AVI Systems Inc.

Apply for this job

Information Security, Risk & Compliance Manager (Finance)



The Information Security, Risk & Compliance Manager is responsible for developing, implementing, and maintaining FORTÉ' global information security and compliance program. This strategic, hands-on role ensures that the organization meets regulatory standards, manages enterprise risk, and responds to client audits. This individual will oversee internal security policy enforcement and serve as the organization's primary point of contact for privacy regulations, including GDPR.

Cybersecurity Program Management

  • Maintain and continuously improve AVI Systems' cybersecurity framework
  • Lead risk assessments, vulnerability analyses, and incident response procedures
  • Monitor and enhance internal controls to mitigate security risks

Regulatory Compliance and Risk
  • Oversee compliance documentation and ensure internal audit readiness
  • Ensure adherence to SOC 2 Type II, ISO 27001, GDPR, and other applicable standards
  • Manage customer security questionnaires and third-party assessments
  • Maintain a formal risk register and lead organizational risk assessment initiatives

Privacy and Data Protection
  • Serve as the primary contact for privacy regulations and compliance requirements
  • Implement and manage procedures for data classification, retention, and protection
  • Collaborate with Legal and HR teams on privacy incidents and data subject access requests

Disaster Recovery and Business Continuity
  • Develop, test, and maintain disaster recovery and business continuity plans
  • Lead periodic tabletop exercises and drive executive-level readiness initiatives

QUALIFICATIONS:

  • Bachelor's degree in information security, Computer Science, or a related field (or equivalent
  • experience).
  • 5+ years of experience in cybersecurity, compliance, or IT risk management.
  • Familiarity with SOC 2 Type II, ISO 27001, NIST, and GDPR frameworks.
  • Hands-on experience with security technologies (e.g., SIEM, MFA, firewalls, endpoint
  • protection).
  • Professional certifications such as CISSP, CISM, CRISC, or CIPP preferred.
  • Strong strategic thinking and operational execution
  • Proven analytical and risk-based decision-making ability
  • Ability to manage cross-functional alignment and influence without authority
  • Self-starter able to work independently
  • Proficient with Microsoft Office Suite and other common enterprise platforms
Apply
Apply Here done