Information Security Manager

Who Are We?

UniUni, a North American leader in last-mile logistics, delivers tens of millions of parcels annually across Canada, from coast to coast, and is rapidly expanding its footprint in the United States. Founded in 2019, UniUni is known for its tech-driven innovation and crowdsourced delivery model, providing fast, economical, and reliable services to local, national, and international e-commerce clients.

What Do We Offer?

At UniUni, we empower our employees with opportunities to achieve their professional goals. We value both lateral growth and vertical advancement, ensuring every role helps you develop your skills, broaden your expertise, and build a fulfilling career. We are looking for passionate professionals ready to work hard, embrace challenges, and enjoy being part of a dynamic, fun team.

Requirements

• Lead and manage the information security team, providing guidance, mentorship, and support to team members
• Develop and implement comprehensive information security strategies, policies, and procedures to protect the organization's information assets
• Monitor and analyze security incidents, vulnerabilities, and threats, and coordinate appropriate responses
• Conduct regular security assessments, audits, and penetration testing to identify and mitigate potential risks
• Collaborate with IT, legal, and compliance teams to ensure alignment with regulatory requirements and industry best practices
• Oversee the implementation and maintenance of security technologies, including SIEM and intrusion detection systems
• Stay up-to-date with the latest cybersecurity trends, threats, and technologies, and recommend improvements to enhance the organization’s security posture
• Prepare and present regular reports on the cybersecurity program's status to senior management
• Investigate and respond to security incidents across office and cloud environments
• Collaborate with the information security team to detect, analyze, and mitigate threats
• Conduct post-incident analysis and recommend security improvements
• Proactively manage application security risks and threats using tools such as Veracode and Sysdig
• Perform regular vulnerability scans and assessments to identify and remediate security risks
• Analyze risks and provide actionable recommendations to address vulnerabilities
• Leverage tools such as Veracode and Edgescan for SAST and DAST vulnerability scans to ensure application security
• Utilize tools for Software Composition Analysis (SCA), registry, and container security scans
• Assist in the development and maintenance of risk management frameworks
• Collaborate with IT Security, Risk, and Compliance teams to update the Corporate Risk Register with identified vulnerabilities and remediation actions
• Track and monitor the progress of security remediation initiatives
• Ensure IT security practices comply with regulatory requirements, NIST guidelines, and internal policies
• Support audits and assessments related to IT security and compliance
• Maintain accurate and up-to-date documentation of IT security policies and procedures
• Work with various teams and departments to ensure secure configuration of systems and applications
• Assist in the evaluation and implementation of new security tools and technologies
• Prepare and deliver security reports and updates as required

Qualifications

• Minimum of 8 years of experience in cybersecurity, with at least 3 years in a managerial or leadership role
• Experience with security frameworks and standards such as NIST, ISO 27001, and SOC 2
• Proficiency in security tools and technologies, including SIEM, IDS/IPS, firewalls, and endpoint protection
• Hands-on experience in the following areas: application security, vulnerability management, threat modeling, penetration testing, web and network protocols, and encryption technologies
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams
• Relevant certifications such as CISSP, CISM, or CISA are highly desirable
• Experience in security incident response and crisis management
• Knowledge of cloud security and experience with cloud platforms such as AWS and Azure
• Familiarity with regulatory requirements and compliance standards in the industry

• Dental, Vision, Medical insurance, Paid Holiday, Paid Time Off, Paid Sick Leave, Management training program
• Salary range $90,000 to $110,000 CAD