We are hiring an Information Security Specialist to join our team in Toronto or Winnipeg. In this role, you will be a key player in protecting the organization’s critical information assets and ensuring compliance with industry standards and regulations.

You will provide guidance to business leaders in managing cyber risks during business acquisitions and integrations and support the alignment to an enterprise security governance structure. You will foster relationships with business and IT stakeholders across the company and its diverse ecosystem of affiliates and partners. You will assist with building and operating information security-related services that will protect and preserve the confidentiality, availability and integrity of information systems and data. You will bring a combination of deep technical and business knowledge to improve information security and IT risk in all aspects of the business.

The Information Security Specialist will:

• Provide expertise to business leaders and technology teams by conducting security risk assessments, identifying potential threats and vulnerabilities, and recommending appropriate compensatory measures to allow risk to be managed to acceptable levels.
• Collaborate with information security members to develop and align information security policies and standards with evolving business needs and industry standards (e.g. ISO 27001, NIST CSF) and ensure the ongoing currency of same for all participating companies.
• Recommend security compliance and remediation initiatives for technology, processes, and services (a.) to ensure ongoing effectiveness of the information security program, (b.) to protect the business from security threats and (c.) to ensure compliance with regulatory, key business partner and client requirements.
• Maintain awareness of security/privacy industry to keep abreast of best practices, trends, technologies, and regulatory requirements in information security. Ensuring due care and competitive positioning on security solutions. Research best practices and define/recommend improvements to corporate security infrastructure in support of the security program.
• Develop and implement security strategy, plans, and budgets, ensuring alignment with business objectives and risk appetite for specific locations/companies.
• Complete business cases for security solutions with a keen focus on risk assessment practices.
• Developing and maintaining an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, data, and customers.
• Function as main contact or adviser for local security as part of Information Security leadership role and the IT business partners, as well as finance, HR, legal, and other staff as needed.
• Provides leadership, executive support, and strategic and tactical guidance for the cybersecurity program supporting enterprise security initiatives.
• Active engagement with Partner firms to help a company toward objective achievements through representation of the security program and helping in the case of a security incident as a main contact for communication.
• Participating in company/region/unit related meetings and conferences and industry forums associated as part of the cybersecurity program.
• Act as main contact or adviser for company affiliates and partners in their pursuit of aligning to the cyber program and governance structures.
• Understands the processes, identifies, and evaluates controls and risks, and suggests controls and risk management strategies so that the company is complying with Information Security Policies and Standards.
• Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.
• Identify, document, and address threats and vulnerabilities that may impact the business.

To be successful as an Information Security Specialist with People Corporation, you will need:

Experience:

• At least 10+ years’ cybersecurity experience (or information technology infrastructure coupled with cybersecurity), with at least 5+ years in an operationally focused security practitioner role.
• Familiar with the cybersecurity acquisition due diligence process to assess the target firm’s status regarding regulatory compliance, security policies, and third-party risk.
• At least 3 years’ experience working with business leadership, and enterprise projects.
• Familiar with hands-on experience in IT infrastructure and security technologies (e.g., Firewalls, IPS/IDS, WAF, VPN, SIEM, MXDR, EDR, CASB, SSO, MFA, DLP).
• Experience in Cloud Security Operations for environments such as Azure, M365, GCP or AWS.

Education:

• Completion of post-secondary education in Information Technology, Business Administration, Computer Science or combination of equivalent discipline.
• A current senior professional certification relevant to cybersecurity, or risk management, such as: CISSP, CISM, CRISC, CISA.
• Other beneficial industry certifications or training include GSEC, CCSP, CySA+ or ITIL.
• Knowledge of various security best practices, security principle, standards and frameworks (e.g. CIS, ISO27001, NIST, OWASP).

What’s in it for you:

• Learn by working alongside our experts
• Extended health care and dental benefits
• A retirement savings plan with company contributions
• A suite of Health & Wellness offerings
• Mental Health programs and support for you and your family
• Assistance for the completion of industry designations
• Competitive compensation

At People Corporation we are committed to helping businesses succeed. We are a national provider of benefits, retirement, wealth, wellness, and human resource solutions. Our experts and solutions serve over 20,000 clients representing nearly 3 million Canadians. We offer customized solutions designed to fit the unique needs of businesses and their employees, members and stakeholders.

Providing an inclusive, accessible environment, where all employees and clients feel valued, respected and supported is something we’re committed to. We are dedicated to building a workforce that reflects the diversity of the communities in which we live, and to creating an environment where every employee has the opportunity to reach their potential. If you require an accommodation or an alternative format of any posting please reach out to careers@peoplecorporation.com.