Chief Information Security Officer

This role is remote and open to candidates based in the Greater Toronto Area, Ontario, Canada.

Are you ready to open a world of opportunity in human resources services and talent mobility? Our clients include some of the largest and most recognized brands in the world. They’re innovators and leaders in their industries, making life-enhancing breakthroughs every day. We help them tap into those opportunities by placing their exceptional people where they need to be, anywhere in the world. When it comes to service, we set the bar for exceptional … and then we raise it with fresh ideas, leading tools and innovative approaches, and it’s all grounded in our values of truth, love, and integrity. We’re looking for exceptional people who share those values along with our passion for delivering the highest levels of service. If that sounds like you, and if you’re ready for a new career opportunity, we’d like to hear from you! Here’s to the world ahead.

We are seeking a visionary and business-aligned Chief Information Security Officer (CISO) to serve as a key member of the Graebel and IT leadership team. The CISO will provide the strategic roadmap and executive leadership for a world-class Enterprise Security Program that enables business innovation while aggressively mitigating risk.

This role directs the end-to-end planning, implementation, and governance of a resilient information security strategy. The CISO architects a culture of security that protects our global reputation, digital assets, and competitive advantage. The CISO is the primary authority for enterprise-wide cyber risk evaluations, regulatory compliance alignment, and security incident management. Part of our Graebel Senior Leadership Team and reporting to the CIO, with direct advisory access to the Executive Committee and Board, this leader must be an expert communicator capable of translating complex technical threats into financial and operational impact for all levels of leadership throughout the organization.

We are committed to fair and transparent compensation. The salary range for this role is based on several factors including experience, skills, and qualifications and is $250,000 to $300,000 CAD.

Essential Duties and Responsibilities

• Strategic Leadership: Oversight of Enterprise Information and cyber security policy, strategy, and execution driving a risk-based resilience model.
• Executive Influence: Interfaces with senior leadership and the Board of Directors to ensure information security is quantified in financial and business impact terms and aligned with strategic priorities.
• Stakeholder Communication: Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders, serving as a primary advocate for digital trust.
• Talent Cultivation: Supervise recruitment, development, retention, engagement, and organization of security staff, fostering a high-performance culture of continuous learning.
• Environment Management: Oversight of core security and infrastructure systems, managed security providers, and the security posture of the end-to-end supply chain.
• Policy & Governance: Develop, implement, maintain, and oversee enforcement of IT policies, procedures, and associated plans for system security administration and user system access based on Zero Trust architecture and industry-standard frameworks (e.g., NIST, ISO).
• Incident Orchestration: Accountable for security operations, incident oversight, identification, and response, focusing on rapid recovery and business continuity.
• Revenue Enablement & Customer Trust: Partner with Sales and Product teams to serve as an executive-level security advocate during the sales cycle; directly engage with key customers and prospects to articulate the company’s security posture and build the "Digital Trust" necessary to accelerate contract closures.
• Cross-Functional Collaboration: Collaborate with the wider IT department and business unit leaders on embedding security-by-design into enterprise and end-user processing technology.
• Cultural Transformation: Create a culture of cyber security awareness both within the IT organization and driving measurable behavioral changes for the business; proactively evaluates security trends, emerging AI-driven threats, and vulnerabilities to mitigate risk.
• Awareness & Advocacy: Oversees, develops, and delivers dynamic, role-specific security awareness training. Initiates, facilitates, and promotes activities to foster a shared responsibility model within the organization and related entities.
• Strategic Partnerships: Promote and oversee strategic security relationships between internal resources and external entities, including suppliers, partner organizations, and industry peer groups.
• Third-Party Risk Management (TPRM): Participates in the development, implementation, and ongoing compliance monitoring of all business associate, client, and supplier agreements to ensure rigorous security concerns, requirements, and responsibilities are addressed legally and technically.
• Market Intelligence: Remain informed on cyber risk trends and issues; advise, counsel, and educate executive and management teams on their potential impact to brand equity and shareholder value.
• Privacy & Compliance Integration: Works closely with Data Privacy leadership to ensure alignment between security and Global Data Privacy programs (e.g., GDPR, CCPA) including policies, practices, and investigations; acts as a strategic liaison to the Compliance and Legal departments.
• Risk Quantification: Responsible for periodic information security risk assessment, analysis, mitigation, and remediation utilizing data-driven risk modeling. Responsible for development and implementation of an integrated security enterprise risk management plan.
• Executive Communication: Interact with excellent written and communication skills, able to operate at both a visionary strategic level and high-impact operational level.

Required Skills

• Must have one or more of the following certifications: CISSP, CISM, or CISA
• High degree of proficiency with all levels of technology, data protection and security, including underpinning core network, system, development, AI and application technologies.

Required Experience

• 1-3 years managerial experience
• Education: Bachelor's degree in Information Systems / Technology required. 10 years’ relevant professional experience acceptable in lieu of formal education
• Typically possesses 10 plus years of relevant professional work experience. Requires prior management, supervisory or team leader experience.
• Proven experience in planning, organizing, and developing IT security system and infrastructure technologies.
• Experience in planning and executing security strategy, policies, and standards development.
• Proven people and business leadership ability
• Ability to motivate in a team-oriented, collaborative environment.

As a testament to our commitment to diversity, equity, inclusion, and belonging, and in alignment with our commitment to fair and transparent compensation, our salary bands are transparent both internally and as a part of our external recruitment process. The targets for this role are dependent on market/ geographic location and range from $250,000 to $300,000 CAD.

Graebel Companies, Inc. is an EEO/AA Employer M/F/Disabled/Vet