Talent.com
Indigo
Director, Information SecurityIndigo • Toronto, ON, CA
Director, Information Security

Director, Information Security

Indigo • Toronto, ON, CA
30+ days ago
Job type
  • Full-time
Job description

Company Description

Indigo is a physical and digital place inspired by and filled with books, ideas, beautifully designed lifestyle products, and the creative people who help make it all happen. We believe in real books, living life fully and generously, being kind to each other and to the environment, and that stories — big and little — connect us. Indigo is our customer's happy place — for joyful moments of discovery and to connect with people who share their passion for reading, their belief in ideas, and their commitment to making the world a better and more beautiful place.

OUR GUIDING PRINCIPLES

Our Mission is to inspire reading and enrich the lives of booklovers. As such, we believe in the power of people and their stories. We aim to attract top talent, nurture the potential of our employees, and create space for everyone to thrive. Our Guiding Principles are the few key ideas that are meant to influence everything we do, every day.

  • We Will Hire, Inspire, Promote and Retain the Best
  • We Will Be Customer Centric
  • We Will Be Entrepreneurial
  • We Will Be Committed to Caring About Each Other, Our Communities, and Our Environment
  • We Will Be Committed to True and Shared Value Creation
  • We Will Be Systems Thinking, Data Driven and AI enabled

Job Description

MISSION

Accountable for establishing and executing the enterprise information security strategy to guarantee the confidentiality, integrity, and availability of Indigo’s information assets. This role proactively manages enterprise technology risk, ensures strict compliance with regulatory and industry frameworks, and safeguards data through the leadership of Governance, Risk & Compliance (GRC), Security Architecture, and Security Operations.

KEY PERFORMANCE METRICS

  • Zero critical preventable security breaches.
  • Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) within established operational SLAs.
  • 100% compliance with critical regulatory and industry frameworks (, PCI-DSS, PIPEDA).
  • High completion rates for enterprise-wide security awareness training.

KEY ACCOUNTABILITIES

Strategic

  • Develop and implement a comprehensive enterprise information security strategy that aligns with Indigo's business objectives and risk tolerance.
  • Partner cross-functionally at the senior level to embed security-by-design principles into all foundational technology and retail store operations.
  • Set and manage operational and capital budgets to ensure the cost-effective execution of security infrastructure and compliance initiatives.

Functional

  • Enterprise Risk Management: Establish and maintain a continuous IT risk assessment framework to identify, quantify, and mitigate cybersecurity risks across retail, e-commerce, and corporate environments.
  • Regulatory Compliance: Guarantee strict adherence to critical data protection regulations and industry frameworks (, PCI-DSS, PIPEDA) through systematic control validations and comprehensive security audits.
  • Policy Governance: Formulate, publish, and enforce data-driven information security policies, standards, and operational guidelines across the organization.
  • Security Architecture Integration: Embed secure-by-design principles, NIST framework methodologies, and threat modeling into the lifecycle of all cloud, network, and retail store systems.
  • Identity & Access Management (IAM): Oversee the enforcement of Zero Trust architectures, privileged access management, and robust authentication mechanisms to protect all enterprise assets.
  • Threat Monitoring: Direct 24/7 Security Operations Center (SOC) activities, utilizing threat intelligence and data analytics to proactively detect and analyze anomalous network behavior.
  • Vulnerability Management: Execute systematic vulnerability scanning, penetration testing, and data-backed remediation prioritization to continuously reduce the organizational attack surface.
  • Incident Response: Lead the enterprise security incident response process, directing rapid containment strategies and conducting empirical root-cause analysis to prevent recurrence.
  • Security Awareness: Implement measurable, enterprise-wide security awareness training and phishing simulations to cultivate a resilient, security-first workforce.
  • Third-Party Risk Management: Assess and continuously monitor the cybersecurity posture of IT vendors, supply chain partners, and integrated platforms to ensure strict alignment with Indigo's risk tolerance.

