Information Security Governance Advisor
Canada
Full Time
3 hours ago
No Sponsorship
Key skills
CloudCyber SecurityRisk ManagementCollaborationRemote WorkOWASP
About this role
Role Overview
- Responsible for defining and implementing information security governance frameworks in accordance with international standards.
- Responsibilities include assessing risks related to the protection of sensitive information and developing appropriate mitigation strategies.
- Contribute to establishing an organizational security culture, including raising awareness and training staff on security best practices.
- Support organizational projects to ensure their compliance with recognized information security standards and practices.
- Prepare information security normative documents in compliance with recognized international standards and the organization’s contextual needs.
- Maintain a strong knowledge of major international information security standards, frameworks and references such as ISO 27000, COBIT, NIST SP 800, ITSG-33, PCI DSS, OWASP, MITRE ATT&CK, etc.
- Conduct compliance assessments of various services against recognized information security standards, guidelines and best practices.
- Lead activities for categorizing the client’s information assets.
- Inventory and assess the sensitivity of information across the organization’s information assets.
- Develop and define requirements related to information labeling/classification.
- Provide governance support to projects.
Requirements
- Degree: Hold a Bachelor’s degree recognized by the Ministry of Higher Education in Information Security, Risk Management, or a related discipline.
- Certifications: Hold at least one of the following certifications: CISSP, CISA, CISM, CEH, CRISC, ISO/IEC 27001 Lead Implementer, ISO/IEC 27001 Lead Auditor, OSCP, CCSK, ISO 27005 Senior Lead Risk Manager, ISO 27032 Senior Lead Cybersecurity Manager.
- Experience required: Minimum 5 years’ experience implementing governance frameworks and managing information security risks.
- Demonstrated experience delivering training related to the implementation of information security frameworks in complex environments.
- Participation in at least two large-scale engagements involving more than 500 users in the development of security policies and directives.
- Demonstrated IT experience in a regulated or public sector environment, including application of internationally recognized security best practices (ISO 27001, NIST).
- Experience deploying risk management software or security governance tools.
- Contribution to at least two system development projects in cloud or hybrid environments as the information security governance lead.
Tech Stack
- Cloud
- Cyber Security
Benefits
- A dynamic, supportive team culture based on trust and collaboration
- Flexible remote work environment
- Opportunity to contribute to large-scale technology projects
- Genuine opportunities for initiative, innovation and professional development