Information Security Manager

Johnston Group provides employee benefit solutions to over 30,000 companies, ranging from one employee to thousands across various product lines, including Chambers of Commerce Group Insurance Plan, Canada’s #1 employee benefits plan for small businesses. JG is a platinum member of Canada’s Best Managed Companies and was named one of Manitoba’s Top Employers. We support a positive work atmosphere where we value the diversity in the people we serve and are looking for talent who will contribute to our diverse and inclusive workplace; where individual differences are recognized, appreciated, and respected. JG believes in giving back and contributes significantly to local health, arts, sports, and other community organizations.

This role is responsible for leading the execution of the company’s information security program, ensuring alignment with business objectives, regulatory requirements, and industry best practices. The Information Security Manager will oversee daily security operations, including vulnerability management, incident response, identity and access controls, and cloud security across platforms such as Microsoft 365, Azure, and AWS. This role is also responsible for developing and maintaining disaster recovery and business continuity plans, embedding Zero Trust principles, and supporting secure software development across teams.

Key responsibilities include managing the implementation of security policies and procedures, leading security awareness training programs, and maintaining visibility into the evolving threat landscape. The role tracks key security metrics, advises technical and executive leadership on cybersecurity risks, and manages the information security budget. Mentoring IT staff, ensuring cross-functional collaboration, and aligning security efforts with organizational priorities are also critical aspects of the role. The Information Security Manager plays a central role in fostering a culture of security and resilience, working closely with IT, HR, and business units to embed security into systems, processes, and decision-making throughout the organization.

Hybrid working model based out of our Winnipeg, MB office, with three days in-office per week.

Qualifications:

• Post-secondary degree or diploma in Information Security, Computer Science, or related field
• 7+ years of hands-on experience in information security, including 3+ years in a senior or lead role
• Proven leadership in securing hybrid environments (on-prem and cloud)
• Deep knowledge of firewalls, VPNs, IDS/IPS, encryption, and endpoint protection
• Experience hardening Windows/Linux servers and enterprise endpoints
• Strong background securing Microsoft 365/Azure (e.g., Azure AD, Intune, Conditional Access) and AWS (IAM roles, CloudTrail, security groups)
• Skilled in identity and access management (AD/Azure AD, SSO, SAML/OAuth, MFA, least privilege)
• Experience with vulnerability scanning tools (Nessus, Qualys, Rapid7), and remediation planning
• Incident response expertise including threat containment, log analysis, and root cause investigation
• Applied knowledge of Zero Trust principles and current threat mitigation technologies (e.g., XDR, CASB)
• CISSP strongly preferred; other security certifications are an asset
• Familiar with PIPEDA and frameworks like ISO 27001 or NIST CSF
• Experience in financial services or other data-sensitive sectors preferred
• Project management experience or certifications (e.g., PMP, Agile) an asset
• Familiarity with scripting or coding (PowerShell, Python) and CI/CD pipeline security practices

The successful candidate must be legally eligible to work in Canada. We thank all applicants for their interest. Please note that only those selected for an interview will be contacted.

JG welcomes the opportunity to provide accommodation throughout the selection process. Please contact us to discuss your requirements by email at human.resources@johnstongroup.ca or by phone at 204-772-9565