Here’s a little song we wrote about you:  you’re a leader with a strong technical background. You're pretty awesome at developing and implementing a risk based cyber security & data privacy strategy, defining roadmap and operating model that leverages collaboration and company-wide resources, facilitating industry standard information security governance, advising senior leadership on cybersecurity & privacy risks and threats and investment strategies, and documenting appropriate policies and procedures to manage information security risks.

Now we get to brag about us: Lightspeed powers small and medium-sized businesses in over 100 countries around the world with its cloud-based commerce platform. Its smart, scalable, and dependable all-in-one Point of Sale software system helps restaurants and retailers sell across channels, manage operations, engage with consumers, accept payments, and grow their business. Founded in 2005 with offices in Canada, USA, Europe and Australia, Lightspeed recently completed its initial public offering on the Toronto Stock Exchange (TSX: LSPD). We're passionate about enabling people to do their best work. Come work with us and find out what you can do.

Primary responsibilities

  • Maintain, support, and operate the Information Security GRC framework, including all related processes and procedures as well as their dissemination, and constant evolution to adapt to the business realities.
  • Ensure Lightspeed operates within the boundaries given by PCI DSS, SOC2, PIPEDA and GDPR.
  • Communicate and support security recommendations to meet business objectives in a proactive and pragmatic manner, ensuring an appropriate level of engagement with stakeholders and contributors to ensure success.
  • Assist Internal Audit, External Audit, Legal, Oversight committees and outside consultants as appropriate on required security assessments and audits.
  • Ensure all issues raised during independent testing and assessment activities are appropriately tracked and actioned as part of development/product backlogs.
  • Work closely with technology leaders, technical experts, and business leaders across the company providing SME support and guidance on cybersecurity & privacy issues by advising on security issues, potential/threats and vulnerabilities and best practice controls.
  • Create an effective company-wide security education and awareness program to build awareness and a sense of common purpose around security.


  • Bachelor degree in a related field or relevant experience
  • A minimum of 6 years of experience in information security Governance, Risk and Compliance
  • Experience in governance, audit and control management
  • Knowledge of various industry standards and frameworks including ISO/IEC 27000 series, SOC2, NIST, Risk Management methodologies, and security evaluations methodologies.
  • Knowledge of security regulations, Sarbanes-Oxley Act, PCI-DSS standard.
  • Professional membership/certifications from recognised Security organisations e.g. CISSP, CISA, CISM.
  • Demonstrable internal and external relationship building skills and the ability to clearly articulate complex security concepts that influence decision making within a diverse corporate culture.
  • Exceptional communication skills necessary to advise and influence senior management, oversight committees and external organisations.


  • Experience with Agile development
  • Experience with Kubernetes and docker environments
  • Experience with bug bounty programs
  • Experience in the data, payment or financial industry
  • Experience in the retail and eCommerce industry
  • Bilingual (French and English)

And what about the rest?

In addition to the perks you see on the Careers page, you’ll get access to:

  • A beautifully renovated office space in a castle; one of the best development centres in Montreal;
  • An environment that encourages initiatives and leadership;
  • Happy hour every Friday afternoon;
  • Birthday treats every month to celebrate our employees;
  • Social events throughout the year;
  • Fun activities with your teammates - be part of the Lightspeed family;
  • Work with highly talented people who are as passionate about their craft as you are!

Apply for this Job

* Required