Director of Cybersecurity responsible for assessing risks and implementing security solutions at Financeit. Collaborating with various teams to protect information in Canada and the US.
Responsibilities
Implementing and monitoring a comprehensive enterprise-wide information security risk management program
Establishing annual and long-range security and compliance goals.
Assessing the adequacy of, adherence to, and the effectiveness of Financeit’s information and data security framework
Preparing periodic reporting to Senior Management and quarterly updates to the Board of Directors on key items around privacy and security
Identifying required controls related to the availability, integrity and confidentiality of customers, business partners, employees, and business information, evaluating the effectiveness of control
Assess developing security threats and help Senior Management identify and effectively manage potential security problems that might arise from Financeit’s current or proposed activities
Understanding and interacting with the business to ensure the consistent application of policies and standards across all projects, systems, and services
Monitoring remediation of information security, data security, and cyber security threats and assisting the Chief Compliance Officer in reporting those threats to Senior Management and the Board
Coordinating Financeit’s information and data security audit programs, including SOC2 Type 2 and PCI-DSS
Collaborate closely with the development team to integrate security throughout the Software Development Lifecycle (SDLC), ensuring that secure coding practices are consistently followed, potential vulnerabilities are identified and addressed early, and the final product meets stringent security standards.
Support the organization's incident management process by identifying, investigating, and responding to security incidents, conducting root cause analysis, documenting findings, and implementing corrective actions to prevent future occurrences.
Manage the third-party risk management process by assessing the security posture of vendors, ensuring compliance with organizational policies, conducting thorough due diligence during onboarding, and continuously monitoring third-party activities to identify and mitigate ongoing risks.
Requirements
At least 6 years of deep working knowledge of IT technologies, security threats and information security risk management
CISSP, CISA, CRISC or other equivalent security credentials
Experience working with Governance, Risk and Compliance (GRC) platforms
Good understanding of financial services/lending
Ability to articulate IT security and technical issues in a clear and actionable manner to non-technical leadership
Strong understanding of organization and technology controls, security, and risk issues
Familiarity with the audit process and conducting risk-based audits
Interest and focus on the rapidly changing privacy regulatory landscape
Strong knowledge in risk management, vulnerability management, identity and access management, incident management, and third-party risk management
Benefits
An award-winning culture with a collaborative & inclusive team.
Competitive pay and performance-based bonus.
Committed to flexible work arrangements, offering hybrid workplace options.
Comprehensive medical, dental and vision coverage + Lifestyle Account.
RRSP Matching and Parental Leave Top UP Program.
In office massage, meditation & workout sessions.
Virtual events such as Lunch & Learns, company parties, fun team activities and charity initiatives.
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.