People

  • Accountable for the overall engagement, productivity, turnover and bench strength of the team
  • Supports the creation and maintenance of a talent succession plan
  • Collaborate with others to drive flexible and iterative solutions, quickly and easily
  • Share technical knowledge with others and actively seek to learn from those more knowledgeable than yourself
  • Help others see the impacts of their efforts and proactively engage other functions to get input
  • Encourage others to freely share their point of view and be open to feedback
  • Understand and follow Indigo's core HR process - staffing, performance management, rewards, and development
  • Ensures all team members are provided with clear performance objectives that are aligned with Indigo Functional and Departmental goals
  • Has the ability to see the total organization with an integrated perspective
  • Develops positive and productive peer relationships

Cultural

  • Model Indigo’s beliefs and convey a positive image in everything you do
  • Understands/demonstrates in a manner that promotes, and is aligned with, Indigo's Mission, Vision, Beliefs
  • As a leader, hold others accountable in maintaining the integrity of Indigo's culture
  • Celebrate diversity of thought and have an open mindset
  • Take an active role in fostering a culture of continual learning, taking risks without the fear of making mistakes
  • Embrace, champion, and influence change through your team and/or the organization

SCOPE

Reports to: VP, Enterprise IT

Manager once Removed (MOR): Chief Technology & AI Officer

KEY RELATIONSHIPS

Internal:

  • IT
  • Digital
  • Finance
  • Supply Chain
  • Commercial Group
  • Creative
  • Consumer Experience
  • Human Resources
  • Retail leadership

External:

  • Approved Vendors
  • External auditors
  • Regulatory bodies

Qualifications

Work Experience / Education / Certifications

  • Bachelor's or master’s degree in computer science, Information Systems, or other related field with at least 15 years of Information Technology experience.
  • Minimum of 10 years’ experience working in a leadership position.
  • A professional certification (or suitable compensating experience) in the audit (CISA, etc) or security field (CISSP or CISM for instance) considered an asset.
  • Strong experience working with frameworks and regulations (PCI, ISO, PIPEDA, GDPR, etc).
  • Strong understanding of network design, tiered and secure architectures.

Competencies / Skills / Attributes

  • Strategic thinker with analytical and problem-solving experience.
  • A strong ability to influence and discuss complex technology problems in business language.
  • Must be an excellent and polished communicator who may be called upon to create and present materials to the Executive Committee and the Board of Directors.
  • Fast-learner and multi-tasker with the ability to adjust their outlook and leadership style to respond to quickly changing business priorities.

Create a job alert for this search

Director, Information Security • Toronto, ON, CA

Similar jobs

Director, Security Operations, Information & Corporate Security

Canada Pension Plan Investment BoardToronto, ON, CA
Full-time

The Director, Information Security Operations will be a senior member of the Information Security group and Technology & Data department.The role will manage the Security Operations Center with dir... Show more

 • Promoted

Director, Internal Audit - Technology, Information Security, and AI

Fairstone Financial Inc.Toronto, ON, CA
Full-time +1

Fairstone Bank and its family of brands are united in delivering innovative, accessible and reliable financial solutions that enable Canadians to reach their goals.Over the years, our brand family ... Show more

 • Promoted

Director, Cloud Security & Iam Engineering - $125,000 - $210,000 A Year

S&P GlobalToronto, Canada
Full-time

Director role managing Identity and Access Management in cloud environments.Responsibilities include user account management and solution implementation. Show more

 • Promoted

Strategic Information Security Architect

ColliersToronto, ON, CA
Full-time

Transform global security architecture as a Strategic Information Security Architect.Spearhead cloud migration security strategies while ensuring systems are secure and compliant.This pivotal role ... Show more

 • Promoted

Sr. Director, Network Security Engineering - $150,800 - $251,300 A Year

McKessonToronto, Canada
Full-time

Leads network security engineering, developing and executing enterprise-wide strategies for protecting IT infrastructure.Oversees architecture, deployment, and optimization of security technologies. Show more

 • Promoted

Director of Information & Privacy Leadership

York UniversityToronto
Full-time

A leading international university in Toronto is seeking a compliance manager for privacy and information management.The role involves ensuring adherence to privacy legislation and managing request... Show more

