Regional Information Security Officer (LAC)

About us

WSP is a global consulting firm assisting public and private clients to plan, develop, design, construct, operate and maintain thousands of critical infrastructure projects around the world.

Position Summary

WSP’s Information Security Office (ISO) is responsible for the deployment and maintenance of the information security framework for both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

The role of Regional Information Security Officer reports directly to the Business Information Security Officer and is responsible for delivering the Information Security Framework into the applicable region of WSP. This is primarily an internally facing role, although some interaction with clients and third parties may be required.

This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party security management.

Responsibilities

Work with the Business Information Security Officer, Regional Business and IT Leadership and peers within the Information Security Office to ensure the following deliverables are effectively and consistently delivered for the region under their area of responsibility.

Information Security Strategy: Collaborate with the Business Information Security Officer to define the regional organization's information security strategy, vision, and goals. Translate strategic objectives into actionable plans and initiatives that align with business objectives and industry best practices.Senior Stakeholder Engagement and Relationship Management: Develop highly effective relationships with business and IT leadership within their areas of responsibility, in order to deliver the information security strategy and goals and the management of security risk.Information Security Governance: Oversee WSPs implementation and maintenance of its ISO27001 aligned Data and Information Security Management System. Establish and maintain the Information Security Governance framework; including running the Information Security Committees; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes. Risk Management: Oversee the identification, reporting, assessment, and mitigation of information security risks. Work closely with cross-functional teams to ensure risk management practices are embedded in business processes and projects. Monitor the effectiveness of risk mitigation measures and drive continuous improvement.Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs to promote a security-conscious culture. Collaborate with stakeholders to address security education needs and ensure employees understand their roles and responsibilities in protecting information assets. Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.Acquisition, Mergers and Integrations: Direct the security matters relating to all aspects of Acquisitions, Mergers, Integrations and Divestments. Including the security evaluation of potential acquisitions through to the integration of the acquired businesses into WSP’s security ecosystem.Client Support: Develop and maintain a program of client support, to ensure that all client security requirements are identified, assessed, delivered and reported to relevant business leaders.Vendor Risk Management: Develop and maintain a robust vendor risk management program. Conduct assessments of vendors and service providers to ensure they meet information security requirements and adhere to contractual obligations.Incident Response and Management: Develop and maintain an incident response plan and coordinate the response to information security incidents. Lead investigations, root cause analyses, and corrective actions to mitigate the impact of incidents and prevent future occurrences; liaise with external organizations (clients, law enforcement, local governments) as required.

Security Reporting and Metrics: Develop and maintain metrics, reports, and dashboards to track the effectiveness of the information security program. Provide regular updates to senior leadership on the organization's security posture and recommend remedial actions as needed.

Leadership and People Responsibilities:

Displays leadership and independence in performing their role, with an ability to make complex decisions with limited input and review from senior staff.High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.Assist in the hiring, training, and coaching of new and existing staff, and provide coaching to staff executing all aspects of information security and risk assessment and support.Develop positive working relationships with other team members and business partners and partner across teams to align with WSP internal and external client demands.Capable of rapidly assimilating and internalizing new complex business, technology, and risk management concepts and dependencies.Capable of clearly defining, presenting and selling recommended strategies to senior management teams in a business or technical context as appropriate.Critical thinker with strong problem-solving skills, project management skills; financial/budget management, scheduling and resource management.Able to interpret and apply laws, regulations, policies and guidance relevant to the organization information security objectives.Able to exercise judgement when policies are not well-defined.Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate between specialized groups of business unit and IT professionals.Accommodation of schedule for international conference calls, limited travel within the regions you are responsible for.Ability to work with people from different backgrounds and cultures across the region and the world.

Finance/Budgetary Responsibilities:

Support the Business Information Security Officer in developing the budget projections based on objectives

Regional Information Security Officer (LAC)

About us

WSP is a global consulting firm assisting public and private clients to plan, develop, design, construct, operate and maintain thousands of critical infrastructure projects around the world.

Position Summary

WSP’s Information Security Office (ISO) is responsible for the deployment and maintenance of the information security framework for both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our clients.

The role of Regional Information Security Officer reports directly to the Business Information Security Officer and is responsible for delivering the Information Security Framework into the applicable region of WSP. This is primarily an internally facing role, although some interaction with clients and third parties may be required.

This position requires a senior management professional with relevant experience and a strong working knowledge of IT security, risk management, regulatory compliance, information and public cloud service technology, IT operations management principles, and third-party security management.

Responsibilities

Work with the Business Information Security Officer, Regional Business and IT Leadership and peers within the Information Security Office to ensure the following deliverables are effectively and consistently delivered for the region under their area of responsibility.

