Director, It Security And Compliance

JOB TITLE: Director, IT Security and Compliance

DEPARTMENT: IT Infrastructure

REPORTS TO: CIO, Great Gulf Group

LOCATION: 351 King St E/Remote/ Hybrid

TRAVEL REQUIREMENT: Up to 15% travel required

SUMMARY

The Director, Security will help reduce security risks to the Great Gulf Group’s (GGG) systems, applications, assets, members, business processes, networks, etc., by enhancing the security risk framework methodology, scope, processes, supporting tooling and training. They will engage and align with technology and business partners to drive a comprehensive information security strategy and ensure information assets and technologies are appropriately implemented and protected. This position is a hands-on role that requires implementation of procedures, hardware as well as working with service providers and external stakeholders.

KEY RESPONSIBILITIES

• Supervise deployment of strong identity and access management (IDAM) controls across applications and computing environments
• Implements security incident response plans and serves as the response lead during incidents.
• Other duties as assigned.
• Review, maintain and develop IT and security governance structures, processes, & procedures to prevent security breaches, major incidents and non-compliance with regulatory requirements.
• Update and educate the executive team on current cyber threats, issues, and risks; provide regular status updates on initiatives and operations
• Deploy and maintain security best practices across the Infrastructure and Applications
• Identify, measure, control, and minimize security risks to information systems across a broad range of disciplines including application, network, and host security
• Develop, test, and implement new cybersecurity-managed services and then train other IT staff to operationally support the solution(s)
• Manages ongoing and new third-party assessments of security and compliance.
• Lead or participate in security risk related initiatives
• Review and update the company’s Cyber Security Training program
• Oversee GGG’s security risk posture and exposure
• Manage risks and security issues that could impact the confidentiality, integrity, and/or availability of the business (both internally and externally) by assisting in documentation, tracking, and creating solutions for mitigation

COMMUNICATION/INFLUENCING OTHERS

The Director, IT Security and Compliance role will require interacting with department heads from across the Great Gulf Group, in order to assess technical requirements for the business and providing technical recommendations where required.

EDUCATION, EXPERIENCE, AND QUALIFICATIONS

• Excellent interpersonal, leadership and relationship-building skills to deal with senior levels of management, service providers and local and remote business partners
• Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.
• Strong technical knowledge of Linux/Unix Platforms and Technologies, including Web Servers, Application Servers, and Databases
• Advanced knowledge of security frameworks and regulations, such as PCI-DSS, PIPEDA, ITIL, NIST and ISO
• Strong technical knowledge with Cloud Computing Environments
• Strong technical knowledge of networking equipment, including wireless, switches, firewalls, etc.
• Strong technical knowledge of Microsoft Platforms and Technologies including Web Servers, Application Servers and Databases
• Degree in a related discipline would be an asset (e.g., B.Eng. B.Sc., etc.)
• Certifications such as CISSP, CISM or CRISC, ITIL V3/V4 are highly desirable
• Deep understanding of security best practices
• Ability to develop policies and procedures relating to IT/security governance and educate IT colleagues on governance and controls issues.
• 10+ years of experience working in information security controls, information technology audit, or security risk management.

SUPERVISION & BUDGET AUTHORITY

N/A

PHYSICAL ENVIRONMENT

This position is a desk job. The applicant will have the choice of working from the office at 351 King St East, Toronto, or working from home with the occasional day at the office.

PHYSICAL REQUIREMENTS

This position requires that the applicant be able to use a computer