Bird Construction is a leading general contractor in Canada with a long history of service that has offices from
coast to coast. Bird’s clients include leading firms in the commercial, institutional, retail, multi-tenant residential,
industrial, mining, water and wastewater, energy and civil sectors. Today, Bird is a publicly traded corporation
with employees forming a significant shareholder group. This enhances the degree to which employees at all
levels commit to their clients. A hands-on approach to the business has given Bird an edge in being able to
make decisions quickly and to adapt to the requirements of their clients.
Reporting to the Vice President of Information Technology, the Information Security Manager is responsible for establishing and maintaining an enterprise-wide Information Security management program to ensure that Bird's information assets are adequately protected. This role includes establishing, meeting, and continuously monitoring the Information Security goals and objectives, while maintaining alignment with the strategic business goals and priorities of Bird. This position is responsible for identifying, evaluating and reporting on Information Security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company.
The Information Security Manager is an advocate for Bird's Information Security needs, and is responsible for the development and delivery of a comprehensive Information Security strategy and framework to optimize the security posture of the organization. The Information Security Manager is responsible for strategic direction, planning, and implementation of the firms IT systems, business operation, and facility defenses against security breaches and vulnerabilities. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other Bird leaders to set the best balance between security strategies, and the company’s key business objectives.
This role requires the setting of Information Security policy and the coordination of Information Security efforts across Bird which is comprised of 12 Canadian locations and over 1,200 employees.
This position is a member of Bird's Information Steering Committee, as well as being a member of Bird's IT management group.
The ideal candidate will be strategic, skilled in Information Security management, highly collaborative and motivated to lead an organization providing important services intended to advance the enterprise Information Security program. Excellent communication skills and the ability to build strong relationships both internally and externally will be critical to this highly visible role. The Information Security Manager must demonstrate the ability to manage complex working relationships with Bird's Executive Leadership Team, the Information Technology Leadership Team, the Board of Directors, Infrastructure team, along with, local and national cybersecurity organizations, outside regulators, and function as a consensus builder while interacting with various workgroups and stakeholders.
Manage company-wide Information Security governance processes, and facilitate the Information Security Steering Committee
Mentor the Information Security Organization team members and implement professional development plans for all members of the team
Stay abreast of Information Security issues and regulatory changes affecting the construction industry, participate in company policy and practice discussions, and communication to the business lines on a regular basis about these topics
Engage in professional development to maintain continual growth in professional skills and knowledge is essential to the position
Establish annual and long-term security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements
Develop a strategy for dealing with increasing number of audits, compliance checks, and external assessment processes
Examine the impacts of new technologies on the company's overall Information Security architecture
Establish processes to review implementation of new technologies to ensure security compliance
Establish an outcomes-based Security Awareness & Training program that aligns with company wide policies, tracks compliance, and measures the effectiveness of t he training based KPIs; develop specialized training for roles including privileged users, executive staff and developers, and handling of highly guarded information
Formally define and publish Data Protection standards for data classification (including High Value Assets and Personally Identifiable Information), encryption, cloud security, corporate and personal device security, and use of social media
Mandate the engagement of the Information Security function in governance, business architecture, vendor management, and technology & data projects at the onset
Align cyber and Information Security risk management activities with the company's Risk Framework; and, formally define Information Security processes, roles, responsibilities, and oversight of risk acceptance for the company
Maintain playbooks and policies, and provide leadership to the company and the IT department during Information Security incidents and breaches
Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure Information Security and compliance with relevant legislation and legal interpretation
Work with Internal & External Audit, Regulators, and outside consultants as appropriate on required security and compliance assessments and audits
Develop, implement, and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk
Formalize the policy and processes for vulnerability management with criteria for vulnerability critically and remediation prioritization; application, network, and mobile device vulnerability assessment; and, defined SLAs for patching and remediation
Build a comprehensive Asset Management program with standard operating procedures that includes a centralized asset management tool, and criteria to rate the criticality of assets
EXPERIENCE AND SKILL SET
Extensive (5-10 years desired) executive leadership experience with the Information Security areas of organization oversight and management
Demonstrated ability to lead and manage major organization transitions and transformations
Demonstrated experience working with leadership and senior executives in a complex organization along with its business partners
Strong working knowledge of relevant laws, regulations, and standards relating to Information Security within the construction industry including PIPEDA, GDPR, etc.
Demonstrated ability to engage and influence a broad range of internal stakeholders including human resources, information technology, legal, compliance, and senior management
An advanced knowledge of Information Security technologies including those required to deter, prevent, respond, and remediate Information Security threats
Proven analytical and problem-solving abilities
Strong written, oral , and interpersonal communication skills
Construction or professional services industry experience would be an asset
Experience in facilitation of crisis management scenarios
Understanding of Information Security software vendors and productions is a significant benefit in achieving success in this position
Demonstrated technical implementation experience
Experience with and knowledge of current cloud platforms
Proven experience with latest Information Security technology, and ability to stay up to date with technology trends
Deep understanding of Information Security threats, trends, controls, and proven experience in running enterprise-grade security systems
Strategic and innovative thinking - this role will maintain the Information Security & Information Risk Management strategic roadmap and accompanying implementation strategy
Experience in leading strategic planning and visioning efforts in order to direct the company's focus and project investments
A Bachelor's Degree is required. An advanced degree in Information Security, Computer Science, or MBA is preferred
One or more of the following certifications are desired: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)