Job DescriptionThe OpportunityDrive Secure Growth Through Strategic TransformationPlay a pivotal role in shaping secure business growth as an
Information Security Manager, Mergers & Acquisitions. In this role, you will lead critical security due diligence, risk evaluation, and integration efforts across acquisitions, divestitures, and joint ventures-ensuring every transaction aligns with WSP's security framework and risk posture.
You'll collaborate with Corporate Development, Legal, IT, and executive stakeholders to assess, advise, and integrate security practices within a fast-paced, deal-driven environment, directly influencing the success and resilience of strategic business initiatives across Canada.
Your Impact- Lead information security due diligence activities for mergers, acquisitions, and divestitures.
- Perform pre-acquisition security risk assessments, including evaluation of policies, controls, technologies, and cyber maturity.
- Identify key security risks, liabilities, and remediation requirements, including regulatory, contractual, and operational risks.
- Work with security penetration testing vendors to coordinate, track, and evaluate penetration testing activities, as well as remediation schedules.
- Coordinate breach assessment activities in line with transaction schedules.
- Provide clear, actionable risk reports and executive-level summaries to support transaction decision-making.
- Support deal teams in defining security-related representations, warranties, and contractual requirements.
- Work with M&A Operations to develop and maintain security integration playbooks and frameworks aligned with WSP standards.
- Define Day 1 security expectations as well as day 30/60/90 security integration plans where necessary, including identity, network, endpoint, data protection, and monitoring controls.
- Coordinate the execution of security integration activities across IT, infrastructure, and business teams.
- Ensure alignment of acquired entities to WSP's security policies, standards, and ISO27001-aligned ISMS.
- Track and report on integration progress, risks, and remediation activities.
- Ensure M&A activities are aligned with WSP's Information Security Governance framework and risk management processes.
- Act as the primary security advisor for M&A initiatives, providing guidance on risk acceptance, mitigation strategies, and prioritization.
- Maintain documentation and audit trail supporting due diligence decisions and integration activities.
- Participate in governance forums and provide updates on transaction-related security risks and status.
- Develop strong working relationships with Corporate Development, Legal, IT, and regional business leadership.
- Act as the central coordination point for all security-related M&A activities.
- Communicate complex security risks and integration strategies clearly to both technical and non-technical stakeholders.
- Support client-facing or third-party interactions where required during transactions.
- Assess third-party and inherited vendor risks associated with acquired entities.
- Ensure appropriate risk treatment plans are defined and executed for high/critical risks.
- Align acquired third-party relationships with WSP's third-party cyber risk management framework.
- Develop and enhance M&A security assessment methodologies, tools, and templates.
- Contribute to the evolution of WSP's security standards, policies, and playbooks based on lessons learned.
- Identify opportunities to streamline and automate assessment and integration processes.
- Support awareness and training initiatives related to M&A security risks across the organization.
The Skills That Set You Apart- Bachelor's degree in Information Technology, Computer Science, Business, Risk Management, or a related field (or equivalent experience).
- 4-8 years of experience in information security, IT risk, or cybersecurity, including at least 2 years supporting M&A security due diligence or integration.
- Proven experience leading security risk assessments, control evaluations, and compliance activities.
- Strong project management skills with the ability to lead multiple concurrent workstreams end-to-end independently.
- Working knowledge of ISO 27001, NIST CSF, and CIS Controls.
- Broad expertise across core security domains including IAM, network and endpoint security, data protection, vulnerability management, and monitoring.
- Experience in third-party/vendor risk management and security assessment methodologies.
- Strong communication, stakeholder engagement, and analytical skills with the ability to operate in fast-paced environments.
CompensationAB, BC, NT, NU, SK & YT: $135,200 - $179,100
MB & ON: $123,300 - $169,800
NB, NL, NS, PE & QC: $122,100 - $162,200
Disclosure:The final salary awarded for this role may vary from the above range based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, and business or organizational needs. The wage range provided in this job posting may be subject to change for business purposes.
Ready to Drive Secure Growth? Make Your Mark.Join WSP and play a critical role in enabling secure, strategic business transformation. Your expertise will directly shape how we evaluate risk, integrate new organizations, and safeguard our future.
Apply today and help redefine what secure growth looks like.
#LI-Hybrid