Director, Cybersecurity

About The Position

Requirements

• 8+ years in cybersecurity with progressive responsibility; director or senior manager experience preferred.
• Deep working knowledge of the Microsoft security ecosystem: Sentinel, Defender suite, Purview, and Entra.
• Demonstrated ability to leverage AI to automate processes and keen interest in leveraging AI to drive observability and compliance in the security domain
• Demonstrated experience with compliance frameworks and audit processes: PCI DSS, PIPEDA, and GDPR.
• Proven track record managing a security vendor ecosystem including MSSPs and consulting partners.
• Hands-on experience with incident response, vulnerability management, and penetration testing programs.
• Strong program management and business communication skills — able to present risk clearly to non-technical senior leadership.
• Strategic and risk-minded, assesses the threat landscape clearly, sets priorities accordingly, and builds a plan the organization can execute against.
• A builder, energized by the opportunity to create structure and capability, not just maintain what's there.
• Credible across technical and non-technical audiences. Equally comfortable with a developer, a compliance lawyer, and a CFO.
• Proactive: surfaces threats and recommendations without being asked; never waits for an incident to drive improvement.
• Low ego and collaborative, builds through influence as much as authority; works well with legal, product, and business peers.
• Accountable, owns the security posture of the organization and does not deflect risk to vendors or colleagues.
• Committed to continuous learning: the threat landscape moves fast; this person moves with it.

Nice To Haves

• Relevant certifications preferred: CISSP, CISM, CRISC, or equivalent

Responsibilities

• Own the enterprise security roadmap. Work with legal, IT, and product leads to build out policy, data classification, and lifecycle management frameworks. Translate business risk into prioritized security investment and report on it clearly to senior leadership.
• Look after the full security stack: Sentinel, Defender for Cloud, Defender for Endpoint, Defender EASM, Purview, Dynatrace, SonarCloud, Barracuda, and Ninjio. Set configuration standards and runbooks. Run Sentinel as the primary SIEM: reviewing alerts, investigating incidents, and making sure everything gets triaged, logged, and resolved or escalated.
• Be the lead on our security vendor and partner relationships, including our external security consultants. Renegotiate, consolidate, and vet additions as the program evolves.
• Be the leader on PCI DSS, PIPEDA, and GDPR compliance for the IT domain. Manage the audit cycle with legal and development teams. Administer the vendor security assessment process for all third parties and respond to audit requests from our insurance providers and others.
• Institute Purview as our data governance platform, covering classification, DLP, information protection, and eDiscovery.
• Keep incident response plans documented, tested, and current. Oversee vulnerability management and pen testing programs.
• Partner with the Director IT and L&D to drive cybersecurity awareness and phishing simulation programs.
• Own the security metrics, spend, risk posture, and program ROI. Report monthly to IT and senior leadership in a format that tracks program maturity over time and supports good decisions on investment and risk.
• Be the internal authority on cybersecurity. Stay current on threats, tools, and governance trends through professional development and conferences.

Benefits

• Competitive compensation package with a strong pay for performance rewards approach.
• Employees have the opportunity to participate in incentive programs and compensation tied to business and individual performance.
• Employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act.