108 Information Security Manager jobs in Canada

Job Description

Founded in 1974, CMiC today delivers comprehensive and advanced enterprise and field operations solutions, purpose-built for construction and capital projects companies. CMiC’s powerful software transforms how firms optimize productivity, minimize risk and drive growth by planning and managing all financials, projects, resources, and content assets - all from a single database platform.

In the past several years, the construction industry has experienced unprecedented changes driven by new technologies - including integration with multi-dimensional modeling, an explosion of cloud-based offerings and the demand for robust mobile capabilities. CMiC has kept pace by constantly upgrading and enhancing our advanced platform to reflect the changing needs of the industry, leading to significant growth as a company.

Job Overview/Position Summary

The Manager, Information Security will assist the Chief Information Security Officer (CISO) to develop and implement cybersecurity strategies that protect our organization's information assets and those of our customers’. This role requires a good understanding of cybersecurity principles, strong leadership skills, and the ability to collaborate across departments to achieve security goals

Primary Responsibilities:

• Assist in the development, implementation, and management of the organization's cybersecurity strategy.
• Monitor and analyze security threats, vulnerabilities, and incidents to identify risks and mitigate them effectively.
• Assist in the design and enforcement of security policies, standards, and procedures.
• Oversee implementation and evidence collection of the SOC 1 & 2 and ISO 27001 audits
• Collaborate with IT, legal, and other internal stakeholders to ensure alignment with security protocols and regulatory requirements.
• Provide technical and operational guidance in the development and implementation of information security programs.
• Manage security incidents and coordinate incident response efforts, including root cause analysis and remediation.
• Stay current with emerging security trends, technologies, and regulatory changes.
• Report on security metrics and provide updates to senior management and the Information and Privacy Governance Committee.

Other responsibilities

• Responsible for the development and maintenance of disaster recovery and business continuity plans and table top exercises.
• Responsible for regular security reviews and risk assessments to identify and address potential security weaknesses.

Requirements

Education and Experience:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Certified Information Systems Security Professional (CISSP) or other relevant certifications.
• Minimum of 3 years of experience in information security management or a related role.

Skills and Competencies:

• A solid understanding of cybersecurity principles, network security, encryption, and vulnerability management
• Strong understanding of risk management framework and ability to identify, assess, and mitigate risks to the organization's information assets.
• Ability to develop and implement long-term security strategies that align with the organization's goals.

Preferred Qualifications (Optional)

• Strong knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001, AICPA Trust Services Criteria) and regulatory requirements.
• Be a self-starter and take ownership of initiatives.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders.
• Proven leadership abilities and experience in managing security team.
• Having IT Operational experience is a bonus.

Work Environment (Optional)

• CMiC has a hybrid work environment. Successful candidate is expected to be in the office one to two days a week.

Benefits

• Competitive benefits Package (including Health & Dental benefits)
• Paid vacation and personal days
• Townhall meetings where all employees are encouraged to participate in open discussions
• Located on York University’s campus, easily accessible by transit (TTC, GO, etc.), walking distance to shopping and restaurants
• Outdoor lunch space, including picnic tables
• An active Social Events Committee (past events include annual seasonal parties, pool and bowling tournaments, karaoke nights, Game nights, BBQs, and more)
• Health and Wellness focus including virtual yoga classes and wellness webinars
• RRSP Matching Program after 2 years of employment
• Experience in a rapidly growing, socially responsible corporation

CMiC is an Equal Opportunity Employer. In accordance with the Accessibility for Ontarians with Disabilities Act, 2005 and the Ontario Human Rights Code, CMiC will provide accommodation to applicants with disabilities throughout the recruitment, selection and/or assessment process. If selected to participate in the recruitment, selection and/or assessment process, please inform Human Resources staff of the nature of any accommodation(s) that you may require.

Job Description

As the Director of Global Security and Compliance, you will oversee security and compliance, and vendor relationships aligning these with our business goals. You will work collaboratively with others in Symend to ensure that Symend adheres to all relevant regulations, standards, and best practices while proactively mitigating security risks. Your guidance will be crucial in maintaining our reputation for integrity, confidentiality, and reliability ensuring that our security and compliance initiatives support Symend’s overall strategic objectives. 

