Skip to main content
Back to jobs

Team Lead, Information Security & Risk Management

External
Indigobooksmusic logoIndigobooksmusic · Toronto, Canada
Full-timeOn-site3d ago
AzureCloud SecurityComplianceDocumentationIAMIncident Response
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


Benefits

Flexible schedule

Additional Information

The Information Security Lead provides cybersecurity expertise across Security Awareness, Identity and Access Management (IAM), Cloud Security, Security Risk Assessments, and Security Projects. The role works closely with business and IT teams to identify and manage security risks, support the implementation of security controls, and ensure security requirements are considered in new technologies and projects. As a senior member of the Information Security team, the position serves as a trusted advisor, providing guidance and support to help protect the organization while enabling business objectives. KEY PERFORMANCE METRICS High completion rates for enterprise security awareness training and positive phishing simulation metrics. Successful design, implementation, and management of Identity and Access Management (IAM) controls, including Azure PIM and PAM. Timely completion of security risk assessments for new technologies, applications, and vendors. Strong cloud security posture maintained across Azure and SaaS environments. Successful support of PCI DSS compliance activities and audits. KEY ACCOUNTABILITIES Strategic Act as the security representative on business and technology initiatives, serving as a trusted advisor to protect the organization while enabling business objectives. Lead and support cybersecurity projects from planning through implementation, ensuring security requirements are incorporated into project designs and deployments. Coordinate with internal stakeholders, vendors, and consultants to deliver strategic security solutions. Functional System Inventory: Maintain an accurate and up-to-date inventory of critical information systems and data assets to support risk assessments, compliance audits, and continuous security monitoring. Risk Management: Support the cybersecurity IT risk management framework by identifying, quantifying, and mitigating cybersecurity risks across corporate, retail, and e-commerce environments. Maintain the IT risk register and facilitate data-driven risk decisions to prioritize remediation efforts. Security Awareness: Manage the enterprise security awareness and phishing simulation program. Develop and deliver security awareness campaigns and communications. Monitor training completion and phishing metrics. Support security culture initiatives across the organization. Identity & Access Management (IAM): Support the design and implementation of Identity and Access Management controls. Manage and improve processes related to user access, privileged access, and multi-factor authentication. Lead IAM initiatives, including Azure PIM and Privileged Access Management (PAM) projects. Collaborate with IT teams to strengthen identity governance and access controls. Conduct periodic access reviews of access to critical information systems. Disaster Recovery: Participate in the development, testing, and execution of disaster recovery procedures and business continuity plans to ensure the resilience and availability of critical information assets and systems. Tabletop Exercises: Facilitate cross-functional incident response and disaster recovery tabletop exercises to validate playbooks, evaluate organizational readiness, and identify actionable improvements. Cloud Security: Support the implementation and operation of cloud security controls across Azure and SaaS environments. Review cloud solutions and provide security recommendations. Participate in cloud security assessments and remediation activities. Work with internal teams and service providers to improve cloud security posture. Security Risk Assessments: Conduct security assessments for new technologies, applications, vendors, and business initiatives. Identify security risks and recommend appropriate mitigating controls. Review solution designs and architectures from a security perspective. Support risk management activities for strategic business and IT projects. Security Operations & Incident Response: Support investigation and remediation of security incidents. Participate in incident response activities and lessons learned reviews. Work with managed security providers and IT teams to address security issues. Support continuous improvement of security monitoring and response processes. Compliance Support: Support PCI DSS compliance activities, audits, and assessments. Assist with security documentation, evidence collection, and remediation efforts. Collaborate with governance, risk, and compliance teams on security initiatives. Vendor & Solution Reviews: Participate in vendor security reviews and product evaluations. Support RFPs and selection of security technologies and services. Review vendor security documentation and recommend security requirements. People Supports the creation and maintenance of a talent succession plan Collaborate with others to drive flexible and iterative solutions, quickly and easily Share technical knowledge with others and actively seek to learn from those more knowledgeable than yourse


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Indigobooksmusic? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect