Director, Information Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (Master’s preferred).
• 15+ years of progressive experience in information security roles, with 5+ years in a leadership capacity.
• Demonstrated success building and leading enterprise security programs in an organization of similar scale (3,000–10,000 employees).
• Strong knowledge of cloud security (Azure, AWS, M365), identity management, and modern hybrid IT environments.
• Proven experience developing and managing security budgets and vendor contracts.
• Exceptional communication and presentation skills, with the ability to influence at all levels of the organization.
• Deep understanding of risk management, data protection, and business continuity principles.
• Strategic thinker with the ability to balance security rigor and business agility.

Nice To Haves

• CISSP, CISM, CISA, CCISO, or equivalent executive-level security certification.
• ISO 27001 Lead Implementer / Auditor, or NIST-based certification is an asset.

Responsibilities

• Develop and execute a comprehensive enterprise information security strategy aligned with business goals and risk tolerance.
• Establish a security governance framework, policies, and standards consistent with ISO 27001, SOC II, NIST, and other relevant frameworks.
• Lead the creation and execution of the organization’s security roadmap — encompassing people, process, and technology improvements.
• Present regular security posture updates, metrics, and risk assessments to executive management and the board of directors.
• Identify, assess, and manage information security risks across corporate and operational environments.
• Ensure compliance with applicable regulations and standards such as PIPEDA, GDPR, SOC 2, PCI DSS, and provincial/federal privacy laws.
• Direct the execution of periodic security risk assessments, internal audits, and third-party reviews.
• Partner with Legal and Privacy teams to oversee incident response, data breach notification, and regulatory reporting requirements.
• Oversee day-to-day security operations, including threat detection, monitoring, vulnerability management, and incident response.
• Lead the deployment and management of security technologies (SIEM, EDR/XDR, IAM, DLP, CASB, MFA, encryption, etc.).
• Manage and continuously improve the Security Operations Center (SOC) and incident management processes.
• Coordinate with IT infrastructure and cloud teams to ensure secure architecture design, patching, and access control.
• Build, mentor, and lead a high-performing information security team, fostering a culture of accountability and continuous improvement.
• Partner with IT and business units to embed security-by-design principles into projects, procurement, and system development.
• Collaborate with HR and Corporate Communications to drive security awareness and training programs for all employees.
• Act as the organization’s security spokesperson during audits, client assessments, and vendor negotiations.
• Oversee third-party risk management programs and ensure vendors meet the company’s security standards.
• Evaluate and approve security controls for external partnerships, SaaS platforms, and cloud providers.

Benefits

• Competitive total cash compensation that recognizes and rewards your contribution.
• Flexible benefits from day one.
• Market leading personal time off policy.
• Reimbursement for wellness initiatives that fit your lifestyle.