Toronto, ON, CA

Operating Sector:  Finance

Senior Information Security Compliance Analyst

At Aecon, we’re building the future and our people are at the heart of everything we do. We're always looking for exceptional talent to work on our exciting and ever-expanding project portfolios. We are focused on being the #1 Canadian Infrastructure Company and the first choice employer in our industry.



Position Overview
Aecon is well-positioned in the Canadian marketplace as an industry leader in the development and construction of infrastructure. We have a roster of ongoing major projects here and abroad, record backlog diversified across multiple sectors and duration, and a robust pipeline of future project pursuits. We are in a strong market position, but we are ultimately aiming higher. 

Reporting to the Senior Security and Compliance Officer, the Senior Information Security Compliance Analyst will identify, manage, and report on the company’s compliance with regulatory, legislative, and contractual requirements. Responsibilities will include performing reviews, assessments and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.

Key Responsibilities

    • Design, operate and manage an ISMS to help achieve and maintain ISO 27001 certification for in-scope lines of business
    • Maintain existing and develop new information security governance documents, including policies, standards, procedures and guidelines
    • Work with Internal Audit, Legal, Privacy and other key stakeholders to ensure that IS policies, procedures and controls are aligned with all associated requirements
    • Liaise with internal/external auditors, clients and business teams to facilitate audits and/or risk reviews and help to collect the required information. Ensure timely management response to findings and track remediation through to closure
    • Ensure that in-place security controls are working effectively by designing and implementing appropriate KPIs and/or KRIs for reporting
    • Prepare monthly, quarterly and annual reports and/or presentations for various senior management audiences, including steering committees and board of directors
    • Validate appropriate security controls of vendors and other 3rd parties who safeguard the company’s information assets and computer systems by performing contract reviews and security compliance reviews
    • Conduct monthly reviews with security service providers to ensure compliance with service level agreements (SLAs) and other contractual/service requirements
    • Act as a backfill for other security team members, as required

Required Knowledge and Experience

    • A university degree in Computer Science or related equivalent is required
    • CISM, CISA, CISSP, or SOX certifications is an asset
    • 8+ years of experience in an IT related field
    • 5+ years in an information security/compliance function or IT audit role
    • 3+ years of experience in information security risk management
    • Significant knowledge of, and experience with, legal and regulatory compliance standards such as GDPR, PCI-DSS, PHIPA, ISO 2700-1 and/or NIST
    • Significant knowledge of computer networking concepts and protocols and IT security methodologies
    • Ability to adapt to constantly changing technical, regulatory, and compliance environments
    • Results oriented, high energy, and self-motivated
    • Excellent verbal and written communication skills
    • Ability to work in a team-oriented, collaborative environment
    • Strong problem solving and analytical skills
    • Ability to handle multiple competing priorities and meet tight deadlines


Aecon has every intention of fostering diversity within and across our organization. We welcome those who would contribute to the further diversification of our staff including, but not limited to, women, visible minorities, Indigenous people, persons with disabilities, and persons of any sexual orientation or gender identity.


If you require accommodation during any step of the application process please click here.