Financial Services – Ciso Canada


Our Client

Our client is a global leader in the financial services industry with a well established Canadian footprint serving millions of customers with a myriad of best-of-class products and services.

A well-known employer of choice, our client’s brand extends to superior customer service and experience both via its extensive brick-and-mortar network and its continually evolving digital capabilities.  It is expected that technology will play an ever-more important role in providing the rich omni-channel experience expected by customers.

Our client now seeks a Chief Information Security Officer (CISO) to serve a critical role in its Canadian operations.

Scope of Position

Broadly, the objective of the role of the CISO is to cultivate an environment that attracts, deploys and retains the human and other resources required to establish and maintain the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

Reporting to the local CIO and the global CISO, the successful candidate will ensure that the company’s Canadian IT security framework, governance, policies and processes are consistent with the overall corporate goals and objectives.

Functional Tasks

  • Collaborate with key stakeholders to determine acceptable levels of risk for the Canadian organization in compliance with regulatory requirements.
  • Direct the development of an information security framework, consistent with the global security framework, along with the underlying standards, processes and procedures.
  • Provide guidance and leadership with developing, maintaining and updating the information security strategy.
  • Develop, implement and effectively communicate a security awareness program for information security throughout the organization.
  • Actively ensure appropriate administrative, physical and technical safeguards are in place to protect the information assets from internal and external threats.
  • Introduce and implement appropriate processes and procedures to test all information security safeguards on a regular basis.
  • Undertake periodic reviews and audits, as required, engaging both internal business partners throughout the organization as well as external