Information Security Lead

The Information Security Lead supports the Director of IT Security in developing and executing Johnston Group’s information security program. This role safeguards corporate and client data by leading security strategy, daily operations, and incident response, while advising technical teams and executives on cybersecurity risks.
 
Key responsibilities include managing vulnerability assessments, incident response, identity and access controls, and cloud security across Microsoft 365, Azure, and AWS. This role embeds Zero Trust principles, supports secure development, leads crisis planning, delivers training, tracks metrics, mentors staff, and manages the security budget. Cross-functional collaboration is essential to embed security across the organization.
 
*Hybrid working model based out of our Winnipeg, MB office, with three days in-office per week.

Qualifications:
 

• Post-secondary degree or diploma in Information Security, Computer Science, or related field
• 7+ years of hands-on experience in information security, including 3+ years in a senior or lead role
• Proven leadership in securing hybrid environments (on-prem and cloud)
• Deep knowledge of firewalls, VPNs, IDS/IPS, encryption, and endpoint protection
• Experience hardening Windows/Linux servers and enterprise endpoints
• Strong background securing Microsoft 365/Azure (e.g., Azure AD, Intune, Conditional Access) and AWS (IAM roles, CloudTrail, security groups)
• Skilled in identity and access management (AD/Azure AD, SSO, SAML/OAuth, MFA, least privilege)
• Experience with vulnerability scanning tools (Nessus, Qualys, Rapid7), and remediation planning
• Incident response expertise including threat containment, log analysis, and root cause investigation
• Applied knowledge of Zero Trust principles and current threat mitigation technologies (e.g., XDR, CASB)
• CISSP strongly preferred; other security certifications are an asset
• Familiar with PIPEDA and frameworks like ISO 27001 or NIST CSF
• Experience in financial services or other data-sensitive sectors preferred
• Project management experience or certifications (e.g., PMP, Agile) an asset
• Familiarity with scripting or coding (PowerShell, Python) and CI/CD pipeline security practices