It Security à Canada

Location: Toronto, ON, CA

Operating Sector: Information Services

Come Build Your Career at Aecon!

As a Canadian leader in infrastructure development, Aecon is safely and sustainably building what matters for future generations to thrive! We lead some of the most impactful infrastructure projects of our generation, at the forefront of transformational change in transportation and energy, and partnering every day to build, connect, power, and strengthen our communities.

At Aecon, you can count on:

• Safety Always. Our number one core value. If we can’t do it safely, we don’t do it at all.
• Integrity. We lead by example, with humility and courage.
• Accountability. We’re passionate about delivering on our commitments.

We lead the infrastructure industry with purpose, and our people are at the heart of everything we do. So, we invest in our people, just like they invest in us!

At Aecon we:

• Ensure you and your family receive the services needed to support your mental, emotional, and physical well-being.
• Believe in helping you build your career through our Aecon University and Leadership Programs.
• Are committed to supporting and investing in inclusive work environments, through initiatives like Equity, Diversity & Inclusion training, our Aecon Women in Trades and Aecon Diversity in Trades programs, and our Employee Resource Groups (ERGs) to ensure we are building inclusion into every aspect of our culture at Aecon.
• Are a leader in sustainable construction. With a strong commitment to operating responsibly by minimizing our impact on the environment and surrounding communities.

Our business success relies on strong execution and continuous improvement – driven by the diversity, expertise and teamwork of our people. We’re always searching the globe for innovative, collaborative minds to join our best-in‑class Aecon community!

We are seeking a Senior Analyst, Security Risk & Compliance to join our Governance, Risk, and Compliance team. This role is pivotal in strengthening Aecon’s security posture and ensuring alignment with industry standards and regulatory requirements.

• Conduct comprehensive security risk assessments for new and existing services, applications, technologies, and vendors. Clearly document and communicate findings to relevant stakeholders.
• Provide expert consultative advice to Information Services (IS) and business units to support informed risk management decisions.
• Recommend and implement appropriate controls to address identified security risks and enhance organizational security.
• Identify opportunities to improve processes for security risk identification and management.
• Design, operate, and manage a compliance framework aligned with ISO 27001, including associated controls.
• Develop and maintain information security governance documentation, including policies, standards, procedures, and guidelines.
• Collaborate with Internal Audit, Legal, Privacy, and other stakeholders to ensure IS policies and controls meet all regulatory and organizational requirements.
• Facilitate audits and risk reviews with internal/external auditors, clients, and business teams; ensure timely response and track remediation to closure.
• Monitor the effectiveness of security controls through the design and implementation of KPIs and KRIs for reporting.
• Prepare periodic reports and presentations for senior management, steering committees, and the board of directors.
• Assess security controls of vendors and third parties safeguarding company assets through contract and compliance reviews.
• Conduct monthly compliance reviews with security service providers to ensure adherence to SLAs and contractual requirements.
• Provide backup support for other security team members as needed.

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Professional certifications such as CISM, CISA, CRISC, or CISSP are considered assets.
• Minimum 8 years of experience in IT, with at least 5 years in information security/compliance or IT audit, and 3 years in security risk management.
• In-depth knowledge of legal and regulatory compliance standards (e.g., GDPR, PCI‑DSS, PHIPA, ISO 27001, NIST).
• Strong understanding of computer networking concepts, protocols, and IT security methodologies.
• Ability to adapt to evolving technical, regulatory, and compliance environments.
• Demonstrated results orientation, energy, and self‑motivation.
• Excellent verbal and written communication skills.
• Proven ability to work collaboratively within a team environment.
• Strong analytical and problem‑solving skills.
• Capacity to manage multiple priorities and meet tight deadlines.

• Stakeholder Management: Ability to influence with and without direct authority; high emotional intelligence and organizational awareness.
• Business Acumen: Deep understanding of business operations, trends, and technologies impacting the organization.
• Adaptive Thinking: Effective change leadership and critical thinking skills; sound analysis and logical reasoning.
• Decision Making: Sound judgment and decision‑making in complex, dynamic environments; innovative risk orientation.
• Influencing: Ability to positively influence colleagues and gain genuine agreement.
• Problem Solving: Proficient in applying logic and techniques to resolve complex issues; skilled in asking probing questions to achieve optimal outcomes.

Aecon fosters diversity, inclusion and belonging within and across our organization. We welcome all to apply including, women, visible minorities, Indigenous peoples, persons with disabilities, and persons of any sexual orientation or gender identity.

We are committed to adhering to the objectives and requirements outlined in the Accessible Canada Act (ACA), and to meeting the accessibility needs of persons with disabilities in a timely manner. Through the implementation of the requirements of the ACA and its applicable regulations, appropriate accommodations will be provided upon request throughout the interview and hiring process.