Information Security Lead

Johnston Group provides employee benefit solutions to over 30,000 companies, ranging from one employee to thousands across various product lines, including Chambers of Commerce Group Insurance Plan, Canada’s #1 employee benefits plan for small businesses. JG is a platinum member ofCanada’s Best Managed Companiesand was named one ofManitoba’sTop Employers.We support a positive work atmosphere where we value the diversity in the people we serve and are looking for talent who will contribute to our diverse and inclusive workplace; where individual differences are recognized, appreciated, and respected. JG believes in giving back and contributes significantly to local health, arts, sports, and other community organizations.

The Information Security Lead supports the Director of IT Security in developing and executing Johnston Group’s information security program. This role safeguards corporate and client data by leading security strategy, daily operations, and incident response, while advising technical teams and executives on cybersecurity risks.

Key responsibilities include managing vulnerability assessments, incident response, identity and access controls, and cloud security across Microsoft 365, Azure, and AWS. This role embeds Zero Trust principles, supports secure development, leads crisis planning, delivers training, tracks metrics, mentors staff, and manages the security budget. Cross-functional collaboration is essential to embed security across the organization.

*Hybrid working model based out of our Winnipeg, MB office, with three daysin-office per week.

Qualifications:

• Post-secondary degree or diploma in Information Security, Computer Science, or related field
• 7+ years of hands-on experience in information security, including 3+ years in a senior or lead role
• Proven leadership in securing hybrid environments (on-prem and cloud)
• Deep knowledge of firewalls, VPNs, IDS/IPS, encryption, and endpoint protection
• Experience hardening Windows/Linux servers and enterprise endpoints
• Strong background securing Microsoft 365/Azure (e.g., Azure AD, Intune, Conditional Access) and AWS (IAM roles, CloudTrail, security groups)
• Skilled in identity and access management (AD/Azure AD, SSO, SAML/OAuth, MFA, least privilege)
• Experience with vulnerability scanning tools (Nessus, Qualys, Rapid7), and remediation planning
• Incident response expertise including threat containment, log analysis, and root cause investigation
• Applied knowledge of Zero Trust principles and current threat mitigation technologies (e.g., XDR, CASB)
• CISSP strongly preferred; other security certifications are an asset
• Familiar with PIPEDA and frameworks like ISO 27001 or NIST CSF
• Experience in financial services or other data-sensitive sectors preferred
• Project management experience or certifications (e.g., PMP, Agile) an asset
• Familiarity with scripting or coding (PowerShell, Python) and CI/CD pipeline security practices

The successful candidate must be legally eligible to work in Canada. We thank all applicants for their interest. Please note that only those selected for an interview will be contacted.

JG welcomes the opportunity to provide accommodation throughout the selection process. Please contact us to discuss your requirements by email at human.resources@johnstongroup.ca or by phone at 204-772-9565.