Company Overview
At IMS, we're transforming the way the world drives. As a leading provider of connected car and telematics solutions, we deliver cutting-edge services and analytics to insurers, governments, and enterprises worldwide.

Our cloud-based DriveSync platform is at the heart of what we do - an industry-recognized solution that empowers smarter decision-making and better driving outcomes. From enhancing road safety to enabling intelligent mobility strategies, our technology is designed to make driving safer and smarter for everyone, from global insurers to local governments and everyday drivers.

Description

At IMS, were on a mission to make driving safer and smarter through connected car and telematics innovation.

The Associate Information Security Compliance Officer (AISCO) is an important member of the IMS Information Security team, assisting in safeguarding the companys data, infrastructure, and digital assets. This role helps to ensure that IMSs security framework aligns with ISO27001, industry best practices, and legal and regulatory requirements. The AISCO will helpcarry out security audits, policy review, incident management, and continuous improvement of IMSs cybersecurity posture along with adherence and adoption of relevant market regulations.

This position requires a blend of technical expertise, analytical research and thinking skills, and good clear communication with the confidence to collaborate with various stakeholders across the organisation. The ideal candidate will be a proactive problem solver who can identify risks, recommend solutions, and assist in the implementation of security controls to protect IMSs global technology ecosystem.
In this role, you will be responsible for:

Security Compliance & Risk Management

• Assist in the development, implementation, and enforcement of information security policies, standards, and procedures in compliance with ISO27001, GDPR, NIST, and SOC frameworks.
• Conduct internal security audits and coordinate external audits to assess compliance and effectiveness of security controls.
• Perform privacy impact assessments in line with regulatory requirements.
• Identify and assess cybersecurity risks across IMS systems and recommend appropriate remediation actions.
• Maintain all InfoSec framework certifications, ensuring compliance with regulatory and customer requirements.
• Collaborate with legal and compliance teams to ensure IMS meets data privacy laws and security regulations across different jurisdictions.

Incident Detection, Response & Management

• Monitor network and system logs for security incidents, unauthorized access, or vulnerabilities.
• Investigate security breaches, analyze attack vectors, and document security incidents, including impact assessments and recommended mitigations.
• Maintain incident response plans (IRPs) to ensure rapid and effective response to security events.
• Coordinate forensic analysis and liaise with law enforcement or regulatory agencies when required.
• Ensure security alerts are appropriately triaged, investigated, and escalated following IMS security protocols.

Third-Party Security Assessments

• Conduct risk assessments and security audits for IMSs third-party vendors, partners, and suppliers.
• Work with external security consultants to evaluate and approve new third-party integrations.
• Ensure third parties comply with IMSs security and data protection requirements before onboarding.
• Review and update vendor security contracts, ensuring alignment with IMS security standards.

Customer Security Assessments

• Complete security questionnaires and assessments from current and prospective clients.
• Facilitate remote and onsite data privacy audits with IMS customers.
• Review contractual security clauses and verify operational adherence.

Security Operations & Infrastructure Protection

• Oversee the implementation and operation of firewalls, intrusion detection systems (IDS), endpoint protection, data loss protection (DLP) tools, and other security solutions.
• Work closely with IT and DevOps teams to ensure secure cloud architecture and adherence to IAM (Identity & Access Management) policies.
• Maintain encryption, access control, and authentication protocols to secure sensitive data.
• Assist with the co-ordination of regular penetration testing and vulnerability scanning to assess security posture.
• Monitor emerging cybersecurity threats and recommend updates to IMS security technologies and defenses.
• Oversee the continual development and testing of Business Continuity (BC) and Disaster Recovery (DR) plans.

Policy Development & Employee Training

• Assist within the update of information security policies, ensuring they reflect evolving threats and business needs.
• Conduct company-wide security awareness training to educate employees on best practices, phishing prevention, and data protection.
• Serve as an internal security advisor, providing guidance to IT teams, leadership, and employees on secure operations.
• Check for adherence to secure coding practices for IMS software development teams.

Continuous Improvement & Industry Trends

• Stay informed on latest cybersecurity trends, threats, and evolving regulatory requirements.
• Research and suggest innovative security technologies to enhance IMSs resilience against cyber threats.
• Drive security automation and orchestration where possible to improve response times and reduce manual processes.
  

Requirements:

• Good knowledge of cybersecurity frameworks such as ISO27001, NIST, SOC 2, and GDPR compliance.
• A Cyber Security qualification, or a relevant Insurance Compliance qualification related to GDPR and security.
• A basic understanding of the function of network security tools, anti-virus/malware, SIEM systems, firewalls, and intrusion detection systems.
• Ability to deliver security reports and communicate security concepts to technical and non-technical audiences.
• Good organisational skills with the ability to prioritise and manage multiple security initiatives.
  

Bonus Qualifications & Experience:

• ISO27001 ISMS certification (Lead Internal Auditor or Lead Implementer).
• Knowledge of cloud security (AWS, Azure, Google Cloud) and secure DevOps practices.
• Experience working with SOC audits and GDPR compliance programs.
• Hands-on experience with incident response and forensics.
• Understanding of zero-trust security models, identity management, and endpoint security.
• Experience working in a regulated environment that requires practical application of GDPR and information security.
• Background in IT administration, networking, or software security engineering.
  

Why should you join us?

• Brand new collaborative, open-concept office for those days when you want to work collaboratively in person! Were located in the Waterloo tech hub: the David Johnson Research + Technology Park
  - Flexible remote working options
  - Opportunity to work within a global team
  - Were an innovative technology leader with plans for growth in the global telematics industry. These are some exciting times!
  - Company-paid group health (and dental) benefits program, with no waiting period and they start from day one!
  - RRSP matching program
  - Flexible holiday policy to really make the most of your time and wellbeing
  - 'Work from Anywhere' Policy - work almost anywhere in the world for 30 days per year!
  - Paid volunteering days
  - Employee Assistance Program
  - Enhanced maternity/paternity leave
  - Employee Recognition Hub

Even if you do not meet all of the above criteria, please consider applying! If you have any questions, do not hesitate to get in touch with our HR team, [email protected]
IMS is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.