Head of Information Security

Job Description:

Strategic Leadership

• Define and execute the enterprise cybersecurity strategy, roadmap, and operating model aligned with business objectives, risk appetite, and governance frameworks.
• Embed cybersecurity into enterprise architecture, technology initiatives, and the secure software development lifecycle (SDLC).
• Integrate cyber and technology risks into the broader enterprise risk management framework.
• Advocate for cybersecurity across the organization, fostering a security-first culture and continuous improvement.
• Engage with external industry bodies, regulators, and partners to maintain awareness of emerging threats and best practices

Operational Excellence

• Lead cybersecurity operations including threat monitoring, intelligence, vulnerability management, penetration testing, and proactive threat hunting.
• Direct incident response, crisis management, escalation, and post-incident reviews, ensuring effective executive communication.
• Develop, test, and continuously enhance incident response, disaster recovery, and cybersecurity components of business continuity planning.
• Oversee data protection, privacy, and data loss prevention (DLP) programs.
• Manage cybersecurity technologies, tooling, and vendor relationships to support organizational security objectives.
• Design and deliver cybersecurity awareness and training programs for staff.

Governance, Risk & Compliance

• Establish and maintain cybersecurity governance, policies, standards, and procedures.
• Lead third-party and vendor cybersecurity risk management programs.
• Own and manage all cybersecurity and data privacy regulatory compliance initiatives (e.g., SOC 1/2, ISO 27001, GDPR, PIPEDA).
• Lead audits, certifications, and regulatory engagements; prepare and present cybersecurity risk and compliance updates to executive leadership.
• Define, monitor, and report cybersecurity metrics, KPIs, and risk indicators.
• Oversee alignment of physical security controls with cybersecurity measures for comprehensive asset protection.

What We Offer:

• Employee Ownership –As an employee-owned firm, we believe in rewarding those who contribute to our collective success. Team members have the opportunity to become future shareholders and grow alongside the firm.

• Open and Transparent Culture – We value open dialogue, collaboration, and trust. Everyone has a voice, and ideas are encouraged—whether they come from a new hire or a long-time partner.

• Team-Oriented and Supportive Environment – You’ll work closely with experienced professionals who are approachable, respectful, and invested in each other’s success.

• Leadership Opportunity – This is a high-impact leadership role during a critical modernization phase providing an opportunity to leave a lasting, well-governed security and risk foundation.
• Competitive Compensation – Salary for this role typically falls between $150,000 – $200,000, with potential flexibility for highly experienced candidates.

Job Qualifications:

• 10+ years of experience in information technology with at least 5 years in a senior cybersecurity leadership role.

• Proven ability to develop and execute strategic cybersecurity plans and communicate effectively with executive leadership

• Experience in regulated financial services, preferably investment fund industry, with strong understanding of technical and business processes

• Advanced knowledge of enterprise architecture, identity and access management (IAM), and security technologies

• Demonstrated experience in vendor management, capacity planning, and change management

• Demonstrated experience leading regulatory compliance programs and audits in financial services, including SOC 1 / SOC 2, GDPR, PIPEDA, and ISO 27001

• Proven ability to develop, track, and report cybersecurity metrics and KPIs

• In-depth knowledge of Azure infrastructure, cloud applications, and enterprise-level cloud technologies

• Experience developing, testing, and leading incident response and crisis management programs

Education & Certifications:

• University Degree or College Diploma in Computer Science, Information Security, or related field

• CISSP, CISM, and CRISC certifications