Security & Compliance Manager responsible for protecting information security and compliance at Nestlé Canada. Collaborating with stakeholders to develop and maintain security policies and frameworks.
Responsibilities
Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, GDPR)
Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements
Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies
Collaborate with cross-functional teams to ensure security policies are integrated into all business processes
Collaborate with business stakeholders to identify required security controls, ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment
Oversee vendor and third-party risk management, including due diligence, ongoing assessments, and contract security requirements
Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management
Guide the unit for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits
Develop and maintain documentation required for compliance audits and certifications
Coordinate with internal and external auditors and facilitate the audit process, addressing any findings or non-conformities
Support the delivery of training programs to educate employees on information security policies, procedures, and best practices
Promote a culture of security awareness within the functional unit
Support regular security awareness campaigns and workshops
Provide regular reporting to senior leadership on risk posture, compliance status, and key metrics
Requirements
Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent experience)
Minimum of 5+ years of experience in information technology or a combination of risk management, compliance, information security and IT jobs
Understanding of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations
Experience with risk assessment and management, process and control implementation
Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization
Relevant certifications such as ISO/IEC 27001 Lead Implementer/Auditor and/or CRISC, are highly desirable
In-depth knowledge of information security principles, practices, and technologies
Strong analytical and problem-solving skills
Strong sense of curiosity, proactive, and demonstrates a proven ability to take initiative
Ability to work independently and as part of a team
High attention to detail and organizational skills
Proven ability to manage multiple initiatives and deadlines effectively
Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance.
Benefits
Hybrid work arrangement
Competitive salary based on experience and compliance with Ontario pay transparency regulations
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.