Director, IT Security & Governance

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field, or a similar combination of education and related experience
• 5 - 8 years of progressive experience in IT, with significant experience in security, risk management, or IT governance.
• Previous experience in an IT management role, with the ability to lead and manage the GRC function, develop and execute strategic plans, and guide the organization towards its GRC objectives.
• Strong executive communication and stakeholder management skills, with the ability to present complex GRC issues and strategies clearly and influence decisions
• Expertise in cybersecurity frameworks, governance models, and risk methodologies.
• Proven experience managing audits, regulatory compliance, and security incidents.
• Demonstrated ability to analyze complex data, interpret compliance requirements, and develop effective solutions.
• Demonstrated ability to identify, analyze, and effectively mitigate or manage cyber risks.
• Proficiency in planning, executing, and monitoring multiple projects simultaneously to ensure they are completed on time.
• Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and best practices.
• A commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.
• Availability outside of business hours to help troubleshoot critical production issues.

Nice To Haves

• Relevant professional certifications (CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor).
• Experience in regulated environments.

Responsibilities

• Ensure protection of data, systems, applications, and infrastructure across on‑prem and cloud environments.
• Deploy security awareness programs to promote a strong security culture.
• Ensure compliance with applicable data privacy and protection regulations, through the creation and maintenance of robust data handling and privacy policies.
• Collaborate with IT, Legal, Privacy, Risk, Compliance, and business leaders to drive integrated solutions.
• Provide expert guidance during major initiatives, digital transformations, and incident escalation events.
• Develop, maintain, and oversee GRC policies and procedures to ensure they are in accordance with applicable laws, regulations, and industry standards, including but not limited to ISO 27001 series, SOC1, SOC2, OSFI, PIPEDA.
• Manage and monitor the GRC aspects of third-party relationships to ensure that vendors and partners are adhering to the Canada Guaranty's GRC policies and relevant regulations.

Benefits

• competitive compensation
• company-matched retirement programs
• health and dental coverage
• flexible work options