Position: Senior Manager, Information Security & Compliance (CISO) Location: Markham Details: Full-time, hybrid *No contractors, and no full-remote work* The Company: Founded over 100 years ago in 1921, Black & McDonald is an integrated, multi-trade service provider that safely delivers high-quality construction, facilities management, and technical solutions to government, institutional and industry clients. We are a forward-thinking organization with a strong track record of delivering customer-focused solutions and operational excellence. Position Overview: Reporting to the CIO and collaborating closely with the senior leadership, the Manager Information Security & Compliance (IS&C) is accountable for the enterprise information security program and related compliance and governance structures The Manager, IS&C ensures security programs are in place to mitigate cyber risks, comply with regulatory requirements and to respond to incidents if/when they occur. In this position you will manage an IT team responsible for implementing programs as well as day-to-day security operations. Key Accountabilities: + Leads information security and compliance function. + Develops and implements information security management program in accordance with recognized security and technology governance frameworks such as CIS, ISO and COBIT and in alignment with business priorities. + Collaborates with the CIO and other senior executives and officers to provide leadership, operational expertise and strategic direction to the organization and all operational teams. + Reviews IT and security governance structures, processes, & procedures to prevent security breaches, major incidents, and non-compliance with regulatory requirements. + Monitors and conducts ongoing assessments of security standards necessary for breach prevention, detection, and remediation. + Assesses security infrastructure, cloud environments, including access management, firewall protection, and vulnerability assessment and testing and makes recommendations for improvement. + Provides reports to executive management and other stakeholders on IT and security matters, + Delivers user education programs on security to support compliance objectives and improve security awareness. + Implements security incident response plans and serves as the response lead during incidents. + Facilitates development of IT and security policies, standards and procedures and performs ongoing assessments to ensure continuous improvement and reports on compliance. + Contributes to the business strategies and plans, bringing security and governance expertise; ensures the security strategies align with the company's strategic goals. + Provides mentorship, staff development and participates in succession planning. + Coaches and develops team members on risk management. + Manages other initiatives as required. Education and Qualification Requirements: + Post-secondary education in IT or a suitable combination of education and experience. + Industry certifications such as CISSP, CCSP, CISA, CISM or similar are expected. + Knowledgeable in frameworks such as COBIT 5, ISO 27002, and ITIL and using these to assess and address IT governance and control gaps in organizations. + Ability to develop policies and procedures relating to IT/security governance and educate IT colleagues on governance and controls issues, particularly segregation of duties, documentation standards required, audit logs and audit trails, etc. + Proven experience in overseeing/developing IT security architecture and security improvement roadmaps. + Experience with cloud computing environments + Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management. + Ability to keep current with IT security developments and vulnerabilities. + Proven experience in relationship and stakeholder management. + Ability to obtain background checks and disclosure of personal and financial information if needed for access to restricted parts of our IT infrastructure. Black & McDonald welcomes and encourages applications from persons with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the recruitment and selection process. #L!-CO1