortify cybersecurity posture and ensuring data protection for citizens.
Consultant in remuneration and occupational health and safety at the Quebec Federation of Municipalities. Ensuring employee needs match organizational requirements and promoting a safe work environment.
Cybersecurity Administrator providing operational support for compliance activities in information security. Assisting vendor risk management, audit coordination, and vulnerability tracking.