Senior Information Security & Control Manager

Key Responsibilities:

Enterprise IT Risk Assessment & Control Framework Oversight

• Lead the identification, evaluation, and mitigation of IT and cybersecurity risks across infrastructure, applications, and data assets.
• Define and manage control frameworks to address key risk areas, particularly in cloud, hybrid, and multi-tenant environments.
• Conduct executive-level risk assessments and deliver control strategies to reduce vulnerabilities and ensure operational integrity.
• Oversee business impact analyses, risk appetite assessments, and integration of risk controls into broader IT governance.

Security Operations & Incident Oversight

• Provide strategic direction and oversight to Security Operations Center (SOC) activities and security monitoring initiatives.
• Lead high-severity incident management efforts, ensuring timely escalation, communication, and root cause analysis.
• Evaluate detection and response capabilities and implement enhancements for real-time threat intelligence and response workflows.
• Define SOC performance metrics and ensure adherence to service-level agreements and best practices.

Compliance Management & Regulatory Alignment

• Lead enterprise compliance efforts with international and local regulations (GDPR, Law 25, PIPEDA, ISO 27001, PCI-DSS).
• Develop and maintain governance models, internal controls, and audit mechanisms to ensure regulatory readiness.
• Manage client-facing and internal audit engagements, ensuring timely resolution of compliance gaps and issues.
• Act as a strategic liaison between technical teams, compliance officers, and legal counsel.

Data Privacy & Protection Governance

• Oversee the design and implementation of robust data protection programs, including encryption, anonymization, and access controls.
• Ensure organizational adherence to privacy laws through formal policies, data protection impact assessments (DPIAs), and secure data lifecycle management.
• Collaborate with Data Protection Officers (DPOs) and client stakeholders to operationalize privacy-by-design principles.

Crisis Management & Business Continuity Leadership

• Lead enterprise crisis response planning and business continuity initiatives, including scenario testing and tabletop exercises.
• Provide senior guidance during major cybersecurity incidents or breaches, ensuring minimal business disruption and timely recovery.
• Evaluate and enhance continuity plans to account for evolving threats and operational dependencies.

Security Awareness, Training & Stakeholder Engagement

• Develop organization-wide training programs to promote security best practices and compliance awareness.
• Deliver executive workshops and functional team training on cybersecurity risks, policy compliance, and secure operations.
• Foster a culture of accountability and security ownership across business units and client organizations.

Strategic Threat Intelligence & Regulatory Monitoring

• Monitor emerging cybersecurity threats, evolving attack vectors, and global regulatory developments.
• Translate external intelligence into actionable internal strategies, technology investments, and control adjustments.
• Provide forward-looking guidance to leadership and clients to stay ahead of regulatory and technological shifts.

Reporting, Governance, and Executive Communication

• Oversee the creation of risk dashboards, compliance status reports, and security performance metrics for executive audiences.
• Present complex security and compliance concepts to senior stakeholders in a clear and actionable manner.
• Support board-level reporting and contribute to security strategy development in alignment with corporate objectives.