Information Systems Security Manager
About The Position
This is an opportunity in the exciting and fast-growing transportation technology industry. Public transit is being transformed from a system of static, scheduled fixed-routes, to a dynamic on-demand network, and you will be one of the pioneers shaping this transformation. The Information Systems Security Manager will be responsible for protecting RideCo’s data and IT infrastructure by designing, implementing, maintaining, and enforcing security policies and protocols. Key responsibilities include monitoring systems, performing risk assessments, ensuring regulatory compliance (NIST, SOC2, GDPR, HIPAA), and leading incident response efforts to mitigate threats.
Requirements
- Bachelor’s degree in Cybersecurity, IT or related field
- 5+ years of related experience
- Certified Information Systems Security Professional (CISSP)
- Proficient understanding of network infrastructure, firewalls and compliance frameworks
- Experience in coordinating with IT teams
Responsibilities
- Developing and enforcing comprehensive security policies and procedures, ensuring they align with business objectives and legal compliance.
- Own and maintain the organizational security roadmap using NIST SP 800-53 and NIST CSF 2.0, ensuring all security controls map directly to business risk and operational resilience.
- Lead the strategy and annual audit for SOC2 type 2 certification and compliance (including all Trust Services Criteria - Security, Availability, Confidentiality, Processing Integrity, Privacy), and RideCo’s Privacy Program.
- Conducting regular threat assessments, vulnerability scanning, and audits to identify weaknesses and implement countermeasures.
- Develop and enforce governance policies for the secure adoption of AI.
- Monitoring network traffic, firewalls, endpoints, and data systems for suspicious activity.
- Conduct reviews and provide feedback on contracts, RFPs, security questionnaires, and ensure existing program components are regularly reviewed and functioning according to their criteria.
- Establish and maintain agency-based security and privacy procedures to ensure consistent security hygiene across all departments and platforms.
- Leading efforts to identify, contain, and remediate security breaches or attempts.
- Overseeing security awareness programs to train staff on cybersecurity best practices.
- Implement specialized training to protect employees against evolving AI-generated threats, including deepfake audio/video scams and sophisticated phishing.
- Overseeing the deployment of security technologies, including encryption tools, antivirus software, and access controls.
- Assessing the security protocols of third-party vendors.
Benefits
- Base Salary: $120k - 150k
- performance-based bonus
- stock options
- Flex-time work schedules
- vacation time
- bi-weekly catered lunches
- social events
- casual dress code
- Medical, dental, prescription, life/health spending accounts
- Continuous education
- certification maintenance
- attending conferences
- Complimentary rides to and from work in Waterloo Region
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
