Information Security and Compliance Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field desired or equivalent experience.
• 6 or more years of experience in data analytics roles, information security, compliance, or risk management.
• Understanding of safe and compliant handling practices of sensitive information and technology, including but not limited to, PROTECTECTED, CLASSIFIED, CGP CUI, ITAR, EAR
• Strong knowledge of data protection laws and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST).
• Ability to work in a team-oriented environment and with minimum supervision.
• Must be dead-line oriented and flexible and be able to work under pressure.

Nice To Haves

• Relevant certifications (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer) preferred.
• Good understanding of space technology would be a definite asset.
• Bilingual (Asset)

Responsibilities

• Develop and maintain information security policies, standards, and procedures.
• Lead the implementation of data protection and compliance programs (e.g., GDPR, HIPAA, ISO 27001).
• Conduct regular risk assessments and audits to identify vulnerabilities and ensure compliance.
• Collaborate with IT, Legal, HR, and other departments to ensure security and compliance are embedded in business processes.
• Manage incident response planning and execution, including breach investigations and reporting.
• Provides tactical and operational stewardship of data assets, managing security, retention, and technical access controls to ensure data is handles in accordance with standards, policies, and regulatory requirements.
• Provide training and awareness programs to promote a culture of security and compliance.
• Oversee vendor risk management related to data security and privacy.
• Prepare and present reports to senior leadership on compliance status, risks, and mitigation strategies.
• Provide classification assessments based on company standards and information about the data provided by data owners.
• Provides regulatory interpretation, risk guidance and policy constraints for data use, advises on compliance implications
• Works closely with MDA Space’s security team and cyber-security to ensure adherence to complex data management programs such as Canada’s CPCSC and US’s CMMC
• Communicate with multiple departments, ex. Program managers, IP, data owners, engineering, CADM. to obtain necessary information to support and document data handling.
• Acts as Alternate Security Officer, (ACSO) and Designated Official (DO) to support data access control related functions under the Controlled Goods and Contracts Security programs.
• Provide training to different members of the teams involved in data-management efforts as well as multiple users
• Report risks to Senior management on a periodic basis highlighting any issues along with strategies for risk mitigation.
• Liaise with and support al MDA Space’s Locations on all tasks in this job description.
• Support with internal audits and compliance investigations

Benefits

• MDA provides competitive compensation and benefits packages for its employees at all locations.
• As a team member of MDA, you and your qualified dependents are eligible to participate in a benefit plan that ensures a comprehensive level of protection through competitive health care including; extended healthcare and flexible drug plans, dental and vision benefits, disability income protection, life insurance, group retirement savings plans; and an employee and family assistance program.