Manager, IT Controls

Location Oakville
Discipline: InfoSec & Cyber Security
Contact name: Rob Halick

Contact email:
Job ref: 521
Published: 8 months ago

Our Client, the National leader in their industry, is seeking a talented IT Controls Manager to join their growing Information Security Team and help lead a rapidly evolving vulnerability management program.  This is a full-time permanent opportunity based in the west-end Greater Toronto Area (GTA). We have worked extensively with this Client for 15+ years and have received excellent feedback from those candidates whom we have successfully placed. Please contact us to learn more.

This multi-faceted role will expand your exposure to security functions while leveraging your leadership skills. To be successful, you will execute process in the defined responsibility areas while identifying and executing process/procedure improvements. Your 5-7 years’ experience in the security field will include one or more of the following key areas; Vulnerability management, IT Risk management or Security Awareness Training.

As a Manager, IT Controls


  • The Information Security team oversees a robust vulnerability management program that covers all aspects of the technical stack. You will assume a leadership role for the program supported by the key technical stakeholders while leveraging your IT risk management responsibilities to deliver secure and cost effective solutions. This will include establishing and executing an improvement plan aligned with the key contributors and stakeholders.

  • Working directly with the CISO, you will have direct input into the IT and Enterprise risk management strategy, responsible for the process outcome leveraging an industry accepted framework. You will organize and execute the process/procedures to ensure the organization deals effectively with both current and emerging risk.

  • Assume ownership of the security awareness/training program. Using an industry leading solution, you will work with key stakeholders to review training titles, define and execute the training schedules strengthening the security culture. This responsibility will include social engineering testing strategies and evolving techniques.

  • Working directly with the Business Continuity and Disaster Recovery program manager, you will provide support to the program by maintaining the DR Site, which includes liaison with change management, issue resolution, task scheduling / management, and coordination of testing activities.

  • Oversee the quarterly access reviews along with assuming responsibility for executing some of the access reviews. Additionally, work with the Identity and Access Management team to improve the outcome through automation.  


  • An educational background in Information Security or other related technology based educational programs at the college or university level.

  • Certification in one of the following; CISSP, CRISC or CISA

  • Minimum five years’ experience in an information security role covering one or more of the defined responsibilities.

  • Excellent, demonstrated written and verbal communication skills.

  • Proficient in use of Microsoft Office products (intermediate or Word and Excel).

  • Proven working experience in project management (coordinating  tasks and resources).

  • Proven experience with simple data sets and providing simple data analysis using tools such as Excel.

  • Demonstrated ability to identify opportunities and execute solutions to continually improve the programs under your care.

  • Technical knowledge of server / network environments, processes to reduce vulnerabilities and restore the environment to its working state (backup / replication).