37 Security Audits jobs in Canada

**Our Purpose**
_Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential._
**Title and Summary**
Manager, Risk Assessment
Overview:
The Enterprise Risk Management (ERM) team is seeking a Manager, Risk Assessment to support the execution of Business Unit Risk Assessments across the Company. This role will work closely with first line risk teams and other stakeholders in regions, business units, and functions to help identify, assess, and monitor key risks.
Role:
The Manager, Risk Assessment will be responsible for:
Risk Assessments
- Assist in the implementation of methodologies and procedures for periodic risk assessments across business units
- Coordinate with Business Unit Risk Champions and Risk Managers to support risk workshops, risk identification, and documentation activities
- Compile and analyze Business Unit risk heatmaps to inform mitigation planning
- Evaluate and determine adequacy of risk treatments and controls
- Support the identification and tracking of emerging risks
- Contribute to risk reporting for Enterprise-wide risks to internal governance committees
- Assist in aligning risk assessment processes with strategic planning and budgeting cycles
- Support the development and maintenance of ERM GRC tools and reporting capabilities
- Provide GRC training to internal stakeholders and new hires to ensure continuity and framework alignment
- Prepare and distribute GRC reports, including action plan reports to the business
- Collaborate with business and functional teams to monitor and track mitigation plans for risks outside of tolerance thresholds
All About You:
- Risk mindset - Applies critical and out of the box thinking to understand the business and effectively support teams in identifying their key risks
- Resilient and able to work under pressure
- Strong communication and interpersonal skills; able to work across teams and levels
- Detail-oriented with strong analytical and problem-solving skills
- Comfortable managing multiple tasks and deadlines in a dynamic environment
- Appreciation for diverse perspectives and backgrounds, comfortable to work remotely with teams located in different time zones
Preferred Qualifications:
- 4-7 years of progressive experience in supporting risk assessments and reporting in a corporate environment
- Bachelor's degree or higher in Risk Management, Business Administration, Finance, Economics, or related field
- Familiarity with GRC platforms (e.g., OpenPages, Archer)
- Advanced skills in Microsoft Office products (PowerPoint, Excel, Word, Outlook, SharePoint, Teams, Copilot)
- Working knowledge of risk management frameworks (e.g., ERM, operational risk)
- Experience supporting risk-related initiatives and reporting
- Knowledge of payment Industry and products
Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
**Corporate Security Responsibility**
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
+ Abide by Mastercard's security policies and practices;
+ Ensure the confidentiality and integrity of the information being accessed;
+ Report any suspected information security violation or breach, and
+ Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

RISK ASSESSMENT SPECIALIST

OUR PURPOSE

To unlock a sustainable future, we apply our combined expertise to create a positive impact for the planet and future generations.

At Matrix Solutions we collaborate across services, disciplines, and geographies to solve environmental challenges together – motivated to do better for our clients, each other, and the communities where we live and work. We deliver responsive, locally connected, and scalable solutions to help our clients achieve their ambitious goals for a more sustainable and resilient future.

WHO WE ARE

One of Canada’s leading providers of environmental consulting and engineering services. With a proud history of nearly 40 years delivering innovative, pragmatic, and sustainable solutions for public and private sector clients. Matrix is a proud part of Montrose Environmental Group, with a network of teammates across 90+ locations around the world.

WHAT WE DO

We partner with clients and communities to solve challenges. It’s our job to unlock solutions that shape a resilient future where our clients, people, communities, and environment thrive.

OUR COMMITMENT TO DIVERSITY, EQUITY AND INCLUSION

Our team is made up of diverse people working collaboratively towards common goals. We value the contributions and perspectives of all employees and are committed to equity and diversity initiatives to create a feeling of belonging for all of our people. When we are inclusive and diverse in a way that reflects the broader world we serve, we are able to draw from a wider community of excellence within the regions we operate.

Are you looking to…

• Influence the framework and lead the growth of a fast-growing technical practice in risk assessment
• Bring your strong background in toxicology and risk assessment to work alongside our technical lead of Risk Assessment and Risk Management
• Work on challenging and exciting projects from the routine to the technically complex and bring them to closure using risk assessment approaches
• Lead the way in working with regulators to advance risk assessment as a closure tool
• Work with technical experts from across a broad spectrum to help build your approach to projects
• Have autonomy and the opportunity to interact and work with a community of technical experts from other Matrix regions.
• Partner with extensive, long-standing clients such as municipal governments, conservation authorities, academia, and private industry.

