Information Security Manager


At Gowling WLG, our dedication to excellence and quality service begins with our people. As a global law firm with offices across Canada, the U.K., Europe, the Middle East and Asia, we pride ourselves on sourcing and retaining top talent who bring energy, passion and commitment to the delivery of outstanding client service.

When it comes to diversity, we not only accept it — we celebrate it, support it and thrive on it. To create an engaging and rewarding place to work, we seek to attract talented people from a diverse range of backgrounds and cultures. Our aim is to help everyone reach their full potential and achieve their personal and professional goals.

Employee satisfaction is important to us. We work hard to ensure that our people are motivated, engaged and empowered. Our diverse group of legal professionals, law students, law clerks/paralegals, legal administrative assistants and business support staff work together as a team, and are respected and valued for their individual contributions.


Accountable for the development, implementation and enforcement of Gowling WLG (Canada)’s Information Security Management System (ISMS), Business Continuity Management (BCP) program, and associated compliance programs.  Ensures appropriate controls are in place for the security and protection of Firm information.

In conjunction with Risk Management, identifies, assesses and accurately reports security risks to information assets. Analyzes current and future business needs with relation to information security and business continuity compliance requirements, identifies potential gaps, evaluates options and ensures delivery of solutions.  Works with diverse stakeholders and clients to gather requirements.   

This position can be based in any of the following Gowling WLG offices: Ottawa, Hamilton, waterloo and toronto.


  • Develops and maintains the Firm’s Information Security Management System (ISMS) and its underlying policies, procedures, standards and guidelines.
  • In conjunction with IT, Risk Management, and stakeholders supports the development and maintenance of the Firm’s Business Continuity Program (BCP) and its underlying policies, procedures, standards and guidelines.
  • In conjunction with Risk Management, assesses information security risk and conducts functional and gap analyses to determine the extent to which key business areas and IT infrastructure comply with statutory, regulatory and client specific requirements.
  • Actively ensures administrative, physical and technical safeguards to protect Firm information against internal and external threats are implemented and regularly tested. Oversees engagement of external suppliers to perform independent verification and testing where appropriate.
  • Responds to client information security audits on behalf of the Firm’s partners and works with partners to ensure client audit requests are acknowledged and completed in a timely and professional manner.
  • Reviews and comments on information security provisions in RFPs and Outside Counsel Guidelines.
  • Oversees security audits of the Firm’s major suppliers and business partners to ensure supplier security posture is aligned with the business needs of the Firm and its clients.
  • Ensures that technology vulnerabilities are regularly identified and reported to IT operations for timely remediation, and provides reports to senior management on the status of IT vulnerability remediation efforts.
  • Evaluates and recommends new information security technologies and techniques that mitigate threats to Firm information.
  • Ensures and measures effectiveness of security awareness training programs for professionals and business support staff.


  • Strong working knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST.
  • Strong working knowledge of common business continuity management frameworks, such as ISO/IEC 22301.
  • Strong working knowledge of contemporary software and solutions used in the field of Information Security.
  • Experience with conducting and responding to client security audits (desirable but not essential)
  • Strong leadership, interpersonal and influencing skills.
  • Experience with contract and vendor negotiations.
  • Able to rapidly adapt and respond to changes in the environment and/or priorities.
  • Must be highly organized, detail-oriented, and an excellent multi-tasker.
  • Excellent written (including policy development) and oral communication skills.
  • High level of personal integrity, ability to professionally handle confidential matters and show an appropriate level of judgement.
  • Post-secondary education in the field of computer science or business administration, or an acceptable equivalent combination of academic training and professional experience.
  • Professional security management certification, such as CISSP, CISM, CISA or similar.
  • Minimum of 7 years of relevant business experience, preferably in a professional services environment.
  • Minimum of 3 years management experience.

application details

If you are interested in this opportunity, please send your resume via email to including the job title and the code O18FIRMIT003 in the subject line.

Gowling WLG is proud to be an equal opportunity workplace. We are committed to offering equal employment opportunities regardless of race or racial group, religion or belief, sex, sexual orientation, age, marital status, disability or gender identity. We foster an inclusive, equitable and accessible environment.

If you have a disability or special need that requires accommodation at any time during the recruitment process, please let us know.

While we appreciate all applications received, only those candidates selected for an interview will be contacted.