Information Security Strategy: Collaborate with the Business Information Security Officer to define the regional organization's information security strategy, vision, and goals. Translate strategic objectives into actionable plans and initiatives that align with business objectives and industry best practices.Senior Stakeholder Engagement and Relationship Management: Develop highly effective relationships with business and IT leadership within their areas of responsibility, in order to deliver the information security strategy and goals and the management of security risk.Information Security Governance: Oversee WSPs implementation and maintenance of its ISO27001 aligned Data and Information Security Management System. Establish and maintain the Information Security Governance framework; including running the Information Security Committees; coordinating IS risk management, executive reporting and participate in other forums where information security input and approval is required based on documented policies and processes. Risk Management: Oversee the identification, reporting, assessment, and mitigation of information security risks. Work closely with cross-functional teams to ensure risk management practices are embedded in business processes and projects. Monitor the effectiveness of risk mitigation measures and drive continuous improvement.Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs to promote a security-conscious culture. Collaborate with stakeholders to address security education needs and ensure employees understand their roles and responsibilities in protecting information assets. Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.Acquisition, Mergers and Integrations: Direct the security matters relating to all aspects of Acquisitions, Mergers, Integrations and Divestments. Including the security evaluation of potential acquisitions through to the integration of the acquired businesses into WSP’s security ecosystem.Client Support: Develop and maintain a program of client support, to ensure that all client security requirements are identified, assessed, delivered and reported to relevant business leaders.Vendor Risk Management: Develop and maintain a robust vendor risk management program. Conduct assessments of vendors and service providers to ensure they meet information security requirements and adhere to contractual obligations.Incident Response and Management: Develop and maintain an incident response plan and coordinate the response to information security incidents. Lead investigations, root cause analyses, and corrective actions to mitigate the impact of incidents and prevent future occurrences; liaise with external organizations (clients, law enforcement, local governments) as required.

Security Reporting and Metrics: Develop and maintain metrics, reports, and dashboards to track the effectiveness of the information security program. Provide regular updates to senior leadership on the organization's security posture and recommend remedial actions as needed.

Leadership and People Responsibilities:

Displays leadership and independence in performing their role, with an ability to make complex decisions with limited input and review from senior staff.High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.Assist in the hiring, training, and coaching of new and existing staff, and provide coaching to staff executing all aspects of information security and risk assessment and support.Develop positive working relationships with other team members and business partners and partner across teams to align with WSP internal and external client demands.Capable of rapidly assimilating and internalizing new complex business, technology, and risk management concepts and dependencies.Capable of clearly defining, presenting and selling recommended strategies to senior management teams in a business or technical context as appropriate.Critical thinker with strong problem-solving skills, project management skills; financial/budget management, scheduling and resource management.Able to interpret and apply laws, regulations, policies and guidance relevant to the organization information security objectives.Able to exercise judgement when policies are not well-defined.Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate between specialized groups of business unit and IT professionals.Accommodation of schedule for international conference calls, limited travel within the regions you are responsible for.Ability to work with people from different backgrounds and cultures across the region and the world.

Finance/Budgetary Responsibilities:

Support the Business Information Security Officer in developing the budget projections based on objectives

Requirements

Required

5 years related senior level experience in Information Security, IT risk, IT Audit or a similar position involving IT and business changeGraduate of college or university, preferably with a degree in computer science or information management, or Professional certification in one or more of the following disciplines — IT governance (e.g., CGEIT), security (e.g., CISSP, CISM), internal audit (CISA).Working (not necessarily technical) knowledge of security technologies (encryption, data protection, network intrusion prevention, host intrusion prevention, firewalls, privilege access, etc.)Working (not necessarily technical) knowledge of information technologies (networking concepts, protocols, servers, workstations, laptops, LAN/WAN, wired/wireless, TCP/IP, cloud computing.)Working (not necessarily technical) knowledge of IT security technologies (network security, encryption, data protection, network intrusion prevention, host intrusion prevention, firewalls, privileged access, etc.)Working (not necessarily technical) knowledge of enterprise IT threats and vulnerabilities (including but not limited to attacks and attack trends, ransomware, social engineering, advanced persistent threats, threat actors, etc.)Knowledge of security best practices (physical, technical and organizational controls)Experience with IT and IS Governance frameworks such as COBIT, ITIL, NIST-CSF and ISO 2700xExperience with governance, compliance and audit within IT environmentsExperience of risk management, including risk analysis, mitigation and monitoringKnowledge of information security regulations and legislation applicable to WSPFluency in written and spoken English.

 

Preferred

Master's or other advanced degree in IT, Computer Science, Engineering or related field.Master’s degree in Business Administration or related field.

Requirements

Required

5 years related senior level experience in Information Security, IT risk, IT Audit or a similar position involving IT and business changeGraduate of college or university, preferably with a degree in computer science or information management, or Professional certification in one or more of the following disciplines — IT governance (e.g., CGEIT), security (e.g., CISSP, CISM), internal audit (CISA).Working (not necessarily technical) knowledge of security technologies (encryption, data protection, network intrusion prevention, host intrusion prevention, firewalls, privilege access, etc.)Working (not necessarily technical) knowledge of information technologies (networking concepts, protocols, servers, workstations, laptops, LAN/WAN, wired/wireless, TCP/IP, cloud computing.)Working (not necessarily technical) knowledge of IT security technologies (network security, encryption, data protection, network intrusion prevention, host intrusion prevention, firewalls, privileged access, etc.)Working (not necessarily technical) knowledge of enterprise IT threats and vulnerabilities (including but not limited to attacks and attack trends, ransomware, social engineering, advanced persistent threats, threat actors, etc.)Knowledge of security best practices (physical, technical and organizational controls)Experience with IT and IS Governance frameworks such as COBIT, ITIL, NIST-CSF and ISO 2700xExperience with governance, compliance and audit within IT environmentsExperience of risk management, including risk analysis, mitigation and monitoringKnowledge of information security regulations and legislation applicable to WSPFluency in written and spoken English.

 

Preferred

Master's or other advanced degree in IT, Computer Science, Engineering or related field.Master’s degree in Business Administration or related field.