As a Risk Assessment Specialist, you will be part of the foundation of our human health and ecological risk assessment (HHERA) group. Candidates can be based in any Matrix office location. The successful applicant will be involved in a broad range of risk assessment, risk management and toxicology projects with responsibilities as follows:

• Maintain a strong working knowledge of federal and provincial risk-based regulations
• Act as Technical Accountable for HHERA for a variety of clients for risk-based management of contaminated sites across Canada
• Provide support as an expert witness if/when needed in the regulatory approval process
• Provide senior review for quality assurance of technical risk assessment and risk management reports
• Conduct presentations on regulatory changes to other Matrix technical teams and our clients on an as-needed basis
• Provide leadership to a team of professionals who conduct HHERA across Canada, often in addition to providing other contaminated sites expertise
• Work with risk assessment practitioners and contaminated sites project managers to advance risk assessment and risk management skills among Matrix personnel
• Promote site-specific risk assessment and risk management services within Matrix and externally to clients
• Lead or contribute to site-specific risk assessment business development opportunities across Canada and provide strategic proposals and budgets for new work opportunities
• Regularly and effectively communicate with regulators, clients, and technical staff
• Maintain risk assessment and risk management models and provide training to practitioners
• Develop and maintain a hazard assessment resource library (e.g., current toxicological profiles).

What We Are Looking For

• Minimum of 12 years practicing risk assessment and applying Canadian risk assessment protocols
• M.Sc., M.Eng., or Ph.D. in toxicology, biology, applied chemistry, environmental science, environmental engineering, or related discipline(s)
• Eligibility or current Professional designation in a relevant association
• Comprehensive understanding and experience using federal and provincial guidelines and risk assessment frameworks
• Strong organizational, interpersonal and communication skills with the ability to lead and mentor project teams
• Valid driver’s license and a satisfactory driving record.

Why Choose Matrix

At Matrix you will be part of an amazing community of collaborative people who live our purpose and values and bring industry-leading technical expertise to their work every day. We offer a comprehensive compensation package, which includes RRSP matching, vacation + ‘Me’ days, and benefits. We are also committed to flexible work hours and schedules, team-based work, and cross-training opportunities.

Click the Apply button.

Are you the one we're looking for? Please apply to us directly . As a note, we are not accepting third party agency applicants at this time.

Matrix is committed to providing a safe and productive work environment and to promoting the health, safety and well-being of our employees. In keeping with our Health & Safety Policy, individuals in safety sensitive positions are subject to pre-employment, pre-access (and in some client cases, random) alcohol & drug testing as well as drivers abstract reviews.

Applicants must have legal authorization to work in Canada with no restrictions.

We welcome and promote diversity and inclusion in our workplace and encourage applications from all qualified individuals. Matrix provides support in its recruitment processes to applicants with disabilities; including accommodation that takes into account an applicant’s accessibility needs. Candidates requiring accommodation during the recruitment process are asked to contact Human Resources directly.

Please follow us on LinkedIn (@Matrix Solutions Inc.) for ongoing updates about our people and business.

For more information about Matrix Solutions, please visit and don’t forget to our bookmark our careers page.

While we appreciate all applications we receive, we advise that only candidates under consideration will be contacted.

