Compliance & Audit Manager, Information Security

The Opportunity :

WSP is a global consulting firm assisting public and private clients to plan, develop, design, construct, operate and maintain thousands of critical infrastructure projects around the world.

WSP's Information Security Office (ISO) is responsible for the deployment and maintenance of the information security framework for both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

We are currently seeking an experienced Information Security Compliance and Audit Manager to lead the design, optimization, and implementation of our compliance program based on ISO27K. In this role, you will be responsible for WSP ISO27K certification program.

Your primary responsibilities will include overseeing the entire internal audit ISO27K lifecycle, from planning and scoping to execution and reporting, with a strong emphasis on identifying and mitigating security risks. You will collaborate closely with cross-functional teams, including IT, compliance, and risk management, to drive continuous improvement and ensure alignment with best practices (e.g : ISO 27001, NIST). Effective communication skills are essential to convey audit findings, provide actionable recommendations, and influence stakeholders to prioritize information security initiatives.

If you have excellent communication skills, a strong understanding of Compliance, and a passion for driving continuous improvement, we encourage you to apply for this pivotal role.

Why choose WSP?

• We value and are committed to upholding a culture of inclusion and belonging
• Our Flexible Work Policy - we recognize the importance of balance in our lives and encourage you to prioritize the balance in yours. We will support you on and off the job so you can be fully present in both your work and home lives.
• A Canadian success story - we're proud to wear the red and white of this beautiful country and show the world what Canada has to offer.
• Enhance the world around you - from the environment to the highways, to the buildings and the terrain, WSP is the fabric of Canada.
• Outstanding career opportunities - we're growing and pushing ourselves every day to be greater than yesterday - we're open to your ideas and trying new things.
• A phenomenal collaborative culture and a workforce filled with genuinely good people who are doing humbly important work. Come find out for yourself what it's like to be a part of our journey.

We offer attractive pay, flexible work options, a great corporate culture, comprehensive and employee-focused benefits including virtual healthcare and a wellness platform as well as great savings programs, and a clear vision for the future.

# WeAreWSP

What you can expect to do here :

• Audit Execution & Reporting: Review audit evidence across IT systems and processes as part of the ISO27K internal audit lifecycle, assess compliance with ISO 27001 requirements, and issue structured audit reports that highlight findings, recommend corrective actions, and support continuous improvement.
• Develop and Implement Audit Plans: Lead the development and implementation of comprehensive audit plans tailored to assess compliance with ISO27K and other best standards (i.e : NIST)
• Execute Audits: Lead and conduct audits of IT systems, processes, and controls to evaluate adherence to ISO27K requirements, ensuring the effectiveness and adequacy of information security measures.
• Provide Recommendations: Analyse audit findings and provide actionable recommendations to enhance information security posture, mitigate risks, and address any non-compliance with best standards ISO27K.
• Collaborate with Stakeholders: Collaborate closely with global and regional IT teams, business units, and other stakeholders to communicate audit objectives, gather relevant information, and foster a culture of continuous improvement in information security practices.
• Stay Current with Standards: Stay abreast of developments in information security best practices, industry standards, and regulatory requirements related to best standards (e.g : ISO 27001, NIST), and incorporate relevant updates into the audit program as needed.

What you'll bring to WSP :

• Minimum of combined 5-year specialization in compliance, audit, or risk management activities.
• Knowledge of, and experience with, current IT / Information Security / Governance frameworks (e.g., ITGC for 52-109, Sarbanes-Oxley, SSAE-18 SOC1 & SOC2).
• Knowledge of security technologies and best practices, pertinent regulation and legislation, risk management and operations with relation to systems, applications, network, and client setups.
• Proficient with MS Office and GRC tools (e.g., Service-Now IRM).
• Excellent written and verbal communication skills.
• Excellent interpersonal skills, including interfacing effectively with a broad range of people and roles, such as Regional Information Security Officers, Accounting / Finance, Internal Audit, Financial Compliance, and other corporate functions.
• Ability to work independently and as part of a team; and the ability to take initiative with minimal direction.
• Strong attention to detail and the ability to handle multiple tasks in a fast-paced environment.
• Possess strong time management to meet deadlines.
• Accommodation of schedule for international conference calls.

What sets you apart :

• Bachelor's degree in an IT, Computer Science / Engineering - or related field, or a similar level of training.
• Have obtained or be actively working towards obtaining a relevant professional certification (e.g., ISO 27001 Lead Auditor or ISO 27001 Lead Implementer are required).

#LI-Hybrid

WSP is one of the world's leading professional services firms. Our purpose is to future proof our cities and environments.

We have over 65,000 team members across the globe. In Canada, our 12,000+ people are involved in everything from environmental remediation to urban planning, from engineering iconic buildings to designing sustainable transportation networks, from finding new ways to extract essential resources to developing renewable power sources for the future.

At WSP :

• We value our people and our reputation
• We are locally dedicated with international scale
• We are future focused and challenge the status quo
• We foster collaboration in everything we do
• We have an empowering culture and hold ourselves accountable

Please Note :

Health and Safety is a core paramount value of WSP. Given the importance of keeping one another safe it is expected that you comply with our Health, Safety & Environment (HSE) policy at all times as well as client HSE policies when working at client locations.

Offers of employment for safety-sensitive positions involving fieldwork are contingent upon candidates being able to perform key physical tasks of the job as described in the job posting and interview. This may include the ability to work in a variety of environmental conditions, such as remote or isolated areas, working alone, and in inclement weather (within safe and reasonable limits).

WSP welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

WSP is committed to the principles of employment equity. Only the candidates selected will be contacted.

WSP does not accept unsolicited resumes from agencies. For more information please READ THE FULL POLICY.