Groupe Dynamite Inc. Lead, Cyber Security

Overview

Groupe Dynamite Inc. (GDI) is a Montréal-based, public company held house of integrated omni-channel brands, designing and distributing accessible, trend-forward fashion for women since 1975. Our mission of "Empowering YOU to be YOU, one outfit at a time" is brought to life through the GARAGE and DYNAMITE banners and represents the consumer-centric core of GDI's long-standing success as a leading retailer in North America. Today, GDI operates nearly 300 stores across Canada and the United States, as well as shoppable brand experiences at Garageclothing.com and Dynamiteclothing.com. Job Summary

Reporting to the Director, Cyber Security, the Cyber Security Lead plays a critical role in strengthening the organization's cybersecurity posture by combining deep technical expertise with cross-functional security leadership. This role ensures that cybersecurity practices are effectively integrated across infrastructure, cloud environments, identity systems, and E‑commerce platforms. Acting as a senior subject matter expert, the Cyber Security Lead supports security operations, leads key cybersecurity initiatives, and partners with technical and business teams to embed security into projects and technology decisions. While this position does not include formal people management responsibilities, it provides technical leadership, mentorship, and coordination across security and IT teams. Key Responsibilities

Security Operations Leadership

Lead the organization's vulnerability management program, including vulnerability discovery, risk prioritization, remediation coordination, and reporting; Manage and optimize Endpoint Detection and Response (EDR) capabilities to ensure effective threat detection and response across endpoints; Lead and coordinate security incident response activities, including investigation, containment, recovery, and post‑incident analysis; Administer and continuously improve the Security Information and Event Management (SIEM) platform, including log ingestion, correlation rules, threat detection use cases, and alert tuning; Monitor and analyze emerging threats, vulnerabilities, and attack techniques to proactively strengthen defensive capabilities. Infrastructure, Identity & Cloud Security

Contribute to the design and implementation of security controls across cloud environments; Ensure the security and hardening of Active Directory, identity infrastructure and privilege access management, including monitoring privileged access, authentication events, and identity‑related threats; Collaborate with infrastructure teams to improve system hardening, access control, and monitoring practices. E‑Commerce & Application Security

Support the security of E‑commerce platforms and customer‑facing applications; Participate in security reviews for digital platforms to ensure protection against common web threats (e.g., OWASP Top 10); Work with development and digital teams to implement secure architecture, monitoring, and vulnerability remediation. Security Integration in Projects

Act as the primary cybersecurity advisor for IT and digital projects, ensuring security requirements are integrated into system design and deployment; Participate in architecture reviews, risk assessments, and security evaluations for new technologies, applications, and infrastructure initiatives; Collaborate closely with cloud, infrastructure, development, and digital commerce teams to integrate security best practices. Technical Leadership & Security Enablement

Serve as a senior cybersecurity SME and technical reference for the organization; Provide mentorship and guidance to other analysts and IT team members; Coordinate cybersecurity initiatives across multiple technical teams; Contribute to the development of security standards, procedures, and operational playbooks; Support the development and execution of the organization's cybersecurity roadmap. Core Technical Domains

Vulnerability Management Security Incident Response Endpoint Detection & Response (EDR) Security Information and Event Management (SIEM) Cloud Security Active Directory & Identity Security E‑commerce & Web Application Security Security Operations, Network Security & Threat Monitoring Soft Skills

Leadership & Influence – Guide technical teams and business stakeholders on cybersecurity practices; Communication – Clearly explain cybersecurity risks and technical concepts to technical and non‑technical audiences; Problem Solving – Analyze and resolve complex security issues; Urgency & Prioritization – Quickly assess risks and prioritize actions. Qualifications

Bachelor's or Master's degree in Cybersecurity or Information technology; 10+ years of experience in cybersecurity operations and infrastructure security; Hands‑on experience with vulnerability management platforms, SIEM technologies, and EDR solutions; Experience securing Active Directory and identity management environments; Experience working with cloud security (AWS, Azure, or GCP); Understanding of web application and e‑commerce security risks (OWASP Top 10); Strong incident investigation and threat analysis skills; Bilingualism (French and English) is required for daily communication with suppliers, employees, and stakeholders, both within and outside of Quebec. Benefits

A comprehensive compensation package that includes performance‑driven bonuses; A group retirement savings program with employer matching; Flexible group insurance with personalized coverage that meets your needs; An employee discount at Garage and Dynamite; Exclusive private sample sales; A flexible vacation policy; And more! GDI has been repeatedly voted one of Montréal's Top Employers and one of Canada's Top Employers for Young People. Our promise… No day will be like the last – we aim to be better today than we were yesterday. We are committed to employment equity. Candidates that are retained will be called for an interview.

#J-18808-Ljbffr