**Company Description**
**Work with Us. Change the World.**
At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.
There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.
We're one global team driven by our common purpose to deliver a better world. Join us.
**Job Description**
AECOM is seeking a **Health & Safety Specialist (Senior H&S Officer)** to join our team. This position is based on-site, out of Mississauga. We are seeking professionals to join our team to help us build one of the most advanced, sustainable and passenger-friendly airports in the world.
**Major Requirements:**
The successful candidate will report to the Manager, Health and Safety on the Project. The purpose of this role is to support the project achieving top tier Safety and Security results. This involves interfacing across all project teams to establish solid relationships, provide leadership on Safety & Security elements, resources, audits, training, evaluation of own and contractor/subcontractor systems, analyze safety related data, and develop programs and processes for the continued improvement of Safety & Security performance.
To perform this role successfully, the individual will be responsible for but not limited to the following:
+ Implements the duties of the health and safety position they are appointed into which could include Onboarding & Training, Reporting, Incident Investigation, and coordinating Threat and Hazard Impact Risk Assessments (T/HIRA).
+ Provides subject matter expertise, advice, and guidance with respect to relevant health and safety matters across the program.
+ Works collaboratively with the contractor to confirm that the measures set out in the site-specific safety plan are effectively implemented.
+ Undertakes periodic assessments / audits and identifies opportunities for improvement and recommends corrective actions.
+ Provides management level reporting and identifies key risks and issues for escalation to the appropriate decision makers.
+ Coaching, mentoring, and supporting the career development of staff.
+ Excellent written and verbal communication skills, with the ability to write reports and presentations, capture stakeholder input and present information
+ Strong interpersonal and facilitation skills with demonstrated ability to collaborate across departments and lead multistakeholder workshops
**Qualifications**
**Minimum Requirements:**
BA/BS + 4 YORE or demonstrated equivalency of experience and/or education
**Preferred Requirement:**
+ Typically, a minimum of 7 years of professional experience in on-site health and safety role (inspection, coordinator, onboarding and training, and / or reporting).
+ Experience in working within construction environments, major infrastructure / aviation program experience is considered an asset.
+ Demonstrable experience in developing and implementing effective health and safety management plans.
+ Strong stakeholder management skills and comfortable in working with the owner, consultants, and contractors.
+ Diploma/certificate in health and safety and / or equivalent training experience.
**Additional Information**
**About AECOM**
AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, flexible work options, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.
AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients' complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle - from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at aecom.com.
**What makes AECOM a great place to work**
You will be part of a global team that champions your growth and career ambitions. Work on groundbreaking projects - both in your local community and on a global scale - that are transforming our industry and shaping the future. With cutting-edge technology and a network of experts, you'll have the resources to make a real impact. Our award-winning training and development programs are designed to expand your technical expertise and leadership skills, helping you build the career you've always envisioned. Here, you'll find a welcoming workplace built on respect, collaboration and community - where you have the freedom to grow in a world of opportunity.
As an Equal Opportunity Employer, we believe in your potential and are here to help you achieve it. All your information will be kept confidential according to EEO guidelines.
**ReqID:** J
**Business Line:** Geography OH
**Business Group:** DCS
**Strategic Business Unit:** Canada
**Career Area:** Safety, Health & Environment
**Work Location Model:** On-Site
**Legal Entity:** AECOM Canada ULC

