New Job Chief Information Security Officer In Quebec

WHAT TO EXPECT

As the Information Security Manager, your mandate will be to define the cybersecurity strategy in order to meet the organization's challenges and to comply with the regulations in effect in the countries where Soucy companies operate.

You will also have to work in close collaboration with the different existing IT teams in the Soucy subsidiaries by integrating the best cybersecurity practices in the organization's way of doing business.

Here's an overview of your tasks:

• Define the strategic cybersecurity axes and objectives and have them validated by the executive committee
• Identify security issues, major security risks to the organization, and legal and regulatory compliance requirements
• Define the cybersecurity organization and the strategy for compliance with the legal and regulatory framework
• Develop an annual or multi-year action plan
• Build an investment policy with respect to security objectives
• Evaluate the level of security within the organization, in particular through periodic audits and permanent controls
• Manage the implementation of the organization's IT security charter and promote it to all users
• Contribute to answering the requests of the organization's clients and partners on security aspects
• Act as an advisor to the Executive Committee and the organization's business lines
• Represent the organization in relations with regulatory authorities
• Leading and supporting the Cybersecurity COE throughout the organization
• Be part of the crisis team in case of an incident

WHAT WE’RE LOOKING FOR

• At least 10 years of experience in risk management, information security and IT, with at least 3 years in a leadership role
• Professional certification in security management, such as Certified Information Systems Security Professional (CISSP) (asset)
• Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar designation (asset)
• Good knowledge and experience in implementing secure architectures in all types of cloud service environments (e.g. public, private, hybrid.)
• Excellent communication and influencing skills
• Legal knowledge of IT law related to cybersecurity and data protection
• Knowledge of governance, norms and standards in the field of security: NIST norms (800.171), DFARS norms, ISO norms (2700X), ...
• Ability to work transversally within the organization
• Bilingualism (French and English)
• Experience with agile methodologies (Scrum and Kanban) - (asset)

WHAT WE HAVE TO OFFER

• Permanent full time daytime position Monday to Friday
• Flexible schedules that allow you to balance your work and your personal life
• Possibility of telecommuting
• Group insurance (different plans adapted to your needs)
• RRSP with employer contribution
• Employee and family assistance program (EAP)
• Social activities