Director of Information Security

Director of Information Security

Remote/Telecommute JobREMOTE / Toronto, Ontario, Canada  - Permanent
This job allows you to work remotely 

Job Description

A home-grown Toronto start-up is looking to add to their team of 80 as they leverage new technologies, and AI to disrupt the fin-tech and wealth management space. They have done extremely well within our Canadian market and now getting their SaaS product out to the US market. Right now they are looking for a Security Engineering Lead while they rapidly scale their teams, products and services across US.

As the Security Lead, you will report to the Chief Operations Officer/Co-Founder directly. You will be responsible for coordinating all activities related to information security management, including driving forward awareness, improvements, and requirements related to the protection of firm, investor, employee and business information.

Extending beyond overarching security, risk, and data security requirements, you’ll lead us in the following initiatives:
• Security Program Development and annual SOC 2 reporting
• Application Security
• Customer-Facing Security (pre-sales and due diligence)

Must Have Skills:

Overarching Responsibilities
• Develop, implement and monitor a strategic, comprehensive enterprise information security, and risk program. This program should foster a shared responsibility model of security culture, adhere to relevant customer obligations, regulations and legislation, and align with business requirements
• Understand and interact with peers to ensure the consistent application of policies and standards across all technology projects, systems and services
• Establish metrics to define the success of all security based programs

Security Program Development
• Develop and enhance information security management framework
• Advise and brief senior leadership on risks, strategic enhancements, regulatory compliance measures, and information security solutions
• Perform security assessments of production, corporate and cloud infrastructures
• Develop and maintain a Privacy and Security Awareness program for employees, consisting of training, internal security policies, and processes,
• Define and implement an IT security assessment program (penetration tests, threat analyses, etc)
• Lead the implementation of security tools and processes, providing both leadership and the employee base with hands-on guidance as needed.
• Track and triage relevant information security incidents and events to protect customer data, corporate assets, intellectual property, and regulated data
• Conduct investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
• Participate and offer guidance in business continuity planning and disaster recovery, leading readiness exercises and other related initiatives
• Supplier security/risk assessments

Application Security
• Enhance our approach to quality through training, mentorship, and coaching to promote secure code, secure design solutions in the cloud, and a trusted user experience
• Facilitate security due diligence activities throughout the SDLC, ensuring risks are identified and controls are implemented
• Strategically implement tools designed to detect code vulnerabilities
• Periodically organize security and vulnerability testing of our products and systems
• Assist in defining a network security strategy
• Build and maintain network access control policies, automation controls, and monitoring systems
• Define processes and controls to identify, assess, and track to closure, identified risks and security incidents
• Define processes and controls for operations team to safely execute their function

Public-Facing Security
• Lead the completion and maintenance of required and recommended certifications and compliances
• Coordinate and respond to inquiries from customers and regulatory bodies


Starting: ASAP
Dress Code: Casual

Similar jobs in Toronto:

Similar jobs in other locations: