Chief Information Security Officer

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field required
• Proficiency with SIEM platforms (e.g., Sentinel) and SOAR tools for automated incident response
• Proficiency with cloud security platforms (e.g. Azure Defender)
• Proficiency with endpoint protection and EDR solutions (e.g., Defender, CrowdStrike, SentinelOne, Carbon Black)
• Knowledge of secure software development practices
• Familiarity with legal implications of cybersecurity, including breach-notification laws, data residency, and contractual risk
• Experience conducting third-party risk assessments, including vendor due diligence and contract negotiation for security SLAs
• Awareness of emerging technologies, including AI as a business and cybersecurity risk issue, cloud-native security, and zero-trust architectures
• Experience with OT/ICS environments, IoT security, or other specialized environments, where relevant to the industry
• Extensive expertise in cybersecurity domains, including network security, cloud infrastructure protection, application security, and data privacy. Candidate should demonstrate experience leading the design and implementation of layered security architectures across hybrid environments, with measurable outcomes in threat reduction.
• Thorough understanding of regulatory and compliance mandates, including SOX and PCI-DSS, with a proven ability to ensure enterprise-wide adherence. Candidate should be capable of interpreting complex compliance requirements and translating them into technical and procedural safeguards across business units.
• Proficient in leading security programs aligned with industry frameworks, such as NIST Cybersecurity Framework (CSF), ISO/IEC 27001/27002, and CIS Controls. Must be able to operationalize these frameworks into actionable policies and controls, and lead audits or assessments to validate compliance and maturity.
• Demonstrated experience in managing end-to-end incident response, leveraging threat intelligence and vulnerability management to proactively mitigate risks. Requires the ability to build and lead a responsive security operations function, including playbook development, forensic analysis, and post-incident reviews.
• Strategic mindset with the ability to align cybersecurity initiatives with business objectives, enabling secure growth and innovation. Must demonstrate success in influencing executive stakeholders and integrating security into digital transformation, product development, and strategic planning.
• Robust risk management and governance capabilities, including the development of enterprise risk registers and board-level reporting. Expected to lead risk assessments, define risk appetite, and implement governance structures that support informed decision-making and accountability.
• Strong background in financial stewardship, including security budgeting, vendor negotiations, and building scalable security programs. Must have experience managing budgets, optimizing spend, and evaluating third party solutions for cost-effectiveness and strategic fit.
• Proven leadership in cross-functional collaboration, driving security culture across IT, legal, HR, and executive teams. Able to foster alignment and shared ownership of security goals across diverse teams, resolving conflicts and driving consensus.
• Exceptional communication skills, with the ability to distill complex technical risks into actionable insights for senior leadership and board members. Experience preparing executive briefings, risk dashboards, and board presentations that influence strategic decisions.
• Experienced in crisis management and executive-level incident reporting, ensuring transparency and rapid decision-making during high-impact events. Able to lead under pressure, coordinate multi-stakeholder responses, and maintain trust through clear, timely communication.
• Skilled in designing and deploying enterprise-wide security awareness and training programs, fostering a proactive security-first culture. Track record of improving employee engagement and reducing human risk through targeted education, simulations, and behavioral analytics.
• Shows commitment to continuous learning through participation in industry conferences, executive leadership programs, or specialized training in emerging technologies such as AI security, zero trust, and cloud-native security.
• Demonstrated success in building and leading enterprise security programs, managing teams, and influencing strategic decisions.
• Minimum of 8+ years of progressive experience in information security, with at least 5 years in senior leadership roles (e.g., Sr. Manager, Director, CISO, or equivalent).

Nice To Haves

• CISSP (Certified Information Systems Security Professional) - is preferred
• CISM (Certified Information Security Manager) or CISA (Certified Information Systems Auditor) - preferred
• Master's degree in Cybersecurity, Information Assurance, Business Administration, or related discipline preferred

Responsibilities

• Own and lead enterprise-wide cybersecurity strategy, governance, and program execution.
• Setting the strategic cybersecurity direction for the company.
• Establishing, sustaining, and monitoring compliance with company cybersecurity policy and procedures.
• Ensuring the quality and effectiveness of cybersecurity safeguards, including conduct of internal and independent assessments that evaluate the cybersecurity capabilities of the company.
• Accountable for enterprise cyber risk management, including defining risk appetite, maintaining risk registers, and establishing governance structures that support informed decision-making and accountability.
• Assessing day-to-day incidents to determine actual or potential business impact and mobilizing incident response resources as appropriate.
• Monitoring the security postures of company IT and business supply chains.
• Performing quantitative and qualitative cybersecurity risk analysis.
• Vetting IT vendors and embedding security requirements into new applications, technologies, and business initiatives.
• Overseeing security architecture across cloud, on-premises, and hybrid environments.
• Understanding and developing security designs for IT and, where applicable, OT/ICS environments.
• Leveraging value from external relationships with cybersecurity experts.
• Providing board-level reporting on cybersecurity posture, material risks, risk trends, and program maturity metrics.
• Drafting presentations for review by executive management and delivering them to the board of directors and/or audit committee.
• Ensuring independent escalation of cybersecurity risks when necessary.
• Driving a culture of security awareness and shared accountability across the organization.

Benefits

• Flexible Hybrid Work Schedule
• Comprehensive benefits package, which includes dental, vision, life insurance, and extended health coverage
• Health or Personal Spending Account
• Employee & Family Assistance Program (EFAP)
• RRSP/DPSP Match Program
• Professional Development
• Convenient On-site Parking