Corporate Security Director

This is a flexible position and has the option of working in our Toronto office full time, hybrid throughout the week or working entirely remotely.

Position Summary

The Corporate Security Director will be responsible for providing security related expertise to internal stakeholders related to security control design, implementation as well as monitoring the effectiveness of the control environment, and its alignment to applicable standards, including the SOC 2 control framework. The role will seek to educate, influence and partner with leaders and stakeholders across the organization, including our Product & Technology and Information Technology departments, to assess security risks and threats, and to provide analysis of security trends affecting the organization, our customers and the industry. The Corporate Security Director will cultivate risk awareness across the organization through conducting and sharing the results of security assessments of the control environment, tracking and reporting on security metrics and regularly reporting to leadership at all levels of the business.

What You Will Do

• Effectively communicate with stakeholders at various levels of the business
• Oversee the third-party risk program including conducting due diligence reviews of third party vendors
• Participation in the Security and Risk Committee to present emerging risks and report on security risks and remediation activities
• Ensure that effective controls are designed and deployed across the business to ensure alignment with applicable standards (e.g. SOC2) and manage regular security audits and relationships with auditors
• Maintain knowledge of applicable global security and accreditation standards, and monitor changes in regulatory and technology landscape to ensure compliance
• Work with the product development and engineering teams to ensure products and services comply with regulatory requirements
• Manage the security vendor management process to key assess vendors, identify the risks associated with their services, and track those risks until they are adequately mitigated
• Manage the internal risk register, partner with risk owners to assess and document risks, oversee mitigation plans and track risks from inception to remediation.
• Support the development of enterprise security policies and procedures and participate in the Policy Review Committee
  
  

Does this sound like you?

• Excellent communication, presentation and leadership skills
• 8+ years of relevant experience designing and operating effective information security controls in a matrix-based environment
• Strong risk management skills, with a working knowledge of risk management frameworks and processes
• Proven experience conducting risk assessments of technologies, processes, third-party vendors etc.
• Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: SOC 2, ISO 27001/2, GDPR, etc.
• Experience leading and influencing within a matrix-based organization
• Professional security designations including CISSP, CRISC, CISM
• Experience with a broad set of security technologies and processes including Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments