Head of Security leading the information security function for diverse portfolios in a global holding organization. Collaborating with leaders and enhancing security maturity across subsidiaries.
Responsibilities
Translate headquarters' baseline standards into a tailored security roadmap
Develop and maintain a security maturity model appropriate to the size and complexity of subsidiaries
Define subsidiary tiers by risk, industry and data sensitivity to develop differentiated strategies
Create and maintain a group-level library of policies, templates and standards (e.g., incident response plan, password policy)
Facilitate policy adoption across subsidiaries with appropriate localization
Establish and manage a policy update schedule with version control
Provide or recommend shared tools across the group
Negotiate contracts with preferred security vendors and manage licensing agreements
Build a lean security engineering support function, whether in-house or outsourced
Participate in M&A due diligence to assess the cybersecurity posture of targets
Advise investment teams on cyber risk exposure and hidden liabilities
Conduct annual or semi-annual security self-assessments across subsidiaries
Consolidate results into quarterly dashboards for group leadership and HQ
Publish and maintain a group-level incident response playbook
Serve as the initial escalation point for subsidiary-level incidents
Coordinate post-incident reviews and group-level communications
Help subsidiaries achieve and maintain compliance (e.g., SOC 2, ISO 27001, GDPR, HIPAA)
Maintain a centralized view of compliance status across the group
Assist with customer/supplier security questionnaires and audits
Triage critical vulnerabilities and incidents across subsidiaries
Escalate major risks to HQ or group executives as needed
Maintain a group-level risk register and coordinate prioritization
Requirements
Over 10 years of experience in cybersecurity, with leadership roles across multiple business units or portfolio companies
Proven experience working cross-functionally with engineering, operations, legal and executive stakeholders
Deep knowledge of security standards and certifications (e.g., SOC 2, ISO 27001)
Demonstrated experience in multi-entity environments such as holding companies, private equity, or decentralized organizations
Excellent communication, negotiation and influencing skills
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.