Information Security Specialist protecting Remote’s information as part of the Security team. Leading compliance efforts for SOC 2 Type II, ISO 27001, and NIS2 programs.
About the role
- Head of Security leading the information security function for diverse portfolios in a global holding organization. Collaborating with leaders and enhancing security maturity across subsidiaries.
Responsibilities
- Translate headquarters' baseline standards into a tailored security roadmap
- Develop and maintain a security maturity model appropriate to the size and complexity of subsidiaries
- Define subsidiary tiers by risk, industry and data sensitivity to develop differentiated strategies
- Create and maintain a group-level library of policies, templates and standards (e.g., incident response plan, password policy)
- Facilitate policy adoption across subsidiaries with appropriate localization
- Establish and manage a policy update schedule with version control
- Provide or recommend shared tools across the group
- Negotiate contracts with preferred security vendors and manage licensing agreements
- Build a lean security engineering support function, whether in-house or outsourced
- Participate in M&A due diligence to assess the cybersecurity posture of targets
- Advise investment teams on cyber risk exposure and hidden liabilities
- Conduct annual or semi-annual security self-assessments across subsidiaries
- Consolidate results into quarterly dashboards for group leadership and HQ
- Publish and maintain a group-level incident response playbook
- Serve as the initial escalation point for subsidiary-level incidents
- Coordinate post-incident reviews and group-level communications
- Help subsidiaries achieve and maintain compliance (e.g., SOC 2, ISO 27001, GDPR, HIPAA)
- Maintain a centralized view of compliance status across the group
- Assist with customer/supplier security questionnaires and audits
- Triage critical vulnerabilities and incidents across subsidiaries
- Escalate major risks to HQ or group executives as needed
- Maintain a group-level risk register and coordinate prioritization
Requirements
- Over 10 years of experience in cybersecurity, with leadership roles across multiple business units or portfolio companies
- Proven experience working cross-functionally with engineering, operations, legal and executive stakeholders
- Deep knowledge of security standards and certifications (e.g., SOC 2, ISO 27001)
- Demonstrated experience in multi-entity environments such as holding companies, private equity, or decentralized organizations
- Excellent communication, negotiation and influencing skills
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
COMSEC and Security Specialist at Telesat coordinating security for COMSEC materials and Contract Security Programs. Collaborating with government agencies and leading security audits.
Systems and Data Security Manager at Mod Op overseeing IT security operations and compliance. Managing SOC 2 Type II compliance and cloud security across systems and environments.
AWS Cloud Security Engineer strengthening cloud security posture at Fluent, Inc. Focused on implementing security controls and maintaining compliance across AWS.
Senior Advisor assisting in property management and building safety at Desjardins. Involves development projects, strategic initiatives, and stakeholder interaction in a hybrid work environment.
Security Engineer enhancing security in Java - based enterprise applications at TopQuadrant. Designing and implementing security solutions while maintaining compliance with data protection regulations.
Senior IT security advisor helping protect IT hardware, software, and data at Desjardins. Leading initiatives, advising clients, and developing policies for strategic projects.
Business strategy analyst developing plans and business intelligence for Desjardins. Analyzing business needs and solutions for various organizational initiatives with a hybrid work setup.
Security Consultant on TELUS's Cybersecurity Platforms Operations team. Providing hands - on support for critical security services and collaborating with industry - leading vendors.
Senior Cloud Cybersecurity Engineer responsible for cloud security engineering at Tanium. Collaborate to protect cloud infrastructure against threats in Azure, AWS, and Kubernetes.