Cybersecurity Officer managing end-to-end security across the company with a focus on compliance and risk management. Leading a large team in executing security strategies across the organization.
Responsibilities
Own end-to-end cybersecurity, information security, and IT security across the company, covering both internal security (breach attempts, internal network monitoring) and product security (product-related threats and risks)
Define, evolve, and execute the company-wide cybersecurity strategy and security roadmap aligned with business and product priorities
Establish and enforce security policies, standards, procedures, and organization-wide security controls
Lead security risk management, including risk assessments, risk register ownership, and mitigation planning
Ensure compliance with regulatory and industry standards (e.g., GDPR, ISO 27001, SOC 2) and manage internal/external audits
Oversee secure architecture across cloud infrastructure, applications, SDLC, and IAM, including review of critical architectural decisions
Define and enforce security standards for encryption, key management
Own security operations, including monitoring, detection, response capabilities, and incident response for critical (P0/P1) events
Drive Application Security and DevSecOps practices (SAST, DAST, SCA, CI/CD security controls, threat modeling) in collaboration with engineering teams
Oversee IAM, endpoint, and workforce security, including access control models, EDR strategy, device security, and joiner/mover/leaver processes
Lead fraud prevention, vendor security, and internal/external abuse investigation processes, while managing security KPIs, reporting, budget, and team scaling
Manage a large cybersecurity team, including Cloud Security, SOC, Application Security / DevSecOps, Endpoint Security, IAM, and Information Security functions.
Requirements
7+ years of experience in cybersecurity, including experience in leadership role
Strong expertise in cloud security (AWS, GCP, or Azure)
Solid understanding of application security and secure SDLC practices
Hands-on experience with SIEM, EDR, and incident response processes
Deep knowledge of identity and access management models (RBAC, ABAC, least privilege)
Experience working with compliance frameworks such as ISO 27001, SOC 2, and GDPR
Proven track record of building and scaling security programs in growing organizations
English - upper-intermediate or higher (able to communicate in technical discussions)
Benefits
Own end-to-end cybersecurity, information security, and IT security across the company
Hiring Threat Modeler, Security Architect with Development background for full - time permanent role in Toronto, ON. Must have AI/ML, cloud - native, and threat modeling expertise.
Senior Cyber Security & Privacy Architect needed for a 12 - month contract in Toronto to tailor a cyber security and privacy framework for Ontario's education sector.
Cybersecurity & IT Systems Specialist overseeing global technology infrastructure security and compliance. Managing cybersecurity initiatives and supporting innovation in a remote role.
Senior Specialist Legal Editor creating high - quality legal content for Practical Law in data privacy & cybersecurity. Collaborating with teams and leveraging AI technologies for legal solutions while based in Canada.
Senior Technology Architect (Cyber Security & Network Security) needed for a hybrid contract with the Ontario government. 10+ years experience required.
Security Advisor developing and overseeing security measures aligned with corporate goals at Desjardins Group. Diagnosing risks and advising on security policies and solutions.
Business Unit Security Officer conducting risk assessments for technology systems and applications. Collaborating with engineering teams and managing cloud - based security measures at Manulife.
Manager Cyber Cloud Security and AI at PwC protecting organizations from cyber threats. Leading cybersecurity strategy focused on AI security, team collaboration, and stakeholder engagement.