Security and Compliance Manager
Updated on 2/9/2024
Winnipeg, MB, Canada
Experience Level
Desired Skills
Development Operations (DevOps)
IT & Security
  • Minimum 3 years of experience in a compliance and/or cybersecurity role
  • Bachelor’s degree or equivalent in Information Technology, Cybersecurity, or a related field
  • Possession of professional certifications related to cybersecurity, compliance, and risk management (e.g., CISM, CISSP, CISA) is considered an asset
  • Technical and problem-solving skills in the context of IT Service Management (ITSM) or ITIL are considered an asset
  • Deep understanding of IT security principles, risk management, and product lifecycle
  • Act as a subject matter expert for cybersecurity and compliance projects
  • Oversee the execution of the cybersecurity roadmap and governance framework
  • Conduct internal audits and risk assessments
  • Collaborate with various departments to integrate compliance controls into operational processes
  • Plan and execute security activities, including cybersecurity awareness training, tabletop exercises, DR tests, penetration tests, etc.
  • Establish and execute processes for security events, ensuring timely response, investigation, containment, reporting, and continuous improvement
  • Collaborate with DevOps teams to integrate automated security tools into the CI/CD pipeline
  • Perform Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA)
  • Review security scan results, prioritize vulnerabilities using a risk-based approach, and collaborate with development teams for resolution
  • Evaluate application architecture for security issues and flaws, addressing concerns such as network security, IAM misconfigurations, encryption, and key management
  • Assess the effectiveness of Identity and Access Management (IAM) controls, access controls, and user management processes
Desired Qualifications
  • Ability to learn and translate technical issues into a business risk context
  • Demonstrated proficiency in presentations and status reporting
  • Strong administrative and organizational skills
  • Talent to promote collaboration between stakeholders, solve problems, achieve objectives, meet schedules, improve efficiencies, exercise good judgment, and communicate clearly
  • Proven experience in managing compliance within technology and software development environments