This role is based in Canada.

Roles and Responsibilities include:

Security and Compliance: 

• Develop and implement global security policies, procedures, and guidelines to ensure compliance with regulatory requirements (e.g., SOC II, ISO 27001). 
• Collaborate with internal teams to implement necessary controls and measures to achieve and maintain compliance. 
• Conduct regular audits, risk assessments, and vulnerability management activities to validate compliance and identify and mitigate potential security threats. 
• Collaborate with cross-functional teams to integrate security and compliance requirements into business processes and systems development lifecycle. 
• Manage external audits and assessments, ensuring timely and accurate reporting of compliance status to executive management and regulatory bodies. 
• Stay informed about emerging security threats, industry trends, and regulatory changes to recommend proactive measures and adjustments to the security posture. 
• Manage and maintain Security Operations 
• Manage incident response and tabletop exercises 
• Manage vulnerability management of endpoints including policy and compliance configuration including collaborating with a third-party managed services provider 
• Manage third-party risk management activities including vendor vetting, renewal, and reviews 
• Participate and lead client initiated third-party risk management reviews and activities 
• Ensure quarterly, bi-annual, and annual compliance activities are completed and meet SOC2 Type II and ISO 27001 standards. 
• Communicate the security posture of the organization to executive management 
• Collaborate with Cloud Engineering to remediate posture management alerts, plan hardening exercises of Cloud infrastructure

• Establish and maintain relationships with cloud service providers, negotiating contracts and terms where necessary. 
• Evaluate vendor performance against established benchmarks and service level agreements (SLAs). 
• Track vendor compliance with agreed-upon terms and conditions, identifying areas for improvement and suggesting actionable steps.

• Bachelor’s degree in information technology management, Computer Networking Technology, Computer Science or a related field

• Extensive Leadership Experience: Over 10 years of progressive experience in security and compliance roles, with at least 5 years in a leadership position within a SaaS company serving highly regulated industries. 
• Hands-on Audit Experience: Demonstrated hands-on experience with SOC 2 and ISO certification audits, including preparing for and leading audit processes, addressing findings, and achieving successful outcomes. 
• Regulatory Knowledge: Comprehensive knowledge of global regulatory requirements and industry standards, including GDPR and CCPA/CCPR, and others relevant to Banking, Wireless and Utilities sectors. 
• Security Frameworks: Proficiency in implementing and managing security frameworks such as NIST, CIS, and other relevant frameworks. 
• Risk Management: Proven experience in conducting risk assessments, identifying vulnerabilities, and implementing mitigation strategies to manage security risks effectively. 
• Incident Response: Expertise in developing and managing incident response plans, including leading and coordinating responses to security incidents. 
• Vendor Management: Experience in managing third-party vendors, conducting security assessments, and ensuring compliance with security policies and regulations. 
• Project Management: Strong project management skills, with the ability to lead cross-functional teams and manage multiple projects simultaneously. 

Certifications:  

• Certified Information Systems Security Professional (CISSP) 
• Certified Information Security Manager (CISM) 
• Certified Information Systems Auditor (CISA) 
• ISO/IEC 27001 Lead Implementer 
• Certified Cloud Security Professional (CCSP)

• Strategic Vision: Ability to develop and execute a strategic vision for global security and compliance, aligning with business objectives and regulatory requirements. 
• Technical Expertise: In-depth technical knowledge of security technologies, tools, and practices, with the ability to apply this knowledge to enhance the company's security posture. 
• Analytical Skills: Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions. 
• Communication: Excellent verbal and written communication skills, with the ability to communicate complex security and compliance concepts to both technical and non-technical stakeholders. 
• Leadership: Exceptional leadership and team-building skills, with the ability to inspire and motivate teams to achieve high performance. 
• Adaptability: Ability to adapt to changing regulatory environments and emerging security threats, ensuring the company's security and compliance programs remain effective and current. 
• Ethical Judgement: Strong ethical judgment and integrity, with a commitment to upholding the highest standards of security and compliance. 
• Customer Focus: A customer-centric approach, understanding the unique security needs of customers in highly regulated industries and ensuring their requirements are met. 

