WSP

Information Security Manager, Mergers & Acquisitions

WSP$122K — $162K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Business, Risk Management, or equivalent experience.
  • 4-8 years of experience in information security, IT risk, or cybersecurity, with 2 years in M&A security due diligence or integration.
  • Proven experience in leading security risk assessments and compliance activities.
  • Strong project management skills, capable of leading multiple concurrent workstreams independently.
  • Familiarity with ISO 27001, NIST CSF, and CIS Controls.
  • Broad expertise in IAM, network and endpoint security, data protection, and vulnerability management.
  • Experience in third-party/vendor risk management.

Responsibilities

  • Lead information security due diligence for mergers, acquisitions, and divestitures.
  • Perform pre-acquisition security risk assessments evaluating policies and technologies.
  • Identify key security risks and remediation requirements during M&A transactions.
  • Coordinate penetration testing activities and track remediation schedules.
  • Provide actionable risk reports and summaries for executive decision-making.
  • Support deal teams in defining security-related contractual requirements.
  • Develop and maintain security integration playbooks aligned with organizational standards.

Benefits

  • Leading role in shaping business security strategies through M&A initiatives.
  • Opportunity to work collaboratively across various corporate functions including Legal and IT.
  • Directly influence the success of strategic business transactions.
  • Access to professional development and training related to M&A security risks.
  • Develop methodologies and tools to enhance security assessments.
  • Exposure to high-profile transactions in a fast-paced environment.
Full Job Description
Job Description

The Opportunity

Drive Secure Growth Through Strategic Transformation

Play a pivotal role in shaping secure business growth as an Information Security Manager, Mergers & Acquisitions. In this role, you will lead critical security due diligence, risk evaluation, and integration efforts across acquisitions, divestitures, and joint ventures-ensuring every transaction aligns with WSP's security framework and risk posture.

You'll collaborate with Corporate Development, Legal, IT, and executive stakeholders to assess, advise, and integrate security practices within a fast-paced, deal-driven environment, directly influencing the success and resilience of strategic business initiatives across Canada.
Your Impact
  • Lead information security due diligence activities for mergers, acquisitions, and divestitures.
  • Perform pre-acquisition security risk assessments, including evaluation of policies, controls, technologies, and cyber maturity.
  • Identify key security risks, liabilities, and remediation requirements, including regulatory, contractual, and operational risks.
  • Work with security penetration testing vendors to coordinate, track, and evaluate penetration testing activities, as well as remediation schedules.
  • Coordinate breach assessment activities in line with transaction schedules.
  • Provide clear, actionable risk reports and executive-level summaries to support transaction decision-making.
  • Support deal teams in defining security-related representations, warranties, and contractual requirements.
  • Work with M&A Operations to develop and maintain security integration playbooks and frameworks aligned with WSP standards.
  • Define Day 1 security expectations as well as day 30/60/90 security integration plans where necessary, including identity, network, endpoint, data protection, and monitoring controls.
  • Coordinate the execution of security integration activities across IT, infrastructure, and business teams.
  • Ensure alignment of acquired entities to WSP's security policies, standards, and ISO27001-aligned ISMS.
  • Track and report on integration progress, risks, and remediation activities.
  • Ensure M&A activities are aligned with WSP's Information Security Governance framework and risk management processes.
  • Act as the primary security advisor for M&A initiatives, providing guidance on risk acceptance, mitigation strategies, and prioritization.
  • Maintain documentation and audit trail supporting due diligence decisions and integration activities.
  • Participate in governance forums and provide updates on transaction-related security risks and status.
  • Develop strong working relationships with Corporate Development, Legal, IT, and regional business leadership.
  • Act as the central coordination point for all security-related M&A activities.
  • Communicate complex security risks and integration strategies clearly to both technical and non-technical stakeholders.
  • Support client-facing or third-party interactions where required during transactions.
  • Assess third-party and inherited vendor risks associated with acquired entities.
  • Ensure appropriate risk treatment plans are defined and executed for high/critical risks.
  • Align acquired third-party relationships with WSP's third-party cyber risk management framework.
  • Develop and enhance M&A security assessment methodologies, tools, and templates.
  • Contribute to the evolution of WSP's security standards, policies, and playbooks based on lessons learned.
  • Identify opportunities to streamline and automate assessment and integration processes.
  • Support awareness and training initiatives related to M&A security risks across the organization.
The Skills That Set You Apart
  • Bachelor's degree in Information Technology, Computer Science, Business, Risk Management, or a related field (or equivalent experience).
  • 4-8 years of experience in information security, IT risk, or cybersecurity, including at least 2 years supporting M&A security due diligence or integration.
  • Proven experience leading security risk assessments, control evaluations, and compliance activities.
  • Strong project management skills with the ability to lead multiple concurrent workstreams end-to-end independently.
  • Working knowledge of ISO 27001, NIST CSF, and CIS Controls.
  • Broad expertise across core security domains including IAM, network and endpoint security, data protection, vulnerability management, and monitoring.
  • Experience in third-party/vendor risk management and security assessment methodologies.
  • Strong communication, stakeholder engagement, and analytical skills with the ability to operate in fast-paced environments.
Compensation

AB, BC, NT, NU, SK & YT: $135,200 - $179,100
MB & ON: $123,300 - $169,800
NB, NL, NS, PE & QC: $122,100 - $162,200

Disclosure:
The final salary awarded for this role may vary from the above range based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, and business or organizational needs. The wage range provided in this job posting may be subject to change for business purposes.
Ready to Drive Secure Growth? Make Your Mark.

Join WSP and play a critical role in enabling secure, strategic business transformation. Your expertise will directly shape how we evaluate risk, integrate new organizations, and safeguard our future.

Apply today and help redefine what secure growth looks like.

#LI-Hybrid

About WSP

WSP is a Canadian engineering consulting firm that provides services to transform the built environment and restore the natural environment. The firm's expertise ranges from environmental remediation and urban planning, to engineering iconic buildings and designing sustainable transport networks, to developing the energy sources of the future and enabling new ways of extracting essential resources. It has approximately 54,000 employees, including engineers, technicians, scientists, architects, planners, surveyors, program and construction management professionals, and various environmental experts. WSP has offices in more than 40 countries and territories around the world.
Learn more about WSP
Size
54,000 employees
Industry
Founded
1959

Similar Jobs

More Jobs at WSP

More Information Technology Jobs

Find similar Information Security Manager, Mergers & Acquisitions jobs: