Director, IT Security & Compliance
Director, IT Security and Compliance
CIO, Great Gulf Group
351 King St E/Remote/ Hybrid
Up to 15% travel required
The Director, Security will help reduce security risks to the Great Gulf Group’s (GGG) systems, applications, assets, members, business processes, networks, etc., by enhancing the security risk framework methodology, scope, processes, supporting tooling and training. They will engage and align with technology and business partners to drive a comprehensive information security strategy and ensure information assets and technologies are appropriately implemented and protected. This position is a hands-on role that requires implementation of procedures, hardware as well as working with service providers and external stakeholders.
- Oversee GGG’s security risk posture and exposure
- Deploy and maintain security best practices across the Infrastructure and Applications
- Lead or participate in security risk related initiatives
- Review, maintain and develop IT and security governance structures, processes, & procedures to prevent security breaches, major incidents and non-compliance with regulatory requirements.
- Manages ongoing and new third-party assessments of security and compliance.
- Develop, test, and implement new cybersecurity-managed services and then train other IT staff to operationally support the solution(s)
- Manage risks and security issues that could impact the confidentiality, integrity, and/or availability of the business (both internally and externally) by assisting in documentation, tracking, and creating solutions for mitigation
- Identify, measure, control, and minimize security risks to information systems across a broad range of disciplines including application, network, and host security
- Supervise deployment of strong identity and access management (IDAM) controls across applications and computing environments
- Implements security incident response plans and serves as the response lead during incidents.
- Review and update the company’s Cyber Security Training program
- Update and educate the executive team on current cyber threats, issues, and risks; provide regular status updates on initiatives and operations
- Other duties as assigned.
The Director, IT Security and Compliance role will require interacting with department heads from across the Great Gulf Group, in order to assess technical requirements for the business and providing technical recommendations where required.
EDUCATION, EXPERIENCE, AND QUALIFICATIONS
- Degree in a related discipline would be an asset (e.g., B.Eng. B.Sc., etc.)
- 10+ years of experience working in information security controls, information technology audit, or security risk management.
- Deep understanding of security best practices
- Strong technical knowledge with Cloud Computing Environments
- Strong technical knowledge of Microsoft Platforms and Technologies including Web Servers, Application Servers and Databases
- Strong technical knowledge of Linux/Unix Platforms and Technologies, including Web Servers, Application Servers, and Databases
- Strong technical knowledge of networking equipment, including wireless, switches, firewalls, etc.
- Ability to develop policies and procedures relating to IT/security governance and educate IT colleagues on governance and controls issues.
- Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.
- Advanced knowledge of security frameworks and regulations, such as PCI-DSS, PIPEDA, ITIL, NIST and ISO
- Excellent interpersonal, leadership and relationship-building skills to deal with senior levels of management, service providers and local and remote business partners
- Certifications such as CISSP, CISM or CRISC, ITIL V3/V4 are highly desirable
SUPERVISION & BUDGET AUTHORITY
This position is a desk job. The applicant will have the choice of working from the office at 351 King St East, Toronto, or working from home with the occasional day at the office.
This position requires that the applicant be able to use a computer
The Great Gulf Group (“GGG”) is committed to protecting the health and safety of our employees, our tradespeople and suppliers, and our customers and visitors. Employment with GGG is conditional upon you having received all required doses of a COVID-19 vaccine series approved by Health Canada at least 14 days prior to your start date. You must provide a copy of your Ministry of Health COVID-19 Vaccine Dose. If you have a medical reason, or any other reason pursuant to the Ontario Human Rights Code, for not being fully vaccinated now or in the future, you may submit a written request for accommodation with an explanation of the ground and/or any supporting documentation to assist in the determination of exemption from this condition.