Jobs.ca
Jobs.ca
Language
Hays logo

Senior Manager, Information Security, Risk and Compliance

Hays1 day ago
Toronto, Ontario, Canada
Senior Level
Full-Time

About the role

We are hiring a Senior Manager, Information Security, Risk and Compliance on behalf of a well-established organization in Toronto.

As the Senior Manager, Information Security, you aren't just checking compliance boxes, you are an architect and the owner of security compliance program, risk register, and governance processes. This is a planner-and-operator leadership role keeping the security strategy and roadmap current, decide what the security function works on next, and drive Engineering, IT, Product, and Legal to deliver against those priorities. In addition to doing hands-on work when needed, you set priorities, hold teams accountable, and report on whether the program is working.

A core part of the role is making sure the function is staffed and resourced to deliver its mission, including knowing when to bring in external experts to supplement the team. You are a trusted and analytical recommender on which risks organization accepts vs. remediates, how work is sequenced against business priorities, and how to spend resources and time against the highest impact risks in the most efficient way.

Impact & Decision authority: This role owns organization’s PCI DSS and SOC 2 compliance programs, ensuring attestations are maintained cleanly and without lapse. You ensure the organization operates within the bounds of all relevant regulatory requirements. Beyond compliance, this role directs risk management, including deciding which risks to accept versus remediate. You provide accountability for outcomes, such as defensible customer data and efficient audit processes, rather than just tracking activity.

Responsibilities

Security Strategy and Program Management

Own security strategy and multi-year roadmap as a governed program: initiatives tied to business objectives, with success criteria and key risks/dependencies. Run the roadmap with program discipline (milestones, status reporting, dependency tracking) so work is prioritized by business impact, not handled reactively. Staff and drive the Security Steering Committee: agenda, metrics, and decisions on prioritization, resourcing, and policy approval.

Service Queue, Prioritization and Trend Analysis

Own the operating model for the security service queue. Every ticket has an owner, due date, and status, with enforced SLAs. Set the criteria for prioritizing requests (business impact, risk, deadlines, effort) and make the call on ambiguous requests that don't fit a playbook. Read the queue as a signal: spot recurring themes and emerging risks, and feed them into the strategy, roadmap, and Steering Committee. Report queue health and SLA performance to leadership with that context; escalate proactively.

AI Governance

Lead and formalize AI Governance Council as a cross-functional body (Legal, Privacy, Engineering, Information Security). Own the framework for reviewing AI use cases (acceptable use, data privacy, auth, logging, DLP) and the decision on what's approved. Define and report AI-compliance KPIs so the org can see and enforce adherence to the AI and Acceptable Use policies. Partner with IT/Engineering on monitoring and data-filtering controls, and on steering employees to approved enterprise models.

Security Metrics and Executive Reporting

Own a security metrics program that turns raw data into business-framed reporting for the Senior Leadership Team and Board. Define the KPIs and KRIs the program is measured on (e.g. vulnerability remediation vs. SLA, EDR coverage, phishing rates, audit findings) with multi-year maturity targets. Stand up a security metrics dashboard that shows real-time metrics from our security and operational tooling People Leadership

Manage and develop team members in the Information Security team. Own a skills matrix and staffing plan for the function: identify gaps and decide what's staffed internally vs. supplemented by external experts. Bring in external specialists for audit peaks, point-in-time assessments, or capabilities not worth holding in-house, and manage those engagements. Own people and technology resourcing, including budget implications.

Qualifications

Craft experience: 8+ years of experience in information security, with a strong focus on compliance, GRC, or security program management. People leadership experience: 3+ years of direct people management experience, with a proven ability to develop talent and build cohesive teams. Deep compliance expertise: Hands-on experience owning and successfully navigating PCI DSS and SOC 2 Type II audit cycles. Risk management: Proven track record operating an enterprise risk register and translating risk into a prioritized engineering/IT roadmap. Program management: Strong project and program management skills with meticulous organization, attention to detail, and a focus on driving accountability across Engineering, IT, Product, and Legal. Vendor and resource management: Experience managing external specialists/consultants for point-in-time assessments or audit peaks. Education and certifications: Active security certification (e.g., CISSP, CISM, CRISC, or equivalent) is highly preferred.

Additional Valuable Skills, Experience, or Credentials

Undergraduate Degree in Computer Science, Cybersecurity, Business, or a related field, or equivalent practical experience. Experience managing AI governance or emerging technology risk is a strong asset. Experience designing and executing incident response tabletop exercises and security awareness programs.

What Success Looks Like in Year 1

PCI DSS and SOC 2 Type II audits completed cleanly: no material findings, attestations maintained without lapse. Risk register live and current: open risks owned, dated, tied to business impact, and driving roadmap decisions. Service-queue SLAs defined and met, with a documented prioritization model and a quarterly trend read feeding the roadmap. Security metrics program live: KPI/KRI set reported monthly to leadership and quarterly to the risk committee/Board. AI Governance Council running on a consistent cadence with a documented review framework and first compliance KPIs reported. First annual company-wide tabletop completed; security awareness program delivered with results tracked against benchmarks. The Information Security department is appropriately staffed and resourced to deliver the mission.

About Hays

Staffing and Recruiting
10,000+
Founded in 1968

We are leaders in specialist recruitment and workforce solutions, offering advisory services such as learning and skill development, career transitions and employer brand positioning.

As the Leadership Partner to our customers, we invest in lifelong partnerships that empower people and businesses to succeed. We help you achieve your career goals and deliver your business needs by combining meaningful innovation with our global scale and insights.

Last year we helped over 280,000 people find their next career. Join the millions of people around the world that our specialist recruitment consultants provide with up-to-date information on career options, interesting insights and specific industry trends.

We help our customers define and implement strategies to create inclusive and equitable workplaces. Through harnessing and analysing data, we support business decision making and advise on how to access Talent Networks. We also assist in identifying attractive employer propositions by truly understanding a company’s identity, and support clients with all aspects of their Early Careers proposition, from strategic planning through to operational execution.

Hays is the market leader in the UK and Asia Pacific and one of the market leaders in Continental Europe and Latin America. The c.12,800 people we employ around the world partner with clients and candidates to power the world of work. Every day our expert consultants help thousands of candidates find their next role, and they also help clients reshape workforces and deal with talent shortages. In the year to 30 June 2021, we placed 77,000 people in permanent jobs and 244,000 people into temporary roles. For more information about our global network, strategy and Group financial results, visit www.haysplc.com

Similar Jobs