Your role and key responsibilities

The Information Security Officer (ISO) for PowerCo Canada is accountable for establishing, operating, and continuously improving the local information security program across IT and Operational Technology (OT). The ISO ensures that security controls, governance, and risk management practices align with PowerCo/VW Group security requirements, Canadian regulatory expectations, and industry best practices-while enabling safe, reliable manufacturing operations.
This role leads the local implementation of security policies, drives risk assessments, coordinates incident response, and ensures security is embedded in key programs such as factory IT/OT networks, business applications, MES/quality systems, end-user computing, vendor services, and cloud integrations.

What you bring to the team

Governance, Risk & Compliance (GRC):
• Support the implementation and operation of the local ISMS (ISO 27001 aligned) under guidance from Corporate InfoSec
• Contribute to information security governance, risk, and compliance activities at the site level
• Assist in maintaining the risk register, performing risk assessments, and tracking mitigation actions
• Support selection and adaptation of security control frameworks in alignment with corporate standards
• Ensure compliance with applicable regulations, policies, and standards
• Contribute to reporting for local management and the CISO

OT / Industrial Security (Factory Environment):
• Support the protection of confidentiality, integrity, and availability (CIA) of IT and OT systems
• Work with engineering and operations to implement security controls for industrial environments (MES, production networks)
• Ensure security principles are considered in system design and implementation
• Assist in identifying and mitigating risks specific to factory and OT environments

Security Operations & Incident Management:
• Support incident response activities, including investigation and documentation of security events
• Participate in major incident investigations and contribute to root cause analysis and corrective actions
• Assist in vulnerability management, including tracking remediation and validating closure
• Work with SOC/CSIRT and service providers to ensure effective operational security

Third-Party / Supplier Security:
• Support vendor security assessments and onboarding activities
• Ensure security requirements are understood and applied in supplier engagements
• Assist in monitoring third-party compliance and risk mitigation actions

Security Architecture & Projects Enablement:
• Contribute to the implementation of security and safety strategies defined at corporate or site level
• Provide practical security guidance to IT, OT, and project teams
• Support integration of security requirements into projects, systems, and solutions
• Align local implementations with global security standards and architecture

Awareness, Culture & Training:
• Support the rollout and adaptation of global information security strategy at the site level
• Deliver and coordinate security awareness and training initiatives
• Promote a security-conscious culture across IT, OT, and business teams

Metrics & Reporting:
• Prepare regular reports on risks, incidents, and compliance status for local leadership
• Support communication and alignment with corporate security and CISO organization
• Take ownership of assigned security domains or controls, ensuring effective implementation and maintenance
• Contribute to audit preparation and remediation tracking

What makes you stand out
• Bachelor's degree in IT, Cybersecurity, Engineering, or equivalent practical experience
• 5+ years in cybersecurity, information security, IT risk, or related roles
• Experience with manufacturing/industrial environments and/or OT security concepts (preferred)
• Security frameworks: ISO 27001/27002, NIST CSF, CIS Controls (one or more)
• Identity/access management, endpoint security, logging/monitoring, vulnerability management
• Networking fundamentals: segmentation, firewalls, remote access, secure protocols
• Strong ability to translate security needs into business-friendly decisions that support production continuity
• Ability to analyze complex problems and develop effective solutions
• Excellent verbal and written communication skills to convey technical concepts clearly
• Experience in multicultural and cross-functional environments
• Passion for continuous learning and innovation in security technologies
• Ability to work effectively in a team and collaborate with various stakeholders
• High self-motivation and the ability to work independently and proactively

Preferred Qualifications
• Experience securing OT environments (ICS/SCADA), including segmentation and secure remote support
• Familiarity with industrial security standards and guidance (e.g., IEC 62443 concepts)
• Experience with enterprise ecosystems such as SAP, manufacturing execution systems, and integrated plant applications
• Certifications (one or more): CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, GIAC, or equivalent
• Experience collaborating with global security teams in a matrix organization

What to look forward to
• Attractive Remuneration: The expected competitive compensation range for this position is $86,400- $128,520 CAD, which includes base pay and target amount of short term incentive plan.
• In addition we offer competitive benefits: our program is flexible to allow you to make the selections and get the coverage you need.
• Pension and Retirement Savings: We contribute to a Registered Pension Plan and matching contribution to a retirement savings plan.
• Employee Assistance Plan: We offer an Employee Assistance Plan which can support you in mental health, physical wellness and overall wellbeing.
• Vacation Allowance: We offer our employees competitive paid time off. Plus, you don't need to take any vacation days from December 24 to December 31.
• Opportunities for development.
• Relocation Support.
• Opportunities to participate in exciting company events that give back to the community.

We are committed to fair and equitable compensation practices. Our compensation is determined based on a combination of factors including but not limited too relevant years of experience, education, and alignment with the responsibilities and qualifications outlined in the job description.

This posting is for a currently vacant role.

#LI-Onsite

Company: PowerCo Canada Inc.

Location: