Director, Information Security

DIRECTOR, INFORMATION SECURITY

Location: Ottawa or Toronto

Build your future at Minto!

At Minto, our mission to building thriving communities starts with our first community - our employees. We are proud to have been named one of Canada's Best Managed Companies in 2024, a testament to our nearly 70-year legacy and dedication to providing an exceptional employee experience.

We believe that great employees like you are essential to our continued success, and we invite you to join us on our mission. At Minto we welcome change, celebrate new ideas and provide you with the resources, professional training, and diverse opportunities to grow your career.

Your offer will include:

• Competitive salary
• Annual bonus + benefits effective 1^st day + RRSP matching plan + 3 weeks' vacation
• Benefits including parental leave, unlimited physiotherapy, telemedicine and so much more
• Tuition reimbursement plans and professional development courses
• Employee recognition platform - Be rewarded by your colleagues for your contributions!
• Flexible summer hours
• Many exciting career opportunities

Your Role on our Team: Reporting into the Vice President IT, the Director, Information Security is responsible for providing strategic leadership and direction in establishing and maintaining a robust information security program, ensuring the confidentiality, integrity, and availability of sensitive data. The role is also responsible for assessing and mitigating security risks, protecting the organization from cyber threats and potential data breaches.

This role requires a strategic leader with sound and working knowledge of cybersecurity technologies as they relate to infrastructure, network as well as the broader digital ecosystem. The incumbent will proactively work with business, risk management and ecosystem partners to implement controls and capabilities that meet agreed-on standards for information security as well as overseeing a portfolio of cybersecurity initiatives. It requires a solid understanding and ability to articulate the importance of cybersecurity and be able to communicate this to the executive leadership team, as well as the entire organization.

In this role, you will:

Strategic Planning:

• Develop and implement the organization's information security strategy, aligning it with business objectives and risk tolerance.
• Identify and prioritize security initiatives, establish security goals, and create a roadmap for their implementation.

Risk Management:

• Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities.
• Develop and implement risk mitigation strategies, including security controls, policies, and procedures.
• Monitor and manage security risks through ongoing assessments and the implementation of appropriate safeguards.

Policy and Procedure Development:

• Establish and enforce information security policies, standards, guidelines, and procedures and ensure alignment with industry best practices and regulatory requirements.
• Communicate and educate employees on security policies, promoting a culture of security awareness and compliance.

Compliance and Regulatory Requirements:

• Stay abreast of relevant laws, regulations, and industry standards pertaining to information security.
• Ensure that the organization's security practices and controls comply to applicable requirements.
• Liaise with regulatory bodies, auditors, and stakeholders to address compliance issues and maintain regulatory alignment.

Incident Response and Management:

• Develop and maintain an incident response plan to address and manage security incidents effectively.
• Establish protocols for detecting, responding to, and recovering from security breaches or other security-related incidents.
• Coordinate with relevant teams to investigate incidents, implement remediation measures, and report on the outcomes.
• Ensure that incident reports are timely, accurate, and comprehensive.

Security Awareness and Training:

• Develop and deliver security awareness and training programs for employees at all levels of the organization. Ensure that employees understand their role in maintaining information security and they are equipped with the knowledge to identify and respond to security risks.

Vendor Management:

• Assess and manage the security risks associated with third-party vendors and suppliers.
• Establish security requirements and standards for vendor contracts, conduct security assessments of vendors, and monitor ongoing compliance.

Security Governance:

• Establish and maintain security governance frameworks and structures to ensure effective oversight and accountability.
• Participate in security committees and provide regular updates to executive leadership on the organization's security posture, risks, and compliance status.

Continuous Improvement:

• Stay abreast of emerging threats, vulnerabilities, and technologies in the information security field.
• Continuously evaluate and enhance the organization's security posture, controls, and processes through regular reviews, audits, and testing.

We would like you to have:

Education:

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field
• Minimum 5 years of work experience in the Information Security field
• Minimum of 5 years of experience in a leadership position managing information security or technology operations
• Professional certifications such as CISSP, CISM, or CISA

Experience & Technical Competencies:

• Advanced knowledge of infrastructure and network technology (i.e. Azure, Cisco network), as well as security-related systems and applications (i.e. SIEM applications, EDR / XDR, MS Sentinel, MS Defender).
• Strong understanding of Identity Management principles and experience managing Identity Management solutions (i.e., Okta, CyberArk, MS Entra ID)
• Proven track record and experience in developing information technology and security policies and procedures, as well as successfully executing cyber programs.
• Applied knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

Skills,Knowledge, and Abilities:

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Ability to lead and motivate the information security and technology teams to achieve tactical and strategic goals.
• Excellent stakeholder management skills.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

Work Conditions

• 37.5-hour on-site work week
• A reliable vehicle is required and a valid driver's license for offsite training
• Availability to travel occasionally to remote sites in Canada and US

Our future is better together. Apply now and join us!

Minto is an equal opportunity employer committed to fostering an inclusive and accessible environment. We are dedicated to building a workforce that reflects the diversity of the community in which we live, including those with disabilities. Should you require accommodation or support in any aspect of our recruitment and selection process, we will work with you to meet your needs.