O2E Brands is looking for an Information Security Manager (12 month Contract). This role is responsible for planning, implementing, and maintaining our cybersecurity strategies and programs, influencing the priority of security goals, risks, and plans across the organization. They have a strong understanding of cybersecurity frameworks, assessment processes, tools, and standards, as well as the ability to plan, manage, and communicate programs that align with the organization’s cybersecurity goals.
This role provides day-to-day oversight of security operations and risk management activities, while managing a team of contractors to ensure execution of security initiatives aligned with business and compliance requirements.
🏢 HYBRID WORK ENVIRONMENT
Our motto "It's All About People" drives us to create a hybrid work model that promotes collaboration, celebration, and connection, while giving you the flexibility to work where it makes sense for you.
- Vancouver-based and Toronto-based team members work in-office every other week (Tues–Thurs). Core attendance is required from 9 AM – 3 PM on these days to support business priorities.
💼 A DAY IN THE LIFE
- Lead and oversee the development and execution of enterprise-wide cybersecurity programs that align with the organization's goals and objectives.
- Ensure that all programs are in compliance with cybersecurity frameworks, assessment processes, tools, and standards by maintaining governance over assessment processes, control implementations, and compliance validation activities.
- Direct and manage multiple security initiatives and cross-functional projects, providing leadership to contractors and internal teams to ensure timely and successful completion.
- Communicate program performance, risks, and mitigation strategies to stakeholders, including both technical and leadership teams.
- Establish and maintain program documentation, including program plans, project plans, and roadmaps.
- Mentor and support technical teams and contractors by providing subject matter expertise and fostering professional growth through guidance, coaching, and accountability.
- Monitor industry trends and best practices to identify opportunities for improvement in our cybersecurity programs.
- Collaborate with other teams within the organization to ensure that cybersecurity considerations are integrated into all aspects of business operations.
- Champion ongoing internal security advocacy and awareness training.
- Assess security systems and test applications and infrastructure for vulnerabilities and seek improvements on a continuous basis.
- Develop Cybersecurity best practices and security standards for the organization.
- Direct the execution of vulnerability assessments and penetration testing across applications, systems, and infrastructure, ensuring findings are prioritized and remediated.
- Lead incident response and threat management coordination efforts, ensuring contractors follow escalation protocols, post-incident analysis, and continuous improvement.
- Evaluate, select, and manage security tools and vendor relationships, ensuring solutions meet evolving organizational needs and contractual expectations.
- Track key metrics and provide regular reporting on security posture, risk remediation efforts, and contractor performance to leadership and audit stakeholders.
🎯 WHAT YOU BRING TO THE TABLE
- Bachelor's degree or equivalent in Computer Science, Cybersecurity, or related field.
- At least 7 years of experience in cybersecurity, with at least 2 years of experience in management.
- Strong understanding of cybersecurity frameworks, assessment processes, tools, and standards, such as NIST, ISO, and CIS.
- Proven ability to plan, manage, and communicate security programs and projects, with experience delivering measurable outcomes aligned with risk management goals.
- Advanced technical expertise in cybersecurity, including knowledge of security technologies, practices, and principles.
- Excellent communication and interpersonal skills, with the ability to build relationships with stakeholders at all levels of the organization.
- Strong leadership and project management skills, with the ability to motivate and lead cross-functional teams.
- CISSP, CISM, or other relevant cybersecurity certifications are highly desirable.
- Vendor risk management and third-party cybersecurity assessments, including understanding contract security requirements and SLAs.
💰 COMPENSATION & BENEFITS
- Salary $159,000 to $185,000 (Actual salary offered will be commensurate with education, experience, and internal equity.)
- A Total Compensation Package designed to support your financial, personal, and professional well-being. This includes:
- Comprehensive Extended Health & Dental Benefits
- Generous Paid Time Off, including annual vacation and personal days
- Hybrid Work Environment, offering flexibility to work both remotely and from our corporate offices
- Speak to us to learn more about what we offer
📌 THE HIRING PROCESS
- Pre-Screen – Let’s talk about your experience, goals & excitement for this role!
- Interviews – Two or more interviews with different team members, including structured competency & scenario-based questions
- Presentation/Assessment
- References & Background Check
- We use audio recording transcription for our interview practices 🔊