Information Security Manager

CarltonOne • Full-time • Greater Toronto Area, Canada, CA • 1w ago

CarltonOne is a global B2B technology leader, and part of the Goldman Sachs portfolio, helping organizations around the world reward and inspire exceptional people. Our solutions empower employees to be more productive, sales teams to perform at their best, and customers to stay engaged and loyal.

Our platform powers the global engagement industry, enabling companies to deliver impactful employee recognition, customer loyalty, rewards, sales, and channel incentive programs. We partner with over 450 clients, 500 vendors, and serve 14 million members across 185 countries.

Beyond engagement, every CarltonOne solution drives our eco-action mission: funding tree planting to help restore the planet. To date, we’ve funded over 20 million trees and are on track to plant millions more each year. Learn more at carltonone.com.

About the Opportunity:

CarltonOne is seeking an Information Security Manager to lead and evolve our information security program. This role is responsible for protecting CarltonOne’s systems, data, and intellectual property while enabling the business to grow securely and efficiently.

This is a hands-on leadership role that blends strategy, governance, technical oversight, and business partnership. You will work closely with Technology, Legal, People & Culture, and business leaders to embed security into how we operate, build, and scale.

Responsibilities:

Security Strategy & Governance

Own and evolve CarltonOne’s information security strategy, roadmap, and policies.
Maintain and improve our security posture in alignment with recognized frameworks (e.g., ISO 27001, SOC 2, NIST).
Lead internal risk assessments and security reviews across applications, infrastructure, and third-party vendors.
Translate security risks into clear, business relevant recommendations for leadership.

Compliance & Risk Management

Support and manage external audits, security certifications, and client security reviews.
Partner with Legal and Compliance on privacy, data protection, and regulatory requirements (e.g., PIPEDA, GDPR).
Over see third-party risk management, including vendor assessments and security due diligence.
Track, prioritize, and remediate security risks across the organization.

Technical Security Oversight

Work closely with Engineering and IT teams to embed security into system design, development, and operations.
Oversee controls related to:
Cloud and infrastructure security
Identity and access management
Application security
Data protection and encryption
Endpoint and network security
Review and guide incident response playbooks and security tooling

Incident Response & Threat Management

Lead or coordinate response to security incidents, including investigation, containment, and remediation.
Act as the primary security escalation point for critical incidents.
Conduct post incident reviews and drive continuous improvement.

Security Awareness & Culture

Build a strong security culture acrossCarltonOne.
Develop and deliver security awareness training for employees.
Act as an approachable security partner — enabling teams rather than blocking progress.

Leadership & Collaboration

Serve as the trusted security advisor to executives and senior leaders.
Influence without authority, balancing risk, usability, and business priorities.
Share security expertise across Engineering, IT, and business teams — elevating the organization’s overall security knowledge without a direct people management mandate.
Represent CarltonOne’s security posture in enterprise client meetings, RFP responses, and customer trust reviews — confidently speaking to our controls, certifications, and risk posture on behalf of the organization.

Qualifications:

Bachelor's degree in information security, Computer Science, or related field.
Certifications such as CISSP, CISM, or ISO 27001 Lead Implementer/ Auditor.
7+ years of experience in information security, cybersecurity, or risk management.
Proven experience owning or significantly contributing to an organization wide security program.
Demonstrated experience managing audits from both sides: responding to enterprise client security reviews and audits ofCarltonOne, and conducting or overseeing security assessments of third-party partners and suppliers, including defining baseline requirements and tracking remediation.
Background in SaaS, technology platforms, or cloud based environments strongly preferred
Solid understanding of modern security principles across cloud, application, and enterprise environments.
Working proficiency with security and GRC frameworks (ISO 27001, SOC 2, NIST CSF, CIS Controls) — able to apply them operationally, not just reference them.
Working knowledge of privacy and data protection regulations applicable to a global B2B platform, including PIPEDA, GDPR, and provincial/state equivalents.

Additional Perks

Here are some additional perks that we provide:

Competitive salary and benefits package.
Health, dental, and vision coverage.
3 weeks’ vacation plus personal days.
Access to our employee benefits portal for exclusive discounts.
Monthly company-wide events, celebrations, and team activities.
Bravo reward points program for recognition and appreciation.
Convenient office location close to public transit.

How to Apply

If this great opportunity looks rewarding to you, let’s connect. Our online application will give you the option to apply to this role directly.

The target hiring range for this position is $90,000 to $115,000. Placement in the salary range will be based on factors such as market conditions, internal equity, and candidate experience, skills, and qualifications relevant to the role.

We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, or if you need assistance to accommodate a disability, please contact us with the “Help” button in the application.