**Work Location:**
Barrie, Ontario, Canada
**Hours:**
37.5
**Line of Business:**
Technology Solutions
**Pay Details:**
$91,200 - $136,800 CAD
TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.
As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.
**Job Description:**
We are seeking experienced ServiceNow ITOM (CMDB/Discovery) Analyst to join our team. The ideal candidate will be proficient in managing the Configuration Management Database (CMDB) within ServiceNow, with a strong background in ServiceNow Discovery and Service Mapping.
The successful candidate will be responsible for operating CMDB / Discovery within the ServiceNow platform, including identifying and remediating Discovery errors, ensuring the accuracy and integrity of the CMDB, addressing pain points and enhancing the health of CMDB as well as enforcing Enterprise Asset Management Governance process.
**KEY ACCOUNTABILITIES**
**CUSTOMER**
+ Provide consultation and advice to partners on a broad range Technology Controls / Information Security programs / policies / standards and incidents for own specialized area
+ Conduct project consulting on assessment of risk, definition of required controls, appropriateness of implemented control procedures, vulnerability assessments and any other relevant areas
+ Lead or contribute to completion of risk and control design assessments for an application portfolio, articulate and document impact of control gaps to the business and the overall Bank, risk mitigation and remediation plans, remediation strategy document as applicable
+ Contribute to the definition, development, and oversight of a global security management strategy and framework
+ Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology / security threats against TDBG's business
+ Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area
+ Work proactively with technology partners / stakeholders and service/platform owners to ensure all technology security components are integrated into the bank's overall Enterprise Architecture, and any control gaps are addressed.
+ Consult on Regulatory compliance requirements, reporting and questions
+ Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities
+ Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team
**SHAREHOLDER**
+ Adhere to internal policies / procedures, technology control standards, and applicable regulatory guidelines
+ Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement
+ Adhere to and advise on / oversee / monitor / enforce enterprise frameworks and methodologies that relate to technology controls / information security activities
+ Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
+ Remain informed of emerging issues, industry trends and/or relevant changes
+ Define / develop / implement / manage standards, policies, procedures, and solutions that mitigate risk and maximize security, availability of service, efficiency and effectiveness
+ Actively manage relationships with other areas of Technology / businesses / corporate and/or control functions and ensure alignment with enterprise and/or regulatory requirements
+ Keep abreast of emerging issues, trends, and evolving regulatory requirements and assess potential impacts to the Bank
+ Assess / identify key issues and escalate to appropriate levels and relevant stakeholders where required
+ Maintain a culture of risk management and control, supported by effective processes and sound infrastructure an in alignment with risk appetite
+ Participate in business specific / cross-functional / enterprise initiatives as a subject matter expert helping to identify risk / provide guidance
+ May develop / provide / contribute to complex reporting, analysis, and assessments at the functional or enterprise level
**EMPLOYEE / TEAM**
+ Maintain and manage the Configuration Management Database (CMDB) within ServiceNow and supported integrations with external data sources.
+ Ensure the ongoing inventory accuracy and integrity of CMDB data, implementing best practices and standards.
+ Regularly audit and reconcile CMDB data to maintain ongoing inventory accuracy and data quality.
+ Analyze and evaluate CMDB and discovery technologies across a broad spectrum of modern hardware and software IT assets
+ Perform day-to-day administration of the ServiceNow Discovery, including validating discovery results and troubleshooting discovery errors, discovery schedules, credentials, permissions and mid-servers
+ Identify opportunities for process improvement and automation within ServiceNow.
+ Provide input tothe CMDB and discovery product roadmaps, including cross-product and cross-organizational dependencies
+ Support key CMDB consumers such as IT service management processes,Enterprise Technology Currency management and SecOps and ensure alignment with business goals and regulatory requirements.
+ Support bi-annual ServiceNow Platform Upgrades
+ Stay up-to-date on ServiceNow releases and new capabilities, recommending enhancements that benefit the organization.
+ Continuously enhance knowledge / expertise in own area
+ Keep current on emerging trends / developments and grow knowledge of the business, analytical tools and techniques
+ Prioritize and manage own workload to deliver quality results and meet assigned timelines
+ Support a positive work environment that promotes service to the business, quality, innovation and teamwork and ensure timely communication of issues/ points of interest
+ Identify and recommend opportunities to enhance productivity, effectiveness and operational efficiency
+ Establish effective relationships across multiple business and technology partners, program and project managers
+ Participate in knowledge transfer within the team and business units
**BREADTH & DEPTH**
+ Expert knowledge of IT security and risk disciplines and practices
+ Advanced knowledge of of organization, technology controls / security/ risk issues
+ May participate on complex, comprehensive or large projects and initiatives
+ Acts as a lead expert resource in technology controls / information security for project teams, the business / organization and/or outside vendors
+ Generally reports to Senior Manager or above
**EXPERIENCE & EDUCATION**
+ Bachelor's Degree in Computer Science or Engineering or equivalent combination of education and experience.
+ Minimum 5 years of hands-on experience implementing, administering and optimizing ServiceNow ITOM (CMDB, Discovery, Service mapping).
+ Proven hands-on experience in optimizing discovery, tailoring patterns and development.
+ Proven hands-on experience monitoring, troubleshooting and remediating CMDB & Discovery related issues in large organizations including experience with any cloud service providers such as Azure, GCP or VMware.
+ Working knowledge of hybrid IT infrastructure, which combines on-premises, data center, and cloud-based operations including in-depth knowledge of networking.
+ Strong understanding of Networking principles, Server Administration concepts, Cloud Infrastructure and Middleware and Databases.
+ Knowledge of ServiceNow Common Services Data Model (CSDM) framework.
+ The following certifications would be considered as assets: Certified ServiceNow System Administrator (CSA), and Certified Implementation Specialist (CIS) in Discovery, Service Mapping, Vulnerability Response
+ Excellent analytical and problem-solving skills with the ability to troubleshoot complex technical issues;
+ Effective communication and interpersonal skills, with the ability to collaborate with stakeholders at all levels of the organization.
+ Demonstrated ability to work independently, prioritize tasks, and manage multiple issues and initiatives simultaneously.
+ Self-starter, positive attitude, and ability to problem-solve under minimal supervision
**Who We Are:**
TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues.
TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you've got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we're here to support you towards your goals. As an organization, we keep growing - and so will you.
**Our Total Rewards Package**
Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical, and mental well-being goals. Total Rewards at TD includes a base salary, variable compensation, and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and reward and recognition programs. Learn more ( Information:**
We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home.
Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements.
**Colleague Development**
If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD - and we're committed to helping you identify opportunities that support your goals.
**Training & Onboarding**
We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role.
**Interview Process**
We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.
**Accommodation**
Your accessibility is important to us. Please let us know if you'd like accommodations (including accessible meeting rooms, captioning for virtual interviews, etc.) to help us remove barriers so that you can participate throughout the interview process.
We look forward to hearing from you!
**Language Requirement (Quebec only):**
Sans Objet
Federal law prohibits job discrimination based on race, color, sex, sexual orientation, gender identity, national origin, religion, age, equal pay, disability and genetic information.

