Information Security Officer

Vancouver

Are you looking for an opportunity to…

• Safeguard digital assets while enabling innovation?

• Lead the evolution of cybersecurity strategies in a global engineering consulting environment?

• Collaborate with multidisciplinary teams on meaningful infrastructure projects?

• Work in a close-knit group of motivated professionals?

What makes us stand out?

Our tag line “Down to Earth / Up to the Challenge” says a lot about who we are. In broad terms, we think KCB’s primary differentiators are:

• our global reputation for technical excellence

• our appetite to tackle problems with unique complexities

• our creative perspectives that come through diverse and inclusive teams

• our size—large enough to win intriguing projects, small enough to know you by name

What you would engage in:

Klohn Crippen Berger is seeking an experienced and strategic Information Security Officer (ISO) to oversee and enhance the protection of our digital information systems. Reporting to the Director of IT, this role is responsible for leading and advancing KCB’s enterprise cybersecurity program.

This role will be instrumental in defining and implementing our cybersecurity vision and roadmap, ensuring robust governance, compliance, and security operations across our international offices.

If you are a hands-on security leader with a passion for risk management, policy development, and modern security technologies, we’d love to hear from you.

What You’ll Do:

• Cybersecurity Strategy & Governance:

  • Lead the development and execution of KCB’s cybersecurity strategy and operating model.

  • Oversee security governance, including policies, standards, and compliance activities.

  • Design and deliver cybersecurity awareness and training programs.

• Risk Assessment & Mitigation:

  • Identify vulnerabilities through regular risk assessments and audits, and implement mitigation plans across infrastructure, applications, and cloud services.

  • Identify, assess, and report on cybersecurity, IT, and regulatory risks to information assets

• Policy Development & Compliance:

  • Establish and maintain security policies, standards, and procedures to comply with applicable frameworks such as ISO/IEC 27001, NIST, and GDPR.

  • Establish resilience standards aligned with enterprise risk and business continuity objectives

  • Lead second-line assurance functions, including audits and control effectiveness reviews

• Security Operations & Incident Response:

  • Direct and coordinate incident detection and response procedures, including investigation, escalation, remediation, and post-mortem analysis.

  • Develop and manage incident response and recovery plans to ensure business continuity

  • Lead and support investigations, risk analysis, and response to security incidents

• Collaboration & Training:

  • Partner with IT, Engineering, HR, and Legal to strengthen security awareness and integrate security best practices across departments.

  • Collaborate with external partners (e.g., law enforcement, advisory bodies) to maintain a strong security posture

• Tooling & Monitoring:

  • Evaluate, implement, and manage security tools (e.g., SIEM, endpoint protection, access controls) to proactively defend against threats.

  • Implement and maintain security controls (e.g., firewalls, intrusion detection/prevention, encryption).

• Vendor & Third-Party Risk Management:

  • Assess and monitor the security posture of third-party vendors and service providers.

What You Bring:

• Bachelor’s or Master’s degree in Computer Science, Information Security, Business Administration, or a related field

• Minimum 7 years of experience in cybersecurity or information risk management, including 5 years in a leadership role

• Relevant certifications (e.g., CISSP, CISM, or similar) are considered an asset

• Strong knowledge of cybersecurity frameworks, risk management practices, and regulatory requirements

• Strong knowledge of cybersecurity technologies, identity and access management, network security, and cloud security (e.g., Azure, AWS).

• Deep understanding of secure software development lifecycles, data classification, and regulatory compliance.

• Experience leading teams and managing performance, development, and recruitment

• Ability to manage multiple priorities in a fast-paced, evolving environment

• Strong communication skills with the ability to translate complex security topics into business impact terms for technical and non-technical stakeholders.

• Proven ability to handle sensitive, complex, and confidential matters with sound judgment and discretion

What will help you succeed:

• A passion for staying ahead of evolving cyber threats and technologies.

• A collaborative mindset and comfort working across global teams.

• A detail-oriented approach to processes and documentation.

• Ownership and accountability in delivering secure, scalable solutions.

The salary for this position is $110,000 to $130,000 per year. Salary is based on applicable experience, education, and skill level. In addition to salary, total rewards include:

Along with continued career development, KCB offers:

• Hybrid work opportunities

• Annual performance and salary review

• Vacation policy that aligns with your experience

• Flexible benefits, including Registered Savings Plan, social, and mental well-being initiatives

• Commitment to global Environmental Social Governance standards

We are a global organization committed to employment equity. We respect the uniqueness that makes you, you. We encourage applications from all qualified career seekers, regardless of gender, sex, religion, or nationality.

To learn more about projects you could be a part of, check out Projects - KCB (klohn.com) and our Careers page for more details.