Manager, Enterprise Information Security

Manager, Enterprise Information Security

P2-7

Scarborough, Ontario

Toyota Canada Inc. (TCI) is the exclusive Canadian distributor of Toyota and Lexus vehicles. Toyota Canada's head office is in Toronto, with regional offices in Vancouver, Calgary, Montreal and Halifax. Toyota parts and accessories are distributed through TCI's Parts Distribution Centres in Bowmanville and Vancouver. TCI supports over 287 Toyota and Lexus dealers in Canada with services that include training, sales, marketing, environmental and customer satisfaction initiatives.

What Sets Us Apart?

A focus on People, Passion for Toyota, Innovation and Make Things Better has made us an award-winning company, recognized worldwide for our technological leadership and superior standards of quality, community involvement and environmental responsibility.

Job Summary:

Toyota Canada Inc. (TCI) has an exciting opportunity for a Manager, Enterprise Information Security. This position will report to the National Manager, Technology & Innovation. The selected candidate will manage a team of information security resources including a security architect.

What’s the Purpose?

• Ensure ongoing compliance with TMC and regulatory security and risk requirements
• Implement a security framework to manage technological risk management
• Mature security architecture capability
• Create and maintains technology standards for the organization
• Define and deliver an enterprise information security strategy, roadmap, and best practices in support of the enterprise’s information security architecture.

What’s the Scope?

• Makes decisions for the organization based on the highest degree of technical complexity and through understanding the far-reaching financial, risk and reputational implications across the IT organization and the TCI brand
• Cross functional, enterprise wide
• Technical leadership role for establishing strategy and direction in the security architecture domain
• Works on highly complex business initiatives that have significant impact to the enterprise and across enterprise processes and functions

What We’ll Bring:

• A hybrid work environment
• Paid holiday shutdown and competitive paid time off benefits
• Summer Hours – condensed work week during the summer
• Great company culture – Respect for people and continuous improvement is at our core
• Health and dental benefits effective immediately
• A work environment built on teamwork, flexibility and respect
• Competitive compensation package including health and dental benefits, and bonus
• Professional growth and development programs to help advance your career, as well as tuition reimbursement
• Fitness reimbursement
• Company pension plan with matched contribution
• Associate vehicle discount program

What You’ll Be Doing:

• Ensure ongoing compliance with TCM and regulatory, security and risk requirements
• Oversee third-party security and compliance audits and any resulting remediation actions
• Ensures that IT complies with existing laws and regulations and that the enterprise’s IT environment is secure.
• Works with IS management team and 3rd party PaaS, SaaS and IaaS vendors
• Implement a security framework to manage technological risk management including TRA/PIA assessments during project delivery cycle
• Lead the design and implementation of security platforms and their associated software, such as routers, switches, firewalls, WAF, anti-virus, cryptography systems, SIEM, Anti-SPAM and MDM
• Lead the information security team
• Develop and maintain controls on data quality, interoperability, and sources to effectively manage corporate risk
• Actively mature security architecture capability
• Design, review and manage the ongoing assessment of firewall, intrusion detection/intrusion prevention, SIEM, VPN, SSL, Vulnerability assessments, application control, Antivirus, and other network component policies.
• Develop and maintain the information security posture (policy, architecture, governance) to protect enterprise information assets.
• Create and maintains technology standards for the organization
• Directs all security audits and tasks to ensure that the integrity, confidentiality, and availability of information to end-users, is not compromised.
• Define and deliver an enterprise information security strategy, roadmap, and best practices in support of the enterprise’s information security architecture.
• Maintains reliable, up-to-date, information from the government and across the industry regarding identification of new threats and vulnerabilities
• Collaborates with key business and IT leaders to develop security and business continuance standards and action plans.

What You’ll Bring:

• Prior exposure to vendor management, project management and stakeholder management.
• 3 years of leadership experience in managing the information security function (matrix or direct reporting structure)
• University Degree in Computer Science, Information Systems, Business Administration or related disciplines.
• Experience with security incident response is mandatory
• Understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting (on-prem and cloud)
• CISSP certification is mandatory
• Strong background in security architecture and operations is mandatory
• Budgeting, planning, forecasting skills
• Experience with common information security management frameworks, such as ISO 2700x, COBIT, or NIST
• Experience in developing security strategies ideally in retail, wholesale, automotive or manufacturing setting
• Minimum of 8 years in the information security space with exposure to information security consulting working on projects
• Excellent communication and interpersonal skills
• Overall 20 years IT and business/industry work experience
• Ability to analyze, understand and effectively communicate technical design and implementation
• Proven experience in securing on premise and cloud solutions (IaaS/PaaS/SaaS)
• Problem-solving, negotiation and decision-making skills to influence management, as well as internal and external partners
• Strong management and team-building skills

What You Should Know:

Our success begins and ends with our people. We embrace diverse perspectives and value unique human experiences. We are proud to be an equal opportunity employer that celebrates the diversity of the communities where we live and do business. Applicants for our positions are considered without regard to race, ethnicity, national origin, sex, sexual orientation, gender identity or expression, age, disability, religion, or any other characteristics protected by law.