Director, Information Security

AutoTrader.ca
Greater Toronto Area
$130K-$160K a year (estimated)
Full-time

Responsible for overseeing the Cybersecurity function, leading identification, assessment, monitoring, remediation, and reporting of operational risk efforts within TRADER Corporation.

The Director of Information Security establishes and administers the strategies and procedures for the information security function.

Develops and implements information security and disaster recovery programs driving the improvement of organizational information security standards.

Proactively evaluates overall information and technological and environmental risks in an effective and consistent manner, promoting information security awareness within the TRADER organization.

This individual has the ability to create and execute functional strategies and specific objectives of the organization.

This individual will also have experience in developing and managing budgets, policies, and procedures for the area of responsibility.

The successful candidate also can positively influence the organization at all levels to increase the relevancy of security within the TRADER organization.

The ideal candidate is a collaborative leader of people who provides mentoring and coaching to their team of security professionals to ensure they perform optimally and are able to achieve their professional goals;

a collaborating partner who is not afraid to roll up their sleeves and lead by example.

Requires a bachelor’s degree in information technology or equivalent experience and 8-12 years of direct experience managing people in a combination of risk management, information security risk, compliance, and cloud environments.

What you'll do : · Responsible for the operational leadership of the information security program· Communicate with executives across departments to ensure security systems work smoothly to reduce operational risks in the face of a security attack.

  • Work directly with the business and IT units to facilitate cyber risk assessment and cyber risk management processes.· Partner with business stakeholders across the organization to raise awareness of risk management concerns.
  • Mature the organization's business continuity management program to ensure business resiliency.· Lead and provide oversight for security operations activities, including real-time analysis of immediate threats, security operations and challenges in the current and future state of business operations.
  • Evaluate IT threat landscape, devising cyber security policy and corresponding controls to reduce risk.· Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services;
  • Develop cyber resiliency to effectively recover from hacking, security incidents, or infringements rapidly.· Develop processes to maintain records of up-to-date security threats, helping understand security problems that might arise.
  • Oversee data loss and fraud prevention, ensuring internal staff does not misuse data.· Ensure the data privacy is secured and maintained as part of the privacy program, leading electronic discovery and forensic investigations and enhancing the information security management system.
  • Oversee information security architecture, including the planning, buying, and rolling out security solutions, and ensuring IT and network infrastructure is designed with best information security practices in mind.
  • Represent and lead the discussions around the overall business technology planning, providing current knowledge and future vision of technology and systems to enable the organization's digital transformation plan securely· Integrate the oversight of physical security with cyber security for convergence· Provide in-depth knowledge of cyber security operations and functions to make effective business decisions.
  • Mentor the Information Security team members and implement professional development plans for all team members.· Accountability : Governance, Risk and Compliance (GRC) Management · Manage organization-wide information security governance processes, chair the Information Security Steering Committee and lead and security project priorities internally and with security vendors and third-party businesses (as and when required).
  • Leading auditing and compliance initiatives, ensuring adaptability to evolving compliance regulations.· Leading and contributing to a variety of security policy domains associated with compliance, governance, risk management, incident management, HR management, and additional domains.
  • Program onboarding weighing business opportunities against security risks that can potentially compromise your organization’s long-term financial rewards.
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
  • Lead the procurement process for the selection and purchase of security solutions from vendors, ensuring that the company is in regulatory compliance with the rules for relevant bodies and enforcing adherence to security practices.
  • Establish a system that reduces human error and its impact on security posture.· Accountability : Security Training and Awareness · Develop a comprehensive plan to attract, train and retain professionals with the requisite skills and interest in pursuing a cybersecurity career.
  • Prepare employees with the tools, skills, resources, relationships, and capabilities to protect against information security risks.
  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
  • Lead the employee security awareness training program, develop secure business and communication practices, and identify security objectives and metrics.

