Information Security Officer (Full-Time, Temporary – Maternity Leave Coverage)

About The Position

Requirements

• Post-secondary education in Information Technology, Cybersecurity, Computer Science, or a related discipline, or an equivalent combination of education and experience.
• 5+ years of relevant experience in information security, IT risk, compliance, audit, governance, or a related field.
• Strong practical experience with ISO/IEC 27001:2022 and with operating and maintaining an ISMS.
• Experience developing, maintaining, and improving information security policies, standards, procedures, and governance documentation.
• Experience performing or coordinating security risk assessments, audit support, remediation tracking, and evidence collection.
• Knowledge of cloud and SaaS environments and common security controls.
• Strong written and verbal communication skills, with the ability to work effectively with technical and non-technical stakeholders.

Nice To Haves

• Experience with supplier security and third-party risk management (TPRM) processes is highly desirable.
• Experience using GRC, ISMS, and TPRM platforms or tools is desirable; familiarity with Optro (formerly AuditBoard) is an asset.
• Familiarity with GDPR, PIPEDA, PIPL, and other data protection requirements is an asset.
• Professional certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, or similar credentials are strong assets.

Responsibilities

• Maintain and improve Vecima’s Information Security Management System (ISMS) and support ISO/IEC 27001:2022 governance activities, including risk assessments, risk treatment tracking, control documentation, evidence collection, corrective actions, audit readiness, and follow-up on gaps.
• Coordinate periodic management reviews, policy and standards reviews, control updates, and related governance activities to support continuous improvement of the information security program.
• Maintain security metrics, dashboards, risk registers, and status reporting for leadership.
• Support and coordinate supplier security reviews, including due diligence, security questionnaires, risk assessments, remediation follow-up, and ongoing monitoring of higher-risk suppliers.
• Work with Supply Chain, Legal, internal business owners, and other stakeholders to ensure information security requirements are incorporated into supplier onboarding, contracting, monitoring, and offboarding processes.
• Use GRC, ISMS, and TPRM tools, including Optro (formerly AuditBoard), to manage security documentation, assessments, workflows, and evidence as applicable.
• Partner with internal stakeholders to define security requirements, assign action owners, track remediation, and escalate material security risks or unresolved issues as needed.
• Communicate security obligations, risks, and progress clearly to technical and non-technical audiences.
• Contribute to the development, implementation, and continuous improvement of the organization’s information security strategy aligned with business objectives.
• Stay current with emerging threats, security trends, and relevant technologies to help maintain an effective and practical security posture.
• Promote a strong culture of security awareness across the organization and support the delivery of effective security education and awareness activities.
• Support maintenance of the incident response plan and coordinate investigations, documentation, corrective actions, and follow-up activities related to security incidents.

Benefits

• competitive compensation and benefits package
• challenging work environment that supports skill development and career growth