IT Security Manage r (program ownership + people leadership) Location : Southwestern Ontario Work model: 3/2 hybrid (3d/w onsite) Salary: depends on expertise level (base +plus benefits and other perks) Interview process : 2 rounds/ onsite in London Main Deliverables Enterprise security and risk management program ownership Consistent, repeatable InfoSec processes and controls Effective leadership of security operations and risk team (4-6 people) Technical Stack (this is NON-technical role, but requires proven experience with the following technologies ): GRC & risk frameworks: SIG , PCI DSS, HIPAA, GDPR Privacy & risk tooling: BitSight (PIAs) , third‑party risk platforms Security operations: SIEM , SOC monitoring, incident response Security domains: IAM, encryption, network security, vulnerability management Audit & assurance: internal audits, penetration testing, compliance reviews Regulated environments: Financial Services, Legal Requirement: Strong InfoSec process experience and people management skills Experience operating in highly regulated environments (e.g., Financial Services, Legal) 10+ years of Information Security experience 3+ years leading and managing an Information Security or Risk Management team(s) Hands‑on experience conducting GRC assessments using the SIG framework Experience completing Privacy Impact Assessments (PIAs) leveraging BitSight SOC monitoring and SIEM oversight experience Preferred certifications: CISSP, CISA, CRISC; IAPP certifications considered an asset Post‑secondary degree in Computer Science or equivalent combination of education and experience Responsibilities Own and operate the organization’s information security and risk management program Establish, document, and continuously improve InfoSec processes, controls, and governance models Lead, coach, and manage a team of information security and risk professionals Plan, execute, and oversee GRC assessments using the SIG framework Oversee Privacy Impact Assessments (PIAs) and privacy risk management activities using BitSight Manage SOC monitoring, SIEM operations, and security incident response workflows Define, maintain, and enforce information security policies and standards Coordinate internal and external audits, penetration testing, and remediation efforts Partner with IT, Legal, Risk, and business leaders to integrate security into enterprise processes Measure, report, and communicate security and risk posture to senior stakeholders