What you'll need : · Knowledge of common information security management frameworks, such as SOC2, ISO / IEC 27001, and NIST· Experience with contract and vendor negotiations and management, including managed services· Specific experience in software development or other best-in-class development practices· Experience with Cloud computing across virtualized environments· Excellent written and verbal communication skills and a high level of personal integrity· Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams· Experience in risk reduction, resilience and / or critical infrastructure protection in a collaborative settingOne or more relevant security certifications : · Certified Information Systems Security Professional (CISSP) - (ISC)²· Certified Cloud Security Professional (CCSP) Associate of (ISC)² designation· Systems Security Certified Practitioner (SSCP) Associate of (ISC)² designation· Certified Encryption Specialist (EC-Council ECES)· Cybersecurity Analyst Certification, CySA+ (CompTIA) What’s in it for you -We understand that there is life at work and life outside of work.

Here are a few benefits we all benefit from that support us to be our creative best. Fitness and wellness -We provide discounts to nation-wide gyms, onsite gyms (when we’re in the office), an Employee and Family Assistance Program, as well as a virtual wellness program.

Benefits from Day 1 -Gym discounts-Local in-office free gyms-Employee and Family Assistance program-Weekly virtual wellness events-In addition to in-house training, we provide an annual lifestyle allowance of $1500 so you can grow your skills.

Conferences & training budget-Regular internal training programs Financial planning -Let us help you invest in your future with 3% matching towards your pension and multiple forms of income protection.

Competitive salary -Annual bonus structure-3% CPP matching

30+ days ago
Related jobs
AutoTrader.ca
Greater Toronto Area, Ontario

Knowledge of common information security management frameworks, such as SOC2, ISO/IEC 27001, and NIST· Experience with contract and vendor negotiations and management, including managed services· Specific experience in software development or other best-in-class development practices· Experience wit...

Promoted
Vaco
Uxbridge, Ontario

Senior Manager - Project Accounting to join a dynamic team environment. Manage and oversee the full accounting cycle for multiple development projects. Monthly review of projects’ trial balances and maintenance of key schedules for letters of credit, loan amortizations, other and accrued liabilities...

Magnet Forensics
Ontario

The Security Engineer will be part of the engineering organization and responsible for implementing, managing, and enhancing security measures across our applications, products, and services to protect against potential cyber threats and attacks. We are seeking a highly skilled and motivated Securit...

Astellas
Markham, Ontario

The Security Architect – AI and Generative AI Security will be responsible for designing, implementing, and maintaining robust security frameworks to protect our AI and Generative AI systems. Develop and implement comprehensive security architectures for AI and Generative AI systems. Evaluate and re...

Condor Security
Richmond Hill, Ontario

Condor Security leads in professional condominium concierge security guard services in the Greater Toronto Area. Richmond Hill Condo Security Guard. If you want a position in Richmond Hill as a Condo Security Guard, apply now! Firstly, you must enjoy interacting with people. As a Richmond Hill Condo...

N. Harris Computer Corporation - USA
Ontario, Canada
Remote

As the Cloud Security Analyst, you will utilize your wide area of expertise in access control management, cybersecurity, vulnerability management, risk management, incident management, security frameworks and other areas to provide security support for the Harris group of companies. Work with Inform...

York Region District School Board
Ontario, Canada

We are currently accepting applications for the position of:Senior Enterprise Network & Cyber Security Architect Position Type: Permanent effective Immediately Salary Range - $79,890 - $104,939 POSITION SUMMARY Under the direction of the Manager, Network Infrastructure, Cyber Security & Telecommunic...

Aritzia
Canada, Canada

As the Director, People Technology, you will oversee the development of a strategic roadmap for the prioritization, implementation, and management of People technology solutions that meet business requirements and scale with our accelerating business. The mission of the Business Support Solution Del...

ICDS Recruitment
Canada

ICDS have been retained (again) by a multi-billion turnover ($3Bn+) Canadian building & civil engineering contractor, to recruit Project Manager & Project Director for the design & construction of various building & infrastructure developments for the 'major projects' division across the greater Van...

Grammarly
Canada

To achieve our ambitious goals, we’re looking for a Security Engineer to join the Grammarly Product Security team. As a Security Engineer in Product Security, you will:. Partner with the product and engineering teams to integrate reproducible security practices into the product development lifecycle...