ARE YOU A SEASONED CYBERSECURITY AND IT RISK PROFESSIONAL?
We are working with a great fintech firm in the West GTA to recruit a Director of IT Security and Risk to run the security team!
Senior Director of IT Security
About the Opportunity
- This role is responsible for the overall organizational security strategy, security program oversight and security architecture development for the organization. The scope of this role covers all utilized security technologies and services, including protection services, perimeter defenses, physical and logical access control, and user profile management of all employees, contractors and visitors
- As the organization's senior security officer, this person also has enterprise-level responsibility for all data/information security policies, standards, evaluations, roles, and organizational awareness
- IT Security Program
- Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets
- Proactive and innovative approaches are investigated and implemented appropriately ensuring security program adequately safeguards the organization against advanced threats
- Provide leadership through strong working relationships and collaboration to develop strategic goals for information security compliance and risk mediation
- Liaise with external agencies as necessary to ensure the organization maintains a strong security posture against relevant threats and advancing threat landscape
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and to continuously increase the maturity of the information security program
- Policies, Procedures, Standards, and Guidelines:
- Lead and coordinate the development and maintenance of information systems security policies, procedures, standards, and guidelines, ensuring compliance with federal and state laws and regulations
- Establish a security framework and ensure policies, procedures, standards, processes and controls adhere to framework requirements
- Establish monitoring and assessment processes to ensure compliance and adherence to established security policies, procedures, and standards
- Threat and Risk Management:
- Ensures threat and vulnerability resources and technology are proactively monitoring 24X7 potential threats and vulnerabilities and protection controls are implemented timely and appropriately to safeguard and maintain business operations
- Identifies and assesses risks in implementing business innovations. Provides an assessment of those risks to business stakeholders
- Design and execute penetration tests and security audits
- Support continuous monitoring activities, vulnerability scans, policy and procedure updates, configuration/incident management, and training
- Coordinate response to security audit requests from participant organizations and institutions and ensures any identified remediation activities are implemented within committed timeframes
- Monitors compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties
- Develop, motivate and provide leadership and direction to all staff
- Monitor employee performance and provide ongoing formal and informal feedback. Draft and administer staff performance evaluations in a timely manner
- Conduct weekly staff meetings to ensure all staff are informed of any company and/or departmental changes and updates
- Oversight of project teams dealing with IT security issues, optimizing the contribution of people involved
- Bachelor's degree in Computer Science or a related field, and 10-15 years of progressive IT Security experience, including cybersecurity and risk management, within a large corporate environment with at least 5 years in a management
- Must possess professional security management certification such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials
- Must demonstrate knowledge of common information security management frameworks and an understanding of relevant legal and regulatory requirements such as PIPEDA, HIPAA and Payment Card Industry (PCI Level 1 experience is required)
- Demonstrated experience of leading an advanced security program including sophisticated technologies in a defense-in-depth architected environment
$140,000 - $150,000/year
How to Apply
Click the “Apply Now” button and follow the instructions to submit your resume. Please note that we only accept documents in MS Word or Rich Text formats. When referencing this job, quote #22393.
You must currently reside within the Greater Toronto Area and be permitted to work in Canada to be considered for this opportunity. A recruiter will be in touch with you if your profile meets our client’s requirements for this role.
Lannick is the premier professional recruitment and staffing firm in the Greater Toronto Area. Founded in 1985, Lannick provides best-in-class finance, accounting and technology professionals at all roles and levels through its three divisions: Lannick Finance & Accounting, Pro Count Staffing and Lannick Technology. Lannick places more than 1,000 candidates annually and is a preferred vendor for Canada’s most successful organizations. Learn more at www.lannick.com.