Vice President, Information Security

Procare Solutions•Quinte West, ON

1d•Hybrid

About The Position

The VP Information Security is a senior leader responsible for establishing and executing Procare’s enterprise-wide information security strategy, program, and culture. Reporting to the CTO this role will serve as the company's top security leader — translating complex cyber risk into business language, protecting customer data, enabling compliant product growth, and building a world-class security organization. This is an operationally engaged, high-visibility role that blends strategic vision with operational execution. The ideal candidate is a proven security leader who thrives in a fast-moving SaaS environment, understands how security is changing in an AI first world, and can operate confidently in the boardroom while remaining deeply trusted by engineering and product teams. Procare's security organization protects 40,000+ childcare centers and millions of families who depend on our platform daily. Our program includes: Mature compliance posture: SOC 2 Type II certified across all products; PCI DSS v4.0.1 Level 1 Service Provider; TX-RAMP authorized. Enterprise security tooling: CrowdStrike NextGen-SIEM, Contrast Security/Veracode for application security, Automox for patch management, Barracuda/Abnormal.ai for email security. Proactive security culture: Monthly product security meetings, CSIRT incident response team, public trust center (SafeBase), quarterly Security Steering Committee with C-suite participation. Parent company support: Member of Roper Technologies family with access to shared security resources, threat intelligence, and enterprise tooling.

Requirements

12+ years' of progressive experience in information security, with at least 4 years' in a CISO, Deputy CISO, or VP of Security role
Proven track record leading security at a B2B SaaS or cloud-native technology company; experience scaling security programs from growth stage to enterprise maturity
Deep expertise in cloud security architecture (AWS, Azure, and/or GCP), secure SDLC, and modern threat detection and response
Hands-on leadership of SOC 2 Type II and PCI audits; direct experience with ISO 27001, GDPR, CCPA
Demonstrated ability to communicate security risk to non-technical executives and board members; experience presenting to audit committees or governance boards
Experience managing security through enterprise sales cycles including customer trust reviews, penetration test sharing, and security questionnaire programs
Track record of building and scaling security teams from the ground up, including hiring, organizational design, and vendor management
Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field required; Master's degree or MBA preferred
Executive presence with the ability to build trust at board level and peer-level across the C-suite
Strong business acumen — understands how security decisions impact revenue, customer trust, and company valuation
Exceptional communication skills: able to explain complex security concepts in plain language to diverse audiences
Collaborative, low-ego leader who can influence without authority and build bridges between security, engineering, legal, and sales
Resilient under pressure; sound judgment in high-stakes incident scenarios
Skilled at managing competing priorities across multiple compliance programs, product teams, and parent company requirements; able to sequence initiatives and communicate trade-offs effectively
Core Security Platforms: Cloud security: Wiz, Orca, Prisma Cloud, or equivalent CSPM/CNAPP solutions
Endpoint/XDR: CrowdStrike, SentinelOne, Microsoft Defender, or equivalent
SIEM/SOAR: CrowdStrike NextGen-SIEM, Splunk, Sumo Logic, or equivalent
Identity/IAM: Okta, Auth0, Azure AD, or equivalent
Specialized Security Tools: Email security: Proofpoint, Mimecast, Abnormal.ai, or equivalent next-gen solutions
Application security: Veracode, Checkmarx, Contrast Security, Snyk, or equivalent SAST/DAST platforms
GRC/Compliance: Vanta, Drata, OneTrust, or equivalent automation platforms
Trust & transparency: SafeBase, Whistic, or equivalent trust center solutions
Patch management: Automox, Ivanti, or equivalent endpoint management platforms
Emerging Security Categories: AI security and governance tools (familiarity with landscape preferred)
Zero Trust architecture frameworks and implementation tools

Nice To Haves

Master's degree or MBA preferred
One or more industry certifications strongly preferred: CISSP, CISM, CCSP, CISA, CRISC, CEH

Responsibilities

Define, own, and continuously evolve a multi-year enterprise security roadmap aligned to business objectives, growth stage, and risk appetite
Serve as the primary security advisor to the executive leadership team, present security posture, risk metrics, and investment cases with clarity
Lead a high-performing security organization including Security Operations, GRC, AppSec, and Cloud Security functions
Champion a security-first culture across the company through education, executive sponsorship, and accountability
Translate technical risk into business impact using quantitative risk frameworks (e.g., FAIR) to influence budget and strategic decisions
Navigate Roper Technologies cybersecurity framework, maintaining compliance with mandatory foundational controls and implementing selected optional controls to achieve maturity targets; serve as primary security liaison to parent company
Establish AI security governance program to evaluate, approve, and manage AI tool adoption across the organization; implement controls for AI-specific risks including data leakage, prompt injection, and model security
Manage security across diverse product portfolio (5+ applications) with varying technology stacks, customer bases, and compliance requirements; ensure consistent security standards while accommodating product-specific needs
Build and maintain executive cybersecurity dashboards providing real-time visibility into security posture, risk metrics, and program progress for board, parent company, and executive leadership
Secure the company's SaaS platform and cloud environments (AWS/Azure/GCP) by driving secure SDLC, vulnerability management, remediation SLAs, and penetration testing programs
Partner with Product and Engineering leadership to embed security by design — shifting security left into development workflows without impeding velocity
Oversee Identity and Access Management (IAM), Zero Trust architecture, data encryption, and cloud security posture management (CSPM/CNAPP)
Define and maintain security standards for APIs, microservices, container security, and third-party integrations
Own and maintain the company's Information Security Management System (ISMS), risk register, and policy framework
Lead and maintain Type II and PCI DSS v4.0.1 certifications; oversee ISO 27001, TX-RAMP, GDPR, CCPA, and other applicable regulatory frameworks
Manage customer security questionnaires, enterprise security reviews, and security-related RFP/procurement processes in partnership with Sales and Legal
Develop and enforce vendor and third-party risk management programs to minimize supply chain exposure
Ensure compliance with applicable federal, state, and international data privacy and security regulations
Manage state-specific compliance programs including TX-RAMP certification with quarterly vulnerability reporting and evidence submission requirements
Implement and maintain customer trust center and security documentation portal to streamline enterprise security reviews and RFP processes
Lead supply chain security and vendor breach response program; assess impact of third-party compromises and coordinate remediation across affected systems
Ensure compliance with child data protection requirements and education sector-specific regulations; implement specialized controls for sensitive family and student information
Lead a 24/7-capable security operations capability including SIEM, EDR, XDR, and threat intelligence platforms
Own the cyber incident response program: detection, investigation, containment, communication, and post-incident review (PIR) processes
Test business continuity and disaster recovery plans with cross-functional stakeholders
Monitor emerging threat intelligence; proactively brief leadership on ransomware, social engineering, supply chain, and AI-driven threat vectors
Lead Zero Trust architecture planning and implementation across corporate and product environments as multi-year strategic initiative: coordinate with infrastructure, network, and identity teams
Oversee corporate IT security including endpoint protection, patch management, and corporate network security controls
Implement enterprise patch management programs using automated tools to ensure timely remediation of vulnerabilities across workstations and servers
Direct Active Directory security assessments and identity hygiene programs across all domain instances
Ensure MFA enforcement for all privileged accounts and coordinate rollout of authentication requirements for staff and customers
Recruit, develop, and retain a diverse security team including Security Engineers, Analysts, GRC Specialists, and an AppSec function
Define team structure, career ladders, OKRs, and budget for the security organization
Manage external security vendors, MSSPs, auditors, and counsel relationships