Share this Job

Title:  Manager, Information Security


Waterloo, ON, CA, N2V 1C6

About Descartes: 

Descartes (TSX:DSG) (Nasdaq:DSGX) is the global leader in providing on-demand, software-as-a-service solutions focused on improving the productivity, performance and security of logistics-intensive businesses. Descartes has over 147,000 parties using its cloud based services. Customers use our modular, software-as-a-service solutions to route, schedule, track and measure delivery resources; plan, allocate and execute shipments; rate, audit and pay transportation invoices; file customs and security documents for imports and exports; and complete numerous other logistics processes by participating in the world's largest, collaborative multimodal logistics community. Our headquarters are in Waterloo, Ontario, Canada and we have offices and partners around the world. Learn more at


Reporting to, and working very closely with, the SVP of Information Security, the Information Security Manager will be responsible for leading the development, implementation and maintenance of a global level information security management system, supporting policy framework and related GRC activities. The overall GRC program should support multiple compliance and audit obligations including SOC2, ISO27001, PCI, HIPAA and SOX. This individual should have some familiarity with risk identification, risk treatment and risk registers. Additional responsibilities will include communication of the GRC program to the rest of the organization, and internal audit tasks related to the preparation of such audits for external auditors. These GRC activities will extend across on premise and cloud infrastructures and multiple Web applications and multiple office and datacenter locations across the globe.This opportunity is ideal for an individual who is seeking professional experience and is enthusiastic about the prospect of working at a growing company with a global focus, and who have a keen interest in learning and developing as a professional. 



  • Build out and execute Third Party Risk management program
  • Coordination, preparation, and internal audit for ISO27001, SOC1, HIPAA, PCI, SOC2 Programs and alignment of program to NIST Cyber Security framework
  • Experience in creating Policy Documentation and Metrics to measure compliance with Policy
  • Risk Register Management and Security Exception Management
  • Participate in Education and Awareness around the area of Compliance and GRC, Security Awareness, and other education campaigns related to Cyber Security.
  • Develop and maintain compliance automation tools including on-line GRC systems, automated compliance checks, and other methods to scale and reduce overhead of compliance.
  • Participation in Data Privacy initiatives including Data Privacy Impact Analysis
  • Coordination with global IT Pillars to achieve Security and Compliance goals
  • Threat Modeling new and existing processes and projects
  • Cultivate core relationships between internal stakeholders and external partners and other third-party entities that support Descarte’s security requirements for handling sensitive data.
  • Creationion of Security collateral and whitepapers and RFP/RFI response support
  • Establish and maintain compliance within the Public Cloud and utilization of automation technologies such as Cloud Security Posture Management
  • Maintain a Security and Compliance roadmap and checkpoints for new acquisitions


  • We are seeking an assertive, adaptable individual with excellent analytical skills, and who will thrive as both a team player and as an individual contributor. 
  • A college diploma is required
  • Knowledge of information security best practices, risks and countermeasures.
  • Some experience in a compliance related environment including but not limited to PCI Compliance, ISO27001, SOC2, GDPR
  • The ability to weigh business risks and enforce appropriate information security measures.
  • Outstanding interpersonal, verbal and written communication skills to interface with management, staff, vendors and customer prospects.
  • A high degree of integrity and trust, along with the ability to work independently or as part of a team.
  • Strong time management skills.
  • Excellent documentation and analytical skills.
  • Any information security certifications are an asset, including but not limited to CISM, CISSP, CISA, CRISM
  • Understanding of complex technical environments including Traditional Datacenter, Public Cloud and Hybrid.
  • Some experience in compliance in complex web applications including SDLC, Threat Modeling, Defense in Depth



You are proficient in English. Knowledge of another European language is a considerable asset.


We offer a flexible and casual work environment, as well as mentorship and on-the-job training to support your personal growth.  You will have an opportunity to contribute new ideas and we welcome your fresh perspective.


We are an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law. 

For more information about our commitment to equal employment opportunity, please review our EEO is the Law , Pay Transparency Nondiscrimination Statement, EEO/AA Statement

Descartes participates in the E-Verify program. Please click below to learn more about the E-Verify program. Notice of E-Verify Participation Right to Work (English and Spanish)

Descartes is committed to working with and providing reasonable accommodations to job applicants with disabilities. Applicants in North America with a disability who require a reasonable accommodation for any part of the application or hiring process can email us at Provide your name and contact information along with the accommodation needed to assist you with the application process. Your request will be responded to as soon as possible. Reasonable accommodations will be determined on a case-by-case basis.


Job Segment: Information Technology, IT Manager, Information Security, Developer, Manager, Technology, Management