Director, Information Security Compliance
Mississauga, ON L5K2L3
Director, Information Security & Compliance
Type: Full-Time Role
Our client has asked Bagg Technology Resources to assist them in finding a Director, Information Security & Compliance. The purpose of this role is to create organizational awareness about cyber security and privacy, ensure that our client’s IT systems and data are secure by design and are adequately protected from cyber attacks. It is also to ensure that procedures and processes are in place to guide action should an attack take place. The Director, Information Security & Compliance is responsible for the development and maintenance of appropriate IT security and information privacy standards, procedures, corporate and departmental policies and architectures.
This is an excellent opportunity to work for an organization that can help maximize your potential and develop your career.
- Develop an Information Security and Privacy roadmap for the next 3 years to ensure our client has a robust and comprehensive information security strategy;
- Implement a framework for information security risk governance and control that integrates a consistent methodology to identify, assess information security risks and ensures a process to address those risks;
- Identify the total Information Security needs and oversee the security posture across a large Enterprise by managing the full life cycle of Cybersecurity;
- Establish, implement, enforce and monitor information security standards enterprise-wide;
- Supports the CIO in educating the Executive Leadership Team and Board of Directors on current and evolving Cyber security technologies, best practices and threats;
- Provide support to the procurement and legal teams regarding information security and privacy with respect to agreements and contracts;
- Leads the ongoing security, privacy and threat risk assessments and security evaluations to verify operational compliance, identify and evaluate gaps and manage exceptions to policy;
- Track security related risks and correlating action plans to ensure issues are resolved;
- Responsible to work with third party teams and internal development groups to interpret and review results from penetration tests, vulnerability scans, and code reviews as required;
- Maintain organizations Security Risk Register for effective risk management and operational compliance functions;
- Provide governance oversight and assurance for continued compliance and ongoing certification for PCI DSS;
- Provide support for compliance and audit activities liaising with internal staff and external auditors;
- Conduct Information Security gap assessments against internal and external standards;
- Develops and implement metrics and reporting process to ensure risks are effectively managed;
- Leads Information Security Incident & Breach Response along with key stakeholders in the event of a breach
- Provide leadership in the development of managed security services to ensure strong security posture of the organization about SIEM, Vulnerability Management, IAM, Endpoint Protection, etc.;
- Responsible to ensure the appropriate technology, processes and governance are in place to monitor, detect, prevent, and react to security threats against our client’s organization;
- Responsible for ensuring a culture of privacy and information security within the organization; Healthcare through the implementation of a robust Security and Privacy awareness training program;
- Work closely with all business units to ensure projects reflect appropriate privacy, information security, and contract management considerations;
- Work with internal and external staff on new initiatives to set up and operate the appropriate security services to protect our client’s assets and computing environment;
- Manage and assess external vendors who contribute to the overall security posture of the organization.
- Maintain current understanding security standards and regulations and ensure with the changing laws and applicable regulations.
- Manage the Security Portfolio
- Develop security policies and procedures with regular reviews and updates, minimum annually
- Monitor compliance with policies and standards
- Manage the Security organization, hiring, managing and staffing requirements in line with project objectives
- Oversee the delegation of work to Analysts and 3rd party partners
- Set annual performance targets for individuals and the team and conduct performance reviews
- Provide ongoing motivation, coaching, guidance, feedback and mentoring support to the team
- Manage the workload of team members on the program and help to remove obstacles to their success
- Manage third-party vendors and agreements
- Coordinate and conduct post-implementation reviews of projects with Analysts and our business stakeholder.
- Any other duties as required.
- Graduate Degree in Computer Science, Security and/or Technology
- More than 10+ years of experience in IT Security roles
- Effectively communicate project expectations to team members and stakeholders in a timely and clear fashion;
- Experience in Health Care is preferred
- Liaise with project stakeholders on an ongoing basis;
- Set and continually manage project expectations with team members and other stakeholders;
- Plan and schedule project timelines and milestones using appropriate tools
- Excellent communications are a must, within IT and across the business at all levels
- Strong business acumen
- A long-term strategic perspective
- Ability to mentor, coach and effectively transfer expertise to others
- Ability to juggle multiple goals and deadlines
- Ability to work collaboratively with other organizational leaders
- Ability to build a strong network and relationships at all levels, and departments
- Strong leadership, negotiation and conflict management skills
- Consistent flexibility, resilience and resourcefulness
- Expert ability to impact and influence project outcomes
- Proficient with compliance standards including PIPEDA, PHIPA, PCI, etc.
- Superiour knowledge of security technologies and processes
- Certified Information System Security Professional (CISSP)
- Certified Information Security Manager (CISM)
To apply, please click Apply Online or submit your resume by email to: PRAresume@bagg.com
View all of our job postings at www.bagg.com
Accommodations are available upon request to support your participation during all stages of the recruitment process.