Powered by JazzHR

rhYL8ya2C6

Job Description

Why DUCA?

We’re a vibrant, exciting credit union that lives its "profits with a purpose" philosophy in every financial transaction, product, interest rate, and community initiative we offer. Founded in 1954, DUCA has grown from a single branch credit union in Toronto to 19 branches across Southern Ontario with over 85,000 Members we are proud to serve.

We exist to help People, Businesses and Communities Do More, Be More, and Achieve More™ .

DUCA ( is the fastest organically growing large Credit Union in Canada distinguished for the following:

• Positive, un-big bank like service experience delivered through Member-facing staff in branch, on the phone (Member-Connect) and via our Mobile mortgage specialists, Wealth Management advisors and Commercial and Business Banking Account Managers.
• Competitive rates.
• Personalized financial solutions, guidance, and service with the lowest possible fees for both Personal and Business Members.
• Profit sharing among Members.
• Multiple ways to bank—online, mobile app, phone/full-service Member Connect Contact Centre, and, of course, in-branch—DUCA is accessible 24/7
• A community philosophy of “profits with a purpose” culminating in the creation of the DUCA Impact Lab ( a charitable foundation committed to helping the credit challenged and underbanked. This led to DUCA's designation as a B-Corp certified organization, the first ever credit union to receive this global recognition.

A career with one of Canada’s fastest growing credit unions means you’ll find endless opportunities to make a difference with your unique abilities and perspectives. Our people live their purpose while helping others Do more, Be more and Achieve more with their money and their lives. At DUCA, you’ll be part of a vibrant and collaborative team where you’ll be supported to excel and make an impact, no matter what role you play.

Risk Management Analyst

DUCA is looking for a Risk Management Analyst to join our growing team!

Job Purpose & Summary

Reporting to either the Director or Senior Manager, Commercial Credit, the Risk Management Analyst supports DUCA’s risk management program related to the Commercial Lending portfolio. This position provides commercial credit adjudication support, quality assurance analysis, portfolio monitoring, reporting, and project coordination. The Risk Management Analyst will review deals received from the Commercial Lending team, conduct analysis, and make recommendations on whether the deal is within DUCA’s risk guidelines.

Key Accountabilities & Duties

• Assist in the end-to-end adjudication process for new credits and annual reviews in accordance with DUCA credit policy and guidelines
• Review due diligence documents (e.g. appraisals, environmental reports, lease agreements, industry reports etc.), financial spreadsheets, risk rating, financial models and conduct sensitivity analysis
• Approve annual reviews and amendment requests as per delegated lending authority, currently up to $3MM
• Use sound credit judgment to assess, analyze, and present well-written recommendations for adjudication on new deals and annual reviews
• Check and review commitment letters and construction draw requests
• Undertake quality assurance reviews on the commercial credit portfolio, track audit action items, and coordinate with key stakeholders (lenders, funding team, analysts, adjudication team)
• Prepare reports and presentation for DUCA’s Management Credit Committee, leadership team, and Board of Directors as needed
• Coordinate various initiatives and projects for the Commercial Credit team

Occupational Experience & Education Requirements

• Undergraduate degree in Business, Finance, or a related field
• Post-graduate degree or other related designation (CFA, FRM, CA etc.) considered an asset
• 1-3 years’ work experience in commercial or real estate lending, or a related field
• Previous experience with financial statement analysis

Knowledge, Skills & Attributes

• Proficient with Microsoft Excel, Word, and PowerPoint
• Knowledge of different commercial lending products and sound lending practices
• Knowledge of the commercial real estate sector considered an asset
• Ability to analyze financial statements and perform meaningful financial analysis
• Ability to articulate complex problems into succinct analysis
• Strong interpersonal and collaboration skills
• Demonstrated critical thinking and problem-solving skills
• Strong attention to detail
• Excellent written and verbal communication skills
• Client-focused mindset and drive to do what is best for our Members

Working Conditions

Normal office environment

Department: Commercial Credit

Primary Location: Corporate Office - 5255 Yonge Street, North York, M2N 6P4

Employment Status: Full-Time

Hours per Week: 38

Salary: T he annual salary range for this position starts at $64,023. Actual annual base salaries will vary depending on relevant job-related factors such as experience, knowledge, skills, qualifications, and education/training. Depending on the position, DUCA’s total compensation package may include incentive compensation tied to company and individual performance or other benefits.

