Consumer Company Chief Information Security Officer


Our Client

Our client is a data-driven marketing and loyalty analytics company. It provides clients with the customer insights they need to make smarter business decisions and build relevant, rewarding and long-term one-to-one relationships, evolving the value exchange to the mutual benefit of both clients and consumers.
The company operates globally from a Canadian head office.

The Role

Reporting to the Global Chief Information Officer, the Chief Information Security Officer (CISO) is responsible for identifying, recommending and overseeing the delivery of an information security plan to support the organization’s desired security posture in safeguarding its assets and those entrusted to its care to fulfill its mission and operate as a going concern. This is a new role within the organization and as such, represents a unique opportunity to make a significant opportunity to the company. More specifically the CISO will be responsible for:

Information security plan

  • Identifies organization’s information security requirements in-line with regulatory, contractual, and business objectives and proposes roadmap for Management consideration.
  • Develops information security management plan, in-line with approved roadmap and objectives while ensuring measureable results.
  • Establishes governance of security activities and manages the appropriate governance forums to report and discuss security results and strategy.

Information security management

  • Develops and implements an information security management process to achieve and monitor progress of information security plan.
  • Monitors market developments and makes assessments on their applicability within the organization.
  • Establishes policies in-line with organizational objectives.
  • Liaises with vendors and business groups to embed information security related requirements in SLA’s .
  • Conducts and/or participates in regular audits to verify the achievement of required information security levels and provides the required reporting.
  • Reports on plan progress, information security compliance and improvement initiatives.
  • Manage budgets and resources including forecasting and reporting on actual vs budget.
  • Manages the selected strategic partner to deliver security as a service to all business divisions within the company.

Risk analysis

  • Collaborate with the business and IT organizations to ensure the business risk are clearly understood and managed appropriately.
  • Define and implement an IT risk management framework.
  • Partner with internal and external auditors, as well as operational risk and compliance personnel to manage IT risk agenda.
  • Conducts risk assessments on systems and architecture solutions to ensure operation in accordance with information security requirements.
  • Develop risk mitigation plans and ensure implementation of required actions.
  • Presents these plans to the relevant executive committees at both the global and divisional levels.

Key Competency Profile

Candidates should exhibit the following competency profile.

Strategic Approach

  • Able to stand back from immediate problems in order to focus on more far reaching ideas Develops a strategic plan to realize the vision
  • Revises strategy in light of changing circumstances
  • Takes a long-term view of organizational success
  • Works to clarify long term organizational goals

Problem Solving

  • Develops several explanations or alternatives
  • Divides problems into their individual elements
  • Draws parallels across situations and contexts
  • Separates the core of a problem from its symptoms and can identify cause and effect


  • Articulates the key points of an argument persuasively
  • Directly and indirectly impacts the decisions/opinions of others
  • Mobilizes people into action
  • Negotiates skillfully and convinces others to own point of view


  • Comprehends communications from others and responds appropriately
  • Expresses ideas in a clear, fluent and concise manner
  • Written and oral arguments are compelling and responsive to the needs of the audience

People Management

  • Adapts management style to achieve optimum results
  • Clarifies roles and responsibilities
  • Establishes and communicates clear priorities and sense of direction

 Role Expertise

  • Demonstrates critical technical or professional knowledge/skills related to the role
  • Expands technical knowledge/skills and keeps up-to-date in own area of expertise
  • Has thorough knowledge of relevant products, services and methods

Key Candidate Qualifications

  • At least 10 years’ experience in information security/IT
  • Experience in IT security consulting an asset
  • Experience in loyalty marketing and/or consumer data handling required
  • Experience managing teams including geographically dispersed teams
  • Experience in working in a Security as a Service model with a strategic partner
  • Fluent in English, written and verbal, French verbal an asset

Education Requirements

  • Undergraduate degree ideally in information management, computers science or business.
  • CISSP, CISA/CISM certifications an asset.

StoneWood Group does not contact Clients and Candidates via WhatsApp. If you receive such an outreach it is a SCAM!