Information Security Lead

04th February, 2025

Position: Information Security Lead

Location: Toronto, Ottawa, Edmonton, Calgary, Vancouver (Hybrid: 1 day/week in-office)

Employment Type: Full-Time

Compensation Range: $125,000-$135,000 per year

Benefits: Comprehensive benefits package with 2-6% RRSP matching (depending on location)

Vacation: 15 + 5 personal days

Start Date: ASAP

About the Role: OpenTrust Consulting is seeking an experienced Information Security Lead to join our growing team. This role is ideal for a candidate with a strong engineering background who has transitioned into a leadership position. As the Information Security Lead, you will be responsible for overseeing security systems, leading a small team, and ensuring the protection of critical enterprise systems in both cloud and on-premise environments. This is a hands-on managerial position with a focus on standards, incident management, vulnerability management, and compliance. The role also includes direct client engagement, especially in risk assessments and RFP reviews.

Key Responsibilities:

• Security Operations & Incident Management: Oversee the implementation and configuration of security technologies, manage incident response processes, and ensure proper documentation and reporting. Lead the security operations team to ensure continuous improvement of incident management and streamline processes.
• Vulnerability Management: Lead the identification of security vulnerabilities, provide recommendations for compensating controls, and work with IT stakeholders to resolve issues. Guide the team in performing security assessments and penetration testing.
• Data Governance & Compliance: Ensure that information security policies, frameworks (e.g., ISO 27001, NIST), and controls are followed. Manage data classification audits, ensure data integrity across systems, and develop policies to maintain compliance.
• Team Leadership: Manage a team of 3 Information Security professionals (Operations worker, Governance and Risk worker, Engineer). Lead by example in fostering collaboration and best practices across the team.
• Client Interaction & Risk Assessments: Conduct client-facing risk assessments, support RFP reviews, and collaborate with stakeholders to align security responses with business needs.
• Continuous Improvement: Evaluate emerging threats, provide strategic recommendations, and continuously improve security measures to protect enterprise systems.

Qualifications:

• 6+ years of experience in an Information Security role, with at least 1-2 years of management or lead experience, preferably in a professional services environment (e.g., Deloitte, Accenture, CGI, or similar).
• Strong background in security technologies, with experience in MS Sentinel, MS Security Suite, and tools like Defender for Endpoints, Defender for Identity, and Azure Cloud.
• Proficient in conducting client risk assessments and supporting RFP reviews.
• Experience in Data Loss Prevention (DLP) and managing third-party security partnerships.
• In-depth understanding of cloud computing, architecture patterns, and security frameworks (ISO 27001, NIST, etc.).
• Strong incident management experience and familiarity with frameworks like MITRE ATT&CK.
• Experience writing Standard Operating Procedures (SOPs), particularly for system deployment and incident response.
• At least one relevant certification, such as CISSP, CISM, or certifications from GIAC/ISACA.
• Post-secondary education in Information Technology or a related field, or 8+ years of experience in designing, developing, and maintaining cybersecurity solutions