Director, Information Security & Privacy
Title: Director, Information Security & Privacy
Location: London ON
Type: Permanent Full Time
The Director, Information Security & Privacy role is to assist the CIO by providing vision and leadership to develop, implement and support security & privacy initiatives within our organization. The Director, Information Security & Privacy will accomplish this by directly assessing and holistically managing all aspects of risk regarding IT security, privacy, and legislative/regulatory compliance issues as it relates to technology operations and strategy.
- Operational Management 70%
- Training and Awareness 20
- Strategy Planning 10%
Areas of Responsibilities
- Complete security and contract reviews requested by clients in support of sales process. Review with CIO results, review trends and evolving client requirements.
- Participate in investigations into problematic activities and security incidents.
- Participate in the design and execution of vulnerability assessments penetration tests and security audits.
- Act as advocate for the company’s security vision via regular written and in-person communications with the company’s executive’s, department heads and end users.
- Work closely with IT department on corporate technology development to fully secure information computer network and processing systems.
- Ensure that facilities premises and equipment adhere to all applicable laws and regulations and meet compliance requirements (SOC, ISO, NIST, etc.).
- Recommend and implement changes in security & privacy policies and practices in accordance with changes in laws of serviced markets.
- Assess and communicate all security risks associated with all purchases or practices performed by the company.
- Collaborate with IT, senior leadership, legal counsel and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
- Demonstrate ownership for security and privacy technologies that include; Vendor Management, training, satisfaction, ROI, roadmap, integrations, security and compliance.
Training and Awareness
- Develop and deliver security and privacy awareness program with periodic testing
- Manage training and simulation platform
- Develop and maintain policies and programs to enforce and improve security
- Maintain awareness of privacy legislation in all serviced markets and potential impact to strategy
- Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation deployment and management of current and future security technologies using a risk-based assessment methodology.
- Develop and communicate security strategies and plans to executive team staff partners customers and stakeholders.
- Assist with the design and implementation of disaster recovery and business continuity plans procedures audits and enhancements.
- Develop implement maintain and oversee enforcement of policies procedures and associated plans for system security administration and user system access based on industry-standard best practices.
- Post-secondary education ideally in the fields of computer science and/or business administration. 15+ years of experience working in IT; 10+ years of experience holding security & privacy responsibilities.
One or more of the following certifications would be an asset:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Privacy Professional (CIPP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
Experience achieving compliance in one or more of the following: Statement on Standards for Attestation Engagements no. 16 (SSAE 16); SOC 2; SOC 3; ISO/IEC 27001
Demonstrated understanding of applicable laws and regulations and their implications to business: General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), Sarbanes’ Oxley Act of 2002 (SOX), California Consumer Privacy Act (CCPA)
ITRG is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants without regard to race, color, religion, sex, national origin, age, disability, or any other legally protected factors. To that end, upon request, ITRG will ensure, to the extent possible, that accommodation be made available to applicants throughout the recruitment and hiring process.