Information Security Manager

About The Position

Requirements

• Bachelor's degree in information security, Computer Science, or related field.
• Certifications such as CISSP, CISM, or ISO 27001 Lead Implementer/ Auditor.
• 7+ years of experience in information security, cybersecurity, or risk management.
• Proven experience owning or significantly contributing to anorganization widesecurity program.
• Demonstrated experience managing audits from both sides: responding to enterprise client security reviews and audits of CarltonOne, and conducting or overseeing security assessments of third-party partners and suppliers, including defining baseline requirements and tracking remediation.
• Solid understanding of modern security principles across cloud, application, and enterprise environments.
• Workingproficiencywith security and GRC frameworks (ISO 27001, SOC 2, NIST CSF, CIS Controls) — able to apply them operationally, not just reference them.
• Working knowledge of privacy and data protection regulations applicable to a global B2B platform, including PIPEDA, GDPR, and provincial/state equivalents.

Nice To Haves

• Background in SaaS, technology platforms, orcloud basedenvironments strongly preferred

Responsibilities

• Own and evolve CarltonOne’sinformation security strategy, roadmap, and policies.
• Maintain and improve our security posture in alignment with recognized frameworks (e.g., ISO 27001, SOC 2, NIST).
• Lead internal risk assessments and security reviews across applications, infrastructure, andthird-partyvendors.
• Translate security risks into clear,business relevantrecommendations for leadership.
• Support and manage external audits, security certifications, and client security reviews.
• Partner with Legal and Compliance on privacy, data protection, and regulatory requirements (e.g., PIPEDA, GDPR).
• Overseethird-partyrisk management, including vendor assessments and security due diligence.
• Track, prioritize, and remediate security risks across the organization.
• Work closely with Engineering and IT teams to embed security into system design, development, and operations.
• Oversee controls related to: Cloud and infrastructure security, Identity and access management, Application security, Data protection and encryption, Endpoint and network security.
• Review and guide incident response playbooks and security tooling.
• Lead or coordinate response to security incidents, including investigation, containment, and remediation.
• Act as the primary security escalation point for critical incidents.
• Conductpost incidentreviews and drive continuous improvement.
• Build a strong security culture across CarltonOne.
• Develop and deliver security awareness training for employees.
• Act as an approachable security partner — enabling teams rather than blocking progress.
• Serve as the trusted security advisor to executives and senior leaders.
• Influence without authority, balancing risk, usability, and business priorities.
• Share securityexpertiseacross Engineering, IT, and business teams — elevating the organization’s overall security knowledge without a direct people management mandate.
• Represent CarltonOne’ssecurity posture in enterprise client meetings, RFP responses, and customer trust reviews — confidently speaking to our controls, certifications, and risk posture on behalf of the organization.

Benefits

• Competitive salary and benefits package.
• Health, dental, and vision coverage.
• 3 weeks’ vacation plus personal days.
• Access to our employee benefits portal for exclusive discounts.
• Monthly company-wide events, celebrations, and team activities.
• Bravo reward points program for recognition and appreciation.
• Convenient office location close to public transit.