Job Description
Insight Global is currently recruiting for an Information Security Engineer who will be responsible for ensuring the security, integrity, and availability of for the clients information assets. The candidate will contribute to the management and continuous improvement of multiple security programs. The position entails the development, implementation, and maintenance of security controls, through people, processes, and technology, across the organization.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: and Requirements
General
- Implement, maintain, and improve the security posture of the Microsoft 365.
- Maintain operational oversight of our security systems and administer secure configurations for both on-premise and cloud environments.
- Proactively manage system settings to counter evolving threats and safeguard enterprise systems and accounts.
- Actively monitor and assess new and emerging security threats. Recommend tactical and strategic initiatives that mitigate risks and keep our security posture ahead of the curve.
- Prepare and deliver periodic reports that highlight the current security posture of our Information Security Program.
- Ensure that all systems and processes comply with industry-recognized frameworks such as ISO 27001, NIST, CIS, and internal policies.
- Collaborate with IT Infrastructure, Operations, and other stakeholders to design and maintain secure, resilient enterprise-grade processes.
- Ensure that security requirements are integrated into IT services, balancing operational needs with risk management.
- Support regional internal and external audits related to IT security and compliance.
- Work with business services to ensure that security measures are effectively represented in client RFP responses and align with global standards.
- Contribute to the development, evaluation, and implementation of policies, standards, and procedures that meet both business and security requirements.
- Continuously refine technical processes to address the latest threats and compliance mandates.
Security Engineering
- Conduct technical architecture assessments to identify and mitigate risks.
- Translate business requirements into robust technical security controls.
- Develop, implement and maintain cloud security architectures, ensuring operational compliance (Azure expertise is a must).
- Leverage advanced Azure security features to architect and secure cloud deployments, ensuring compliance with best practices and regulatory standards.
- Author technical policies and develop SOPs to support secure architectural practices, with a focus on Azure and hybrid environments.
- Oversee patch deployment and secure configuration baselines for on-premise and cloud environments (Virtual Machines and Operating Systems).
- Ensure timely updates while minimizing downtime and risk.
- Perform regular audits (e.g., CIS, asset management, firewall rule review) to ensure compliance with internal policies and industry best practices.
- Conduct regular reviews and annual audits of firewall rules to ensure compliance with security policies, identify potential risks, and maintain optimal network protection.
- Provide recommendations to address audit findings and improve security controls.
- Develop and maintain secure configuration baselines for servers, endpoints, and network devices.
- Continuously monitor and remediate configuration drift.
- Manage and enhance privilege access controls, focusing on SecretServer or similar PAM solutions.
- Enforce least-privilege principles and monitor privileged accounts.
- Coordinate internal and external penetration testing efforts.
- Analyze results, prioritize remediation activities, and track corrective actions to closure.
Vulnerability Management Program
- Analyze threat and vulnerability feeds data for applicability to the environment and perform compensating controls analysis and validate efficacy of existing controls and provide recommendations.
- Perform security research, analysis, assessments and support with penetration testing and remediation actions.
- Conduct vulnerability assessments to evaluate attack vectors, identify vulnerabilities, and develop remediation plans.
- Work with IT stakeholders to guide and assist them during the remediation process.
- Monitor external security ratings and coordinate improvement efforts.
- Identify and address high-risk areas to strengthen overall security posture.
- Lead monthly vulnerability management meetings, assessments, and remediation coordination.
- Develop metrics and dashboards to track progress and highlight key risk areas.
Security Operations and Incident Management Program
- Assist the SOC team with daily operation of Information Security technologies.
- Assist with creating detailed runbooks and playbooks for incident response that integrate engineered solutions with operational procedures, ensuring quick and consistent responses to security events.
- Offer expert insights during and after incidents to identify root causes, recommend immediate fixes, and suggest long-term security improvements to prevent recurrence.
- Work closely with the security operations team to ensure that engineered systems meet operational needs, participate in incident drills, and provide training on new tools or technologies that enhance incident response capabilities.
- Handle spam/phishing requests, Mimecast URL exceptions, and data loss alerts.
- Act as an active participant within Incident Tabletop exercises
SKILLS & COMPETENCIES
- Strong written and oral communication skills.
- Strong stakeholder management skills and experience.
- Strong organizational skills with impeccable attention to detail.
- Strong situational analysis and decision-making skills, with experience balancing technical trade-offs.
- Demonstrates how to Act as One by being a team player across the Firm.
- Strong problem solving and analytical skills; can clearly explain and present problems and issues to others and contribute to their resolution.
- Ability to work under pressure and think clearly in challenging situations in a logical manner.
- Ability to be flexible in approach and be comfortable with a fluid organizational structure that requires both teamwork and self-sufficiency as necessary, with the ability to work under minimal supervision.
- Demonstrate initiative and the ability to be proactive, anticipating needs.
- Flexibility to accommodate working in multiple time zones.
EDUCATION, EXPERIENCE & CERTIFICATIONS
- Post-secondary education with a specialization in Information Technology and / or minimum of 6+ years of Information Technology experience in designing, developing, and maintaining IT cybersecurity solutions
- 6+ years of experience in an Information Security related role with at least 3 years of experience in cloud technologies, vulnerability and penetration testing.
- Advanced knowledge of Azure security features, architecture, and best practices for securing cloud deployments.
- Expertise in deploying patches and maintaining secure configuration baselines across on-premise and cloud environments.
- Proficient in coordinating and executing both internal and external vulnerability assessments and penetration tests.
- Experience in designing secure systems, conducting technical assessments, and translating business requirements into robust security controls.
- Knowledge in developing secure cloud security architectures.
- Competence in auditing systems against defined standards (e.g., CIS, NIST, ISO 27001) and preparing compliance reports.
- Familiarity with ITSM processes for ticket handling and incident response, including developing runbooks and incident playbooks.
- At least one relevant certification such as CISSP, CISM, or from GIAC/ISACA is required. null
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to

