Search open roles at our portfolio companies

Information Security Manager - GRC



Toronto, ON, Canada
Posted on Friday, September 15, 2023

Job Category:


Pay Grade Range:

$66,605.00 - $155,405.00

Disclaimer: The base salary range represents the low and high end of Altus Group’s “Pay Grade Range” for this position in the primary work location. Actual hiring salaries will vary depending on factors including but not limited to work experience, and geographic market data for the role. The Pay Grade Range listed above does not reflect Altus Group’s total compensation for employees. Other rewards may include an annual bonus, flexible work arrangements, and region-specific benefits.

Unlock your Altus Experience!

If you’re looking to advance your career in data analytics, expertise, and technology for the rapidly growing global CRE market, there’s no better place than Altus Group. At Altus, our work is purposeful. Every day, our employees drive impact, innovate, and shape the global commercial real estate (CRE) and PropTech industry.

Our people-centric culture empowers you to deliver in a high trust, high performance culture, surrounded by an inclusive team that’s collaborating to modernize our industry. We invest in our people with training and growth opportunities designed to propel you further in your career while providing a flexible and progressive workplace that reflects our values and teams.

Reporting to the Director, Information Security, will be mainly focused on controls, metrics assessments and external audits. As a result of these assessments, you will be in charge of the Customer InfoSec Trust Package. Lead projects and manage processes in these areas and potentially people that would be assigned to your projects.

Key Responsibilities:

  • You’re in charge of developing the control and metrics framework and reporting them. You manage the controls and metrics assessment process.

  • You work with the team on the control definition and implementation in the GRC tool.

  • You take the lead on main ISO / SOC audits at first and progressively on all audits. You prepare and ensure the organization is ready to pass SOC and ISO security audits.

  • You are the main contact for auditors and lead the audit activities of certifications and assessments in your scope.

  • You lead activities related to the maintenance and the obtaining of certifications and assessments in your scope (e.g., meetings, control period review, etc.).

  • You’re accountable for maintaining and obtaining certifications and assessments in your scope and reporting any noncompliance to your manager as soon as possible.

  • For audits not in your scope, you are the InfoSec deputy and are the main contact for all InfoSec related questions from auditors.

  • You are in charge of the external audit controls implementation in the GRC tool (Service Now GRC Module).

  • As a result of previously described activities you are in charge of building the customer facing InfoSec Trust Package

  • You take the lead on writing and aggregating customer facing documentation (results from audits, main policies, technical documentations, custom documentations, etc.)

Key Qualifications:

  • Minimum 7 years of experience in InfoSec and IT (at least 5 years in InfoSec)

  • Master’s degree or equivalent in IT or InfoSec

  • Attestation of knowledge in InfoSec Governance well appreciated (CISM, ISO 27001 LI/LA, CISA, CISSP, etc.)

  • InfoSec governance area and control objectives (ISO 27001/2, NIST CSF)

  • Knowledge on ServiceNow GRC module well appreciated


What Altus Group offers:

  • Rewarding performance: We are pleased to be able to provide employees competitive compensation, incentive and bonus plans, and a total rewards package that prioritizes their mental, physical and overall financial health.
  • Growth and development: As a destination for top industry talent, we’re investing in you to meet the evolving needs of our clients and deliver on your professional goals. Our Altus Intelligence Academy offers over 150,000 hours of learning materials catering to diverse stages of an employee’s career journey.
  • Flexible work model: We’re modernizing our employee programs to reflect the new world of work. Our Activity-Based Work model provides you with flexibility to align your work location to the work being performed - office for connecting and collaborating, and remote for focused work.

Altus Group is committed to fostering an inclusive work environment where all clients and employees feel welcomed, accepted and valued. We provide an atmosphere free from barriers to promote diversity, equity, and inclusion, and encourage equal opportunities for all employees. We’re seeking candidates with diverse experiences and provide accessible candidate experiences throughout the selection process. If you need accommodation,

We appreciate all applicants who take the time to apply to Altus Group. Please note that only those who are selected to move forward in the process will be contacted. Thank you.