Manager, Information Security

Overview

Hexagon’s Autonomy & Positioning division is looking for an Information Security Manager to drive our IS Cyber Security and GRC practice. As a member of the IS team, you will be accountable for all aspects of Information Security and Governance. You will establish and maintain a defense-in-depth security stance for Hexagon A&P through policy, architecture, and training. The successful candidate is expected to interface with internal IT teams and functional business leaders to communicate our security vision and solicit involvement through information sharing and co-operation. They will also work collaboratively with peers in our other major global divisions to define vision, evolve strategy, and develop roadmaps.

You will also have the experience and skills to lead your Cyber Security team by coaching, mentoring, and guiding them to succeed and continuously improve.

The Company: Hexagon is a global leader in digital reality solutions, combining sensor, software and autonomous technologies. We are putting data to work to boost efficiency, productivity, quality and safety across industrial, manufacturing, infrastructure, public sector and mobility applications. You’ll be joining over 22,000 people in 50 countries on the leading edge of your field.  

This position is with Hexagon’s Autonomy & Positioning division, a global technology leader, pioneering end-to-end solutions industry leaders rely on for assured positioning and autonomy on land, sea and air. Our work touches every aspect of life, from sustainability on Earth to enabling autonomy. Within the Autonomy & Positioning division your work will contribute to the operation of our brand(s) NovAtel, AutonomouStuff, VERIPOS and Antcom. Come see why we are recognized as one of Alberta's Top 75 Employers in 2020 and 2021!

 The Location: Hexagon is a global company with locations around the world. This position is based in Calgary, AB.

If you require any special accommodation, please email our team at hrrecruitingteam.ap@hexagon.com and we will be pleased to follow up with you. Please do not send cover letters or resumes to this address.

Responsibilities

As an Information Security Manager, you will:

• Own the vision and direction of the A&P Information Security program
• Strategically evolve, execute, and grow the Information Security GRC practice
• Strategize, plan, and deliver on an A&P Cyber Security Operations program
• Assess and ensure compliance with relevant Cyber Security frameworks (CMMC, ISO27001, TISAX)
• Participate as a key stakeholder in the corporate Risk Management practice
• Contribute to Environmental, Social and Governance (ESG) initiatives
• Communicate security milestones and challenges to the IT Steering Committee
• Coordinate third party and internal IT Audits, independent security assessments, IT compliance activities, and management of their corrective action plans
• Engage with project initiatives via assessment and communication of risks
• Plan and manage the Information Security workforce plan
• Collaborate with various divisions and teams to provide security expertise and guidance
• Create, update, communicate, and enforce the A&P security policy suite
• Assist our legal team with contract reviews, vendor questionnaires, and legal agreements
• Support Vendor risk management with our Supply Chain teams
• Lead the Incident Response teams to help classify, communicate, and remediate issues
• Provide mentoring and career development opportunities for the Information Security team
• Assess existing security controls to identify gaps and provide remediation recommendations
• Liaise with external vendors and contractors to ensure projects are delivered to time, quality, and budget constraints
• Support Security Awareness Program delivery
• Respond to security related questions from across the business

Qualifications

Must-Have:

• A minimum of 10 years of proven experience within an IS environment, focusing on system and information security
• Bachelor of Computer Science or equivalent education
• 2 years leading or managing teams
• Knowledge of privacy principles (i.e., GDPR, CCPA, PIPEDA etc.)
• Foundation level security certifications from ISC2, GIAC, EC-Council, ISACA or equivalent
• Able to travel internationally
• Deep knowledge and experience in all facets of enterprise Security Management including but not limited to: Enterprise Risk Management, Vulnerability Management, Information Systems Security, Cyber Security, Security Education and Awareness, Continuous Monitoring and Reporting, and other traditional security operations center activities
• Proficient with various Information Security frameworks (NIST SP 800-171/CMMC, ISO27001, TISAX, CIS etc.)
• Knowledge of common application vulnerabilities, current threats, and related mitigation techniques

Key Success Factors:

• An open and inclusive personality who brings out the best in their team members
• Excellent problem-solver who thrives in a dynamic, fast paced environment
• Pro-actively identifies opportunities for continuous improvement
• Respectfully challenges the norms and brings new ideas and opportunities forward
• Excellent communication skills when communicating in any direction within the organization: upwards to leadership, downwards to employees, or across to peers and service providers
• Strong customer service orientation