The Information Security Officer is a senior level professional position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.
**Responsibilities:**
+ Perform security reviews on SaaS and PaaS products
+ Performing security assessment on Saas & Paas
+ Ability to engage in deep technical discussions with other Engineering groups, as well as ability to convey the same concepts and issues at an elevated level to senior leadership.
+ Ability to execute technical responsibilities, including, Design / Architecture reviews, Code / Configuration reviews and vulnerability assessment.
+ Develops security architecture, strategy, planning, and problem-solving solutions on an enterprise level.
+ Identify opportunities to automate and standardize information security controls and for the supported groups
+ Resolve any vulnerabilities or issues detected in an application or infrastructure
+ Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
+ Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
+ Scan and analyze applications with automated tools, and perform manual testing if necessary
+ Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
+ Direct the development and delivery of secure solutions by coordinating with business and technical contacts
+ Recommend security solutions according to Security Policy and Practices established by Citigroup.
+ Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.
+ Maintains continuous awareness of business, technical, and infrastructure issues and acts as a sounding board or consultant to aid in the development of creative GCP security architecture solutions.
+ Interfaces with vendors to security assess their technology and to guide their product roadmap based on Citi's security requirements.
**Qualifications:**
+ 6-10 years of relevant experience as an ISO officer
+ Proficiency in application, architecture, information, and cyber security
+ Proficiency in one or more: GCP, AWS and Azure
+ Advanced proficiency with Microsoft Office tools and software
+ Consistently demonstrates clear and concise written and verbal communication
+ 5-10 years of experience in Application Security and/or Security Architecture
+ 5-10 years of experience Public & Private Cloud Security
**Education:**
+ Bachelor's degree/University degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology or equivalent experience
+ Master's degree preferred
+ Professional certifications, such as CISSP and CSSLP, or willingness to obtain certification within 12-18 months of start date.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required
**About Citi**
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients' best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We'll enable growth and progress together.
---
**Job Family Group:**
Technology
---
**Job Family:**
Information Security
---
**Time Type:**
Full time
---
**Most Relevant Skills**
Please see the requirements listed above.
---
**Other Relevant Skills**
For complementary skills, please see above and/or contact the recruiter.
---
_Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law._
_If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review_ _Accessibility at Citi ( _._
_View Citi's_ _EEO Policy Statement ( _and the_ _Know Your Rights ( _poster._
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Job Description

