Director, IT Security & Compliance

SUMMARY

The Director, Security will help reduce security risks to the Great Gulf Group’s (GGG) systems, applications, assets, members, business processes, networks, etc., by enhancing the security risk framework methodology, scope, processes, supporting tooling and training.  They will engage and align with technology and business partners to drive a comprehensive information security strategy and ensure information assets and technologies are appropriately implemented and protected.  This position is a hands-on role that requires implementation of procedures, hardware as well as working with service providers and external stakeholders.

KEY RESPONSIBILITIES

• Oversee GGG’s security risk posture and exposure
• Deploy and maintain security best practices across the Infrastructure and Applications
• Lead or participate in security risk related initiatives
• Review, maintain and develop IT and security governance structures, processes, & procedures to prevent security breaches, major incidents and non-compliance with regulatory requirements.
• Manages ongoing and new third-party assessments of security and compliance.
• Develop, test, and implement new cybersecurity-managed services and then train other IT staff to operationally support the solution(s)
• Manage risks and security issues that could impact the confidentiality, integrity, and/or availability of the business (both internally and externally) by assisting in documentation, tracking, and creating solutions for mitigation
• Identify, measure, control, and minimize security risks to information systems across a broad range of disciplines including application, network, and host security
• Supervise deployment of strong identity and access management (IDAM) controls across applications and computing environments
• Implements security incident response plans and serves as the response lead during incidents.
• Review and update the company’s Cyber Security Training program
• Update and educate the executive team on current cyber threats, issues, and risks; provide regular status updates on initiatives and operations
• Other duties as assigned.

COMMUNICATION/INFLUENCING OTHERS

The Director, IT Security and Compliance role will require interacting with department heads from across the Great Gulf Group, in order to assess technical requirements for the business and providing technical recommendations where required.

EDUCATION, EXPERIENCE, AND QUALIFICATIONS

• Degree in a related discipline would be an asset (e.g., B.Eng. B.Sc., etc.)
• 10+ years of experience working in information security controls, information technology audit, or security risk management.
• Deep understanding of security best practices
• Strong technical knowledge with Cloud Computing Environments
• Strong technical knowledge of Microsoft Platforms and Technologies including Web Servers, Application Servers and Databases
• Strong technical knowledge of Linux/Unix Platforms and Technologies, including Web Servers, Application Servers, and Databases
• Strong technical knowledge of networking equipment, including wireless, switches, firewalls, etc.
• Ability to develop policies and procedures relating to IT/security governance and educate IT colleagues on governance and controls issues.
• Exposure with various security tools and methodologies, including network security, vulnerability management, vulnerability & penetration assessments, anti-malware, and endpoint security management.
• Advanced knowledge of security frameworks and regulations, such as PCI-DSS, PIPEDA, ITIL, NIST and ISO
• Excellent interpersonal, leadership and relationship-building skills to deal with senior levels of management, service providers and local and remote business partners
• Certifications such as CISSP, CISM or CRISC, ITIL V3/V4 are highly desirable

SUPERVISION & BUDGET AUTHORITY

N/A

PHYSICAL ENVIRONMENT

This position is a desk job.  The applicant will have the choice of working from the office at 351 King St East, Toronto, or working from home with the occasional day at the office.

PHYSICAL REQUIREMENTS

This position requires that the applicant be able to use a computer