 • Promoted

Senior Director, Cybersecurity & Risk Management

Staples CanadaRichmond Hill, Ontario, Canada
Full-time

Some of what you will do The Senior Director, Cybersecurity & Risk Management is responsible for designing, governing, and executing the enterprise-wide security and risk strategy that protects com... Show more

 • Promoted

Information and Applications Security Manager

Targeted TalentToronto, ON, CA
Full-time +1

Information & Application Security Manager.Location: Remote with monthly Site Visits in Northeast BC.Own and shape the security strategy for a mission‑critical, 24/7 operating environment.High‑impa... Show more

 • Promoted

Director for Cyber Security Operations Center

EQ BankToronto, ON, CA
Full-time

Lead the Cyber Security Operations Center as Director, overseeing the integration of subsidiary SOCs for enhanced operational efficiency.This role requires a strategic mindset and exceptional leade... Show more

 • Promoted

Director, Security Architecture & Engineering, Information & Corporate Security

CPP Investments | Investissements RPCToronto, Ontario, Canada
Full-time

Role Summary We are seeking a highly skilled and experienced Director of Security Architecture and Engineering to lead and expand our security engineering and architecture efforts.This pivotal role... Show more

 • Promoted

Director, Cloud Security & Iam Engineering

S&P GlobalToronto, Canada
Full-time

A leading financial data provider is seeking a Director for Cloud Engineering to manage Identity and Access Management.Responsibilities include user account management, IAM solution implementation,... Show more

 • Promoted

Manager of Information Security

Insight GlobalToronto, Ontario, Canada
Full-time

Get AI‑powered advice on this job and more exclusive features.We are seeking a Manager, Information Security to lead initiatives that strengthen fraud detection, authentication, and Customer Identi... Show more

 • Promoted

Senior Manager, Information Security - C$95,000 - C$142,400 A Year

MeridianToronto, Canada
Full-time

The Senior Manager will lead the cybersecurity team, implement the Cyber Security Strategy, and manage incident response. Show more

 • Promoted

Director, Internal Audit - Technology, Information Security, and AI

Fairstone BankToronto, ON, CA
Full-time +1

Fairstone Bank and its family of brands.Canadians to reach their goals.Over the years, our brand family has grown.In 2024, Home Trust Company, Home Bank and Oaken Financial became part of the Fairs... Show more

 • Promoted

Information Technology - Director, Governance, Risk & Compliance - C$150,000 - C$250,000 A Year

AritziaToronto, Canada
Full-time

Lead the Governance, Risk & Compliance team, managing cybersecurity policies, third-party risk, and compliance frameworks for Aritzia. Show more

 • Promoted

Strategic Director for Multi-Entity Cyber Security Operations Leadership

EQ Bank | Equitable BankToronto, ON, CA
Full-time

Steer the operational and strategic management of an Integrated Security Operations Centre.Unify incident response and enhance security measures across multiple subsidiaries in a cohesive cyber pro... Show more

 • Promoted

Director, Information Security

BDO Canada LLPToronto, ON, CA
Full-time

Putting people first, every day BDO is a firm built on a foundation of positive relationships with our people and our clients.Each day, our professionals provide exceptional service, helping client... Show more

 • Promoted

Director, IT Security and Infrastructure

Yorkville UniversityToronto, ON, CA
Full-time

At Yorkville University and Toronto Film School, we believe education is more than the pursuit of knowledge – it is a catalyst for transformation.Our mission, grounded in democratizing education, i... Show more

 • Promoted

Senior Manager, Information Security Risk & Governance

Onico SolutionsRichmond Hill, York Region, CA
Permanent

Senior Manager, Information Security Risk & Governance.The Senior Manager, Information Security Risk & Governance leads the Information Security Risk Management and Governance programs.Their main o... Show more

 • Promoted

Information Security Manager

Insight GlobalToronto
Full-time

Demonstrated history of technical leadership and strategic thinking in security roles.Extensive experience leading and managing complex security investigations and threat hunting engagements.Bachel... Show more