Job Title: Information Security Compliance Manager
Reports to: Chief Financial Officer and is a member of the Compliance and Security Governance Committee
Sigma Systems Canada LP, has achieved accredited certification to ISO/IEC 27001:2013, the international Information Security standard. This standard requires the whole company to act responsibly towards information security events and demonstrate its policies and processes meet the standards requirements, at all times. To this end, an Information Security Compliance Manager role is seen as key to the effective management of the company Information Security Management System (ISMS). This role will be the prime contact for all aspects of the ISO27001 standard and other related regulation adopted by the company over time.
The Information Security Compliance Manager is a highly motivated, collaborative, technically experienced and well-organized individual. This role will be in charge of the company-wide Information Security Management function, providing line management, leadership and strategic direction for the function and liaising closely with other managers. The purpose of the Information Security Management function, in turn, is to bring the organization’s information security risks under explicit management control through its ISMS.
The ideal candidate will also assist Sigma in driving its compliance and certification programs; leading efforts to produce actionable plans to meet the varying compliance requirements.
As an Information Security Compliance Manager, you will be working on an international team, being responsible for both internal and external customer-centered compliance efforts. This position may require international business travel.
ROLE AND RESPONSIBILITIES
- Provides leadership and strategic direction for the ISMS Compliance function; ranging from planning and assistance with budgeting, through to motivational and promotional activities
- Liaises with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Finance)
- Serves as the internal contact, supports ad hoc customer audits and completes security questionnaires and risk assessment requests.
- Leads the design, implementation, operation and maintenance of the Information Security Management System based on the ISO27000 series standards. Including its ongoing certification, plus incorporation of other related regulatory standards.
- Establishes and maintains a “Centre of excellence” on the Data Privacy regulatory needs. Offering internal management consultancy advice and practical assistance on Data Privacy matters.
- Interfaces with Sigma customers regarding potential compliance and security areas
- Interfaces with auditors and assessor organizations to facilitate compliance audits.
- Reviews and/or makes changes to existing policies and procedures for the general operation of the company and its compliance program to prevent illegal, unethical, or improper conduct.
- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
- Leads the internal and external ISMS audit processes, establishing the audit plan to ensure the ongoing certification against the ISO27001 standard, monitoring effectiveness of controls and agreeing corrective actions with the control owners and stakeholders.
- Designs and executes audit procedures to assess and measure company compliance with its security policies and procedures
- Reports on the overall effectiveness to the Compliance and Security Governance Committee on a regular basis, creating and communicating the action plans accordingly, liaising with the Certification bodies regarding timing and scope of the required external audits.
- Leads or commissions suitable information security awareness, training and educational activities
- Liaises with relevant parties to commission activities relating to contingency planning, business continuity management and IT disaster recovery.
EDUCATION AND EXPERIENCE
- University degree in a related discipline.
- At least 5-7 years of work experience in information security compliance management and/or related functions.
- Demonstrable extensive experience in implementing ISO27001 Information security management standard and have relevant qualifications such as ISO27001 Certified ISMS Lead Auditor or ISO27001 Certified ISMS Lead Implementer.
- Extensive hands-on experience writing policies and procedures.
- Solid working knowledge of IT security and privacy related rules and regulations. (ISC)² Information Security related certification is a definite asset.
- Excellent written and verbal communications skills.
- Strong background in MS Office, particularly in Word, Excel and PowerPoint.
- Ability to work independently