Director, Information Security Governance

MCAP at a Glance

Joining MCAP means you will be a part of our diverse workforce of highly talented individuals who are recognized for their expertise and success! At MCAP, your professional expertise, commitment to teamwork and passion for service excellence are recognized and rewarded with competitive total rewards offering, a career with continuous learning and development (formal & informal training), and exciting opportunities in a dynamic, entrepreneurial environment.

The Role

This position will be accountable for governance, risk, and control activities within MCAP’s Information Security program.

The role will be responsible for leading a team of professionals to build and maintain these programs.

You will act as a trusted advisor, ensuring that governance, risk, and compliance issues are identified, understood, and managed effectively within the information security program. You will provide communication and education to raise awareness and will effectively promote a culture of compliance and control and actively identify business process improvement opportunities.

This position will be accountable for cyber threat and risk assessments and risk monitoring.This will involve evaluation of threats and risks to the confidentiality, integrity and availability of MCAP assets and documenting the required capabilities and control measures to mitigate risks.

This position will be accountable for establishing capabilities to reduce the risks of data loss prevention in order to prevent unintended or risk data exposure.

This position will be accountable to ensure that controls are established, measured and maintained and comply with regulatory and industry best practices.

Training and Education

• Ensure MCAP’s enterprise level security awareness program is created, delivered, maintained and measured.
• Ensure awareness training and education provided to specialized areas (e.g. phishing campaigns, secure code development).
• Shift enterprise mindset to ‘security by design’.
  
  

Risk Management & Policy

• Create, maintain and evaluate security policies, standards and procedures to provide the direction for the information security program.
• Ensure policies are being followed, correcting violations as well as approving and tracking exceptions
• Evaluate threats and risks to the confidentiality, integrity and availability of information assets
• Ongoing review of identified risks to identity and respond to changes in risk landscape
• Create and maintain KRI’s to describe our risk posture.
  
  

Compliance, Audit & Review

• Track compliance obligations and monitor organizational adherence, making recommendations to meet new or changing requirements
• Review current state of compliance adherence, identify gaps and recommend gap-closure initiatives
• Evaluate risks associated with third-party suppliers and partner with vendor owner for response and remediation.
  
  

Data Security

• Identify and implement capabilities to help reduce and or prevent sensitive data from being inappropriately shared, transferred or used.
• Identify and implement capabilities to Monitor and control data movement within and outside, aiming to protect against data breaches.
• Restrict data use and transfer according to data sensitivity and handling instructions to prevent unintended or risk data exposure.
  
  

What You Bring To The Team

• 10+ years in information security with a focus on governance, risk and compliance
• Strong knowledge in security governance, risk and compliance practices & frameworks (e.g. NIST, ISO, CIS)
• Strong knowledge of security domains (e.g. application security, cloud security, data protection, identity management) and familiarity with desktop, server, application, database and network security principles
• Strong knowledge of enterprise business continuity processes, procedures, and standards
• Multiple years of experience with incident response and frameworks
• Team management
• Demonstrated ability to create and maintain corporate level security and privacy policy, procedures, etc…
• Creation and management of security awareness training programs
• Proven experience in developing a framework for process managing, monitoring, training and auditing
• Demonstrated ability to effectively engage leadership at all levels and to navigate through a large organization
• Demonstrated talent for building relationships, fostering collaboration, leading transformational change;
• Experience in the Finance Services industry mortgages
• Experience and general knowledge of security tools and technology
• Experience and general knowledge of systems, networks and cloud architectures
• Experience with risk analysis, penetration testing, and vulnerability management
• Experience and knowledge with information security and IT governance frameworks (e.g. CIS, NIST, ISO, SOC2, COBIT, ITIL)
• Minimum knowledge of cloud native development practices and design patterns using private or public cloud providers required
• Basic understanding of cloud patterns and infrastructure management using private or public cloud providers required
• Ability to prioritize in a dynamic, strategic and execution-oriented manner.
• Proven track record of being a dynamic, entrepreneurial, self-managed and action-oriented leader.
• Ability to lead change initiatives and to foster a positive employee relations environment.
• Excellent verbal and written communication skills with all levels of the organization.
• Proven diplomacy, tact, decision making and negotiation skills.
• Handles critical and sensitive information with the strictest confidentiality and privacy.
• Excellent problem-solving and conflict resolution skills
• Proven ability to coach, mentor and train staff
• Post-secondary degree in computer science or business.
• Information Security Certifications (e.g. CISM, CISA, CISSP)
• Business Continuity Certifications (e.g. ABCP, CBCP)
• Privacy Certification (e.g. CIPP, CIPM)
  
  

If this sounds like you and you are looking to be a part of one of Canada’s largest independent mortgage finance companies, then we want to hear from you!

Be A Part Of Something Great

MCAP is Canada’s largest independent Mortgage Finance company with over $150 billion in assets under management providing mortgage solutions for residential and commercial properties. For over 35 years, MCAP originates, trades, securitizes and services mortgages in offices across Canada. MCAP originates residential mortgages exclusively through the mortgage broker channel as we believe that a professional mortgage broker is a consumer's best option and MCAP actively promotes the services of mortgage brokers across the country. MCAP is also a leader in the Canadian residential construction lending market with over 25 years in the business. Our teams of dedicated professionals serve a variety of developer, construction and lender clients across Canada.

Position #: req2038

Employment Status: Permanent Full Time

Location: Waterloo; Ontario

Number Of Openings: 1

Department: Information Technology

Internal Job Title: Director, Information Security Governance

The above information in this description has been designed to indicate the general nature and level of work performed by employees in the position. It is not designated to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

MCAP provides equal opportunities for all applicants and is committed to fostering an inclusive, accessible environment, where all employees feel valued, respected and supported throughout the recruitment and employment process. If you require accommodation, we will work with you to meet your needs.