Director Cloud Security

IT - Executive
Mississauga, ON
Permanent
Sep 21, 2021

 

 

Our client a Global Leader, is seeking a talented individual to lead their information security program. The position requires sound knowledge of security, privacy, and business management to develop and further the information security program for an IT services organization.

Key Responsibilities

Reporting to the VP, CIO Cloud- Global Cloud Technical Operations, this individual will be responsible for managing the information security program for the business. The program is to mature and evolve policies, processes, and standards across the organization related to security and privacy of all areas of the business, including related to compliance, development, design, implementation, and operations. This challenging position requires in-depth knowledge of cloud security architecture, design and standards, cross-functional knowledge of business processes, information security risks, internal controls and understanding of technology.

  • Define IT Infrastructure & Security strategy and standards, including those related to security governance (security policies and procedures), security strategy (security planning), risk (risk assessments and management), cloud data protection (classification, encryption, tokenization), identity and access management, cloud architecture, secure development (development, testing, and maintenance), and compliance (audits, regulatory requirements)

  • Define security controls relevant to compliance with legal, best-practice, and regulatory requirements for cloud environments (GDPR, PCI, ISO, FedRAMP, CCPA, SOC, etc.)

  • Hire and lead the growth, development, and support of a global security team running 24x7

  • Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud

    security frameworks, compliance requirements and security operations

  • Create and maintain documented internal policies and procedures on the management of

    information security

  • Develop and maintain a program for secure application development, testing, and

    vulnerability management

  • Develop and maintain a program on handling security incident response, disaster recovery,

    and business continuity

  • Establish lines of communication with leadership for understanding business needs and

    coordinating activities to further the information security program within the organization

  • Actively monitor and research cyber threats with a direct or indirect impact to business operations, or technology infrastructure

  • Understand business engagements, requirements and enablement opportunities as it relates to specific use cases

  • Engage and negotiate with customers and partners on Data Privacy Agreements and security requirements

  • Build and maintain a comprehensive and continuously up-to-date inventory of all supported applications, servers, interfaces and IT services being used to support cloud operations

Knowledge/Experience:

  • Minimum of 10 years cumulative experience in a combination of risk management, information security, and IT (at least 5 years in a senior leadership role)

  • In-depth knowledge of business management and a strong understanding of information security risk management and cybersecurity technologies

  • Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concern

  • Demonstrated ability to lead and manage large, complex projects involving cross-functional teams

  • Familiarity with industry compliance, i.e. PCI, HIPAA, GDPR, PIPEDA, ISO 27001, SOC (1 and 2), etc.

  • Experience working with SaaS and PaaS environments and Cloud Native technologies

  • Demonstrated ability to establish a security program that addresses security concerns of

    clients in delivering IT services

  • Experience within a 24x7 production environment, preferably across multiple data centers

    and 3rd party cloud environments

Nice to have:

• Professional certifications in the security, privacy, risk management and audit areas highly desirable, such as: CISSP, CRISC, CISM, CISA, PCIP, CIPP

Successful candidates will join an elite team, that strives to innovate and automate, while contributing to a center of excellence within the organization. If you are a talented, detail-oriented and enthusiastic professional who is passionate about technology and working with high performing teams, this position is for you!

Send to Friend

Send to Friend