Senior IT Security Engineer at NEAR Foundation leading information security program and compliance initiatives. Partnering with IT teams for secure architectural design and risk management.
About the role
- Security & Compliance Manager responsible for protecting information security and compliance at Nestlé Canada. Collaborating with stakeholders to develop and maintain security policies and frameworks.
Responsibilities
- Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, GDPR)
- Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements
- Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies
- Collaborate with cross-functional teams to ensure security policies are integrated into all business processes
- Collaborate with business stakeholders to identify required security controls, ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment
- Oversee vendor and third-party risk management, including due diligence, ongoing assessments, and contract security requirements
- Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management
- Guide the unit for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits
- Develop and maintain documentation required for compliance audits and certifications
- Coordinate with internal and external auditors and facilitate the audit process, addressing any findings or non-conformities
- Support the delivery of training programs to educate employees on information security policies, procedures, and best practices
- Promote a culture of security awareness within the functional unit
- Support regular security awareness campaigns and workshops
- Provide regular reporting to senior leadership on risk posture, compliance status, and key metrics
Requirements
- Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent experience)
- Minimum of 5+ years of experience in information technology or a combination of risk management, compliance, information security and IT jobs
- Understanding of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations
- Experience with risk assessment and management, process and control implementation
- Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization
- Relevant certifications such as ISO/IEC 27001 Lead Implementer/Auditor and/or CRISC, are highly desirable
- In-depth knowledge of information security principles, practices, and technologies
- Strong analytical and problem-solving skills
- Strong sense of curiosity, proactive, and demonstrates a proven ability to take initiative
- Ability to work independently and as part of a team
- High attention to detail and organizational skills
- Proven ability to manage multiple initiatives and deadlines effectively
- Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance.
Benefits
- Hybrid work arrangement
- Competitive salary based on experience and compliance with Ontario pay transparency regulations
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Bilingual Security Director for International SOS driving revenue growth of health security subscription services in Canada. Supporting consulting, training, and managed services with trusted client relationships.
Program Manager driving complex engineering projects within the Product Security organization at CrowdStrike. Collaborating cross - functionally to ensure timely delivery of security solutions across product portfolios.
Security Engineer focused on matching technology opportunities with customer business objectives at Tenable. Delivering technical presentations and driving successful customer engagements in cybersecurity solutions.
Business Development & Capture Lead for Global Spatial Technology Solutions driving revenue growth in defence sector. Engaging senior stakeholders and leading proposal development across global markets from a remote location.
IT & Security Specialist managing IT operations, security, and infrastructure for Senstar, a leader in security technology. Hands - on role blending end - user support, cybersecurity, and infrastructure management.
HR Systems Security Specialist responsible for design, configuration, and administration of security within Workday and SAP. Collaborating with HR and stakeholders to ensure effective access design and compliance.
Cybersecurity advisor working within the DCYB to develop IT security measures. Collaborating with teams to fortify cybersecurity posture and ensuring data protection for citizens.
Consultant in remuneration and occupational health and safety at the Quebec Federation of Municipalities. Ensuring employee needs match organizational requirements and promoting a safe work environment.
Cybersecurity Administrator providing operational support for compliance activities in information security. Assisting vendor risk management, audit coordination, and vulnerability tracking.