Job Description

Salary:

Career Opportunity

GeoSpectrum is hiring an Information Security Manager to lead the tactical execution of our Information Security Management System (ISMS), with a strong focus on cyber defense, compliance, and team development. This role is instrumental in shifting the organization toward a proactive security posture, ensuring alignment with CMMC, ISO 27001, and audit standards. The successful candidate will oversee cybersecurity initiatives, implement technical controls, and serve as the primary liaison with external partners and internal stakeholders. This is a high-impact leadership opportunity to build and mentor a growing cyber team while shaping the future of our security operations.

Explore GeoSpectrums Story

GeoSpectrum Technologies is a rapidly growing company that designs and manufactures state of the art underwater acoustic components, transducers and integrated end-to-end systems for maritime surveillance and exploration. GeoSpectrum is known for its innovation and designing leading-edge products.

With clients across ocean science, defence, and oil and gas industries, were proud of delivering reliable, customized solutions that go above and beyond the requirements of our customers.

GeoSpectrum was founded in Dartmouth, Nova Scotia and continues to grow after three decades of engineering. Our companys core values are woven into the fabric of our work, commitment to employee engagement, and client service.

Responsibilities

• Cybersecurity Leadership
  • Serve as the tactical lead for all cybersecurity initiatives, reporting to the VP Operations.
  • Translate strategic security goals into actionable implementation plans.
  • Act as the primary liaison with external partners (e.g., CDW, our parent company) on cybersecurity matters.
  • Represent the organization in ISMC (Information Security Management Committee) meetings and audits.
    
• ISMS Implementation & Governance
  • Maintain and evolve the ISMS documentation, including the Risk Register, Statement of Applicability, and Corrective Action Log.
  • Conduct and coordinate internal audits, risk assessments, and policy reviews.
  • Track and report on KPIs and team competencies to the ISMC.
• Technical Implementation
  • Lead implementation of technical controls such as MFA, network segmentation, privileged access, and endpoint protection.
  • Collaborate with IT and DevOps to ensure secure system architecture and deployment practices.
• Team Building & Mentorship
  • Build and lead a growing cyber team, including potential roles such as Security Analyst, GRC Specialist, and Security Architect.
  • Mentor junior staff and coordinate with IT and QA teams for cross-functional initiatives.
  • Define and evolve the cyber org structure in collaboration with IT leadership.

Qualifications

• Post-secondary education in Software Computer Science, Software Engineering, or related field.
• 10+ years in cybersecurity or information security management.
• Experience with ISO 27001, NIST, CMMC, or similar frameworks.
• Strong understanding of GRC, SOC operations, and audit readiness.
• Proven ability to lead cross-functional teams and manage external vendors.
• Certifications such as CISSP, CISM, or ISO 27001 Lead Implementer are assets.
  

Security Requirements

All candidates must be eligible to apply for and maintain Canadian Controlled Goods and Canadian Government Security Clearances

Explore Our Culture and Benefits

Watch our company video to get to know us! Visit page.

At GeoSpectrum, we take pride in fostering a workplace that based on professional relationships, innovation and continuous improvement, and agile. Our employees work together in a collaborative, cross-functional approach. Enjoy having fun at work? Our social community is next to none! Our leadership team encourages our people to contribute their ideas, insight, and feedback for innovation, continuous improvement, quality management, and workplace safety.

We offer:

• Competitive salary based on experience
• Work-life balance with core hours
• Paid Time Off
• Employee-Family Assistance Program
• Group Plan Benefits
• Virtual Healthcare
• RRSP matching
• Corporate Discounts and perks
• Career development opportunities
• Monthly social activities
• Professional Development and training
• Free on-site parking

GeoSpectrum is committed to employment equity and building a diverse workforce where every employee can bring their best self to work. GeoSpectrum encourages applicants from all qualified individuals, including underrepresented individuals who identify as African Nova Scotian, racially visible, Aboriginal persons, LGBTQIA2S+, persons with disabilities, and women. GeoSpectrum will accommodate applicants' disability-related needs, up to the point of undue hardship, throughout all stages of the recruitment and selection process.If you are a member of one of an equity group, we encourage you to self-identify on either your application form, covering letter, or resume.

