COMSEC and Security Specialist at Telesat coordinating security for COMSEC materials and Contract Security Programs. Collaborating with government agencies and leading security audits.
About the role
- Security & Compliance Manager responsible for protecting information security and compliance at Nestlé Canada. Collaborating with stakeholders to develop and maintain security policies and frameworks.
Responsibilities
- Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, GDPR)
- Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements
- Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies
- Collaborate with cross-functional teams to ensure security policies are integrated into all business processes
- Collaborate with business stakeholders to identify required security controls, ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment
- Oversee vendor and third-party risk management, including due diligence, ongoing assessments, and contract security requirements
- Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management
- Guide the unit for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits
- Develop and maintain documentation required for compliance audits and certifications
- Coordinate with internal and external auditors and facilitate the audit process, addressing any findings or non-conformities
- Support the delivery of training programs to educate employees on information security policies, procedures, and best practices
- Promote a culture of security awareness within the functional unit
- Support regular security awareness campaigns and workshops
- Provide regular reporting to senior leadership on risk posture, compliance status, and key metrics
Requirements
- Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent experience)
- Minimum of 5+ years of experience in information technology or a combination of risk management, compliance, information security and IT jobs
- Understanding of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations
- Experience with risk assessment and management, process and control implementation
- Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization
- Relevant certifications such as ISO/IEC 27001 Lead Implementer/Auditor and/or CRISC, are highly desirable
- In-depth knowledge of information security principles, practices, and technologies
- Strong analytical and problem-solving skills
- Strong sense of curiosity, proactive, and demonstrates a proven ability to take initiative
- Ability to work independently and as part of a team
- High attention to detail and organizational skills
- Proven ability to manage multiple initiatives and deadlines effectively
- Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance.
Benefits
- Hybrid work arrangement
- Competitive salary based on experience and compliance with Ontario pay transparency regulations
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Systems and Data Security Manager at Mod Op overseeing IT security operations and compliance. Managing SOC 2 Type II compliance and cloud security across systems and environments.
AWS Cloud Security Engineer strengthening cloud security posture at Fluent, Inc. Focused on implementing security controls and maintaining compliance across AWS.
Senior Advisor assisting in property management and building safety at Desjardins. Involves development projects, strategic initiatives, and stakeholder interaction in a hybrid work environment.
Security Engineer enhancing security in Java - based enterprise applications at TopQuadrant. Designing and implementing security solutions while maintaining compliance with data protection regulations.
Senior IT security advisor helping protect IT hardware, software, and data at Desjardins. Leading initiatives, advising clients, and developing policies for strategic projects.
Business strategy analyst developing plans and business intelligence for Desjardins. Analyzing business needs and solutions for various organizational initiatives with a hybrid work setup.
Security Consultant on TELUS's Cybersecurity Platforms Operations team. Providing hands - on support for critical security services and collaborating with industry - leading vendors.
Senior Cloud Cybersecurity Engineer responsible for cloud security engineering at Tanium. Collaborate to protect cloud infrastructure against threats in Azure, AWS, and Kubernetes.
Managing Consultant in Cybersecurity and NERC Compliance at Guidehouse. Leading client management and project workstreams within the electric utility sector in Canada.