Job Description:
We are seeking a seasoned and strategic Senior Manager, Information Security & Control to lead and strengthen our cybersecurity, IT risk, and compliance initiatives. In this leadership role, you will oversee the development and execution of security governance, risk management, internal control frameworks, and compliance programs across a portfolio of client environments.
As a key advisor to executive stakeholders, you will be responsible for delivering secure, compliant, and resilient information systems by driving the alignment of cybersecurity practices with business goals, regulatory mandates, and industry standards.
________________________________________
Key Responsibilities:
1. Enterprise IT Risk Assessment & Control Framework Oversight
• Lead the identification, evaluation, and mitigation of IT and cybersecurity risks across infrastructure, applications, and data assets.
• Define and manage control frameworks to address key risk areas, especially in cloud, hybrid, and multi-tenant environments.
• Conduct executive-level risk assessments and deliver control strategies to reduce vulnerabilities and ensure operational integrity.
• Oversee business impact analyses, risk appetite assessments, and the integration of risk controls into broader IT governance.

2. Security Operations & Incident Oversight
• Provide strategic direction and oversight to Security Operations Center (SOC) activities and security monitoring initiatives.
• Lead high-severity incident management efforts, ensuring timely escalation, communication, and root cause analysis.
• Evaluate detection and response capabilities, and implement enhancements for real-time threat intelligence and response workflows.
• Define SOC performance metrics and ensure adherence to service-level agreements and best practices.

3. Compliance Management & Regulatory Alignment
• Lead enterprise compliance efforts with international and local regulations (e.g., GDPR, Law 25, PIPEDA, ISO 27001, PCI-DSS).
• Develop and maintain governance models, internal controls, and audit mechanisms to ensure regulatory readiness.
• Manage client-facing and internal audit engagements, ensuring timely resolution of compliance gaps and issues.
• Act as a strategic liaison between technical teams, compliance officers, and legal counsel.

4. Data Privacy & Protection Governance
• Oversee the design and implementation of robust data protection programs, including encryption, anonymization, and access controls.
• Ensure organizational adherence to privacy laws through formal policies, data protection impact assessments (DPIAs), and secure data lifecycle management.
• Collaborate with Data Protection Officers (DPOs) and client stakeholders to operationalize privacy-by-design principles.

5. Crisis Management & Business Continuity Leadership
• Lead enterprise crisis response planning and business continuity initiatives, including scenario testing and tabletop exercises.
• Provide senior guidance during major cybersecurity incidents or breaches, ensuring minimal business disruption and timely recovery