Apply Today

While we sincerely thank all applicants for taking the time to apply, however only those chosen for an interview will be contacted.

If you requirea disability-related accommodation in order to participate in the recruitment process, please contact the recruitment team by email

Job Description

Job Description

Founded in 1974, CMiC today delivers comprehensive and advanced enterprise and field operations solutions, purpose-built for construction and capital projects companies. CMiC’s powerful software transforms how firms optimize productivity, minimize risk and drive growth by planning and managing all financials, projects, resources, and content assets - all from a single database platform.

In the past several years, the construction industry has experienced unprecedented changes driven by new technologies - including integration with multi-dimensional modeling, an explosion of cloud-based offerings and the demand for robust mobile capabilities. CMiC has kept pace by constantly upgrading and enhancing our advanced platform to reflect the changing needs of the industry, leading to significant growth as a company.

Job Overview/Position Summary

The Manager, Information Security will assist the Chief Information Security Officer (CISO) to develop and implement cybersecurity strategies that protect our organization's information assets and those of our customers’. This role requires a good understanding of cybersecurity principles, strong leadership skills, and the ability to collaborate across departments to achieve security goals

Primary Responsibilities:

• Assist in the development, implementation, and management of the organization's cybersecurity strategy.
• Monitor and analyze security threats, vulnerabilities, and incidents to identify risks and mitigate them effectively.
• Assist in the design and enforcement of security policies, standards, and procedures.
• Oversee implementation and evidence collection of the SOC 1 & 2 and ISO 27001 audits
• Collaborate with IT, legal, and other internal stakeholders to ensure alignment with security protocols and regulatory requirements.
• Provide technical and operational guidance in the development and implementation of information security programs.
• Manage security incidents and coordinate incident response efforts, including root cause analysis and remediation.
• Stay current with emerging security trends, technologies, and regulatory changes.
• Report on security metrics and provide updates to senior management and the Information and Privacy Governance Committee.

Other responsibilities

• Responsible for the development and maintenance of disaster recovery and business continuity plans and table top exercises.
• Responsible for regular security reviews and risk assessments to identify and address potential security weaknesses.

Requirements

Education and Experience:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Certified Information Systems Security Professional (CISSP) or other relevant certifications.
• Minimum of 3 years of experience in information security management or a related role.

Skills and Competencies:

• A solid understanding of cybersecurity principles, network security, encryption, and vulnerability management
• Strong understanding of risk management framework and ability to identify, assess, and mitigate risks to the organization's information assets.
• Ability to develop and implement long-term security strategies that align with the organization's goals.

Preferred Qualifications (Optional)

• Strong knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001, AICPA Trust Services Criteria) and regulatory requirements.
• Be a self-starter and take ownership of initiatives.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders.
• Proven leadership abilities and experience in managing security team.
• Having IT Operational experience is a bonus.

Work Environment (Optional)

• CMiC has a hybrid work environment. Successful candidate is expected to be in the office one to two days a week.

Benefits

• Competitive benefits Package (including Health & Dental benefits)
• Paid vacation and personal days
• Townhall meetings where all employees are encouraged to participate in open discussions
• Located on York University’s campus, easily accessible by transit (TTC, GO, etc.), walking distance to shopping and restaurants
• Outdoor lunch space, including picnic tables
• An active Social Events Committee (past events include annual seasonal parties, pool and bowling tournaments, karaoke nights, Game nights, BBQs, and more)
• Health and Wellness focus including virtual yoga classes and wellness webinars
• RRSP Matching Program after 2 years of employment
• Experience in a rapidly growing, socially responsible corporation

CMiC is an Equal Opportunity Employer. In accordance with the Accessibility for Ontarians with Disabilities Act, 2005 and the Ontario Human Rights Code, CMiC will provide accommodation to applicants with disabilities throughout the recruitment, selection and/or assessment process. If selected to participate in the recruitment, selection and/or assessment process, please inform Human Resources staff of the nature of any accommodation(s) that you may require.