Number of Vacancies: 1

DUCA is committed to employment equity and encourages applications from all qualified candidates. Recruitment related accommodations will be provided upon request.

Qualified applicants are encouraged to submit their application. Applications must include a resume.

We thank all applicants but only those considered for an interview will be contacted.

Job Description

Job Description:
The Risk Management Advisor identifies, assesses, and mitigates risks that could impact organizational success. This role involves conducting risk assessments, developing mitigation plans, and ensuring ongoing risk monitoring. The advisor collaborates with teams and leadership to enhance risk awareness and implement best practices.

• Conduct risk assessments to identify potential threats and vulnerabilities.

• Develop and recommend risk mitigation strategies.

• Create tailored risk management plans for projects.

• Assess troubled projects and recommend solutions.

• Prioritize and assign risks based on impact.

• Implement and oversee Risk Management Plans throughout project life cycles.

• Train teams on risk mitigation best practices.

• Risk Management: 7+ years of experience in risk assessment and mitigation.

• Risk Management Advisory Experience: Proven expertise in advisory roles.

• Risk Management Framework (RMF)

• Governance, Risk, and Compliance (GRC)

• Finance Risk & Compliance

• GIPS Compliance

• Retail Banking & Corporate Finance

• Enterprise Financial Risk

• Regulatory Management & Compliance

• CRMP, FRM, or equivalent certification.

• Experience with risk management tools (RSA Archer, MetricStream, etc.).

• Knowledge of industry regulations and best practices.

This role requires a strategic thinker with strong analytical skills and the ability to communicate risk insights effectively to diverse stakeholders. If you are passionate about risk management and have the expertise to guide organizations toward effective risk mitigation, we encourage you to apply!

Even if you don’t meet all the listed requirements, we still encourage you to apply. We value diverse experiences and perspectives and believe that skills can be developed over time.

Position Overview

Calian is seeking a Risk Management Specialist to assist our client with the facilitation of their project. This role includes conducting job hazard assessments, identifying workplace risks, and recommending effective control measures to ensure a safe and compliant work environment. This position is remote, however, it may require occasional visits to the Winnipeg office.

Responsibilities

• Coordinate with client representatives to schedule and conduct Job Hazard Analysis (JHA) interviews, acting as the primary point of contact
• Gather employee information including names, roles, contact details, and work schedules to support the assessment process
• Adjust assessment timelines based on availability of personnel, equipment, or other factors and notify the client of any delays or issues
• Conduct in-person consultations with staff to collect data on job tasks, work environments, and equipment use
• Complete JHA tables for each position, including tasks, tools, hazards, potential incidents, control measures, and risk ratings
• Collaborate with the client on minor format adjustments to JHA documentation while maintaining required content
• Assess and classify hazards using the client’s risk matrix based on severity, probability, and frequency
• Report urgent or high-risk hazards within required timelines and follow up with written documentation of actions taken
• Recommend appropriate control measures following the hierarchy of controls, including elimination, engineering, administrative, and PPE
• Submit a final risk assessment report with all hazards, risk levels, current controls, recommended actions, and identified safety-sensitive roles

Qualifications

• Must currently hold or be eligible for Reliability (Level I) Clearance with the Government of Canada
• Must be accredited / certified by the Board of Canadian Registered Safety Professionals as a Canadian Registered Safety Professional (CRSP)
• 4+ years of experience in workplace hazard assessment in an industrial setting;
• 4+ years of experience in design job hazard analysis
• 4+ years of experience in carrying out job hazard analysis in an industrial setting
• 3+ years of experience in using MS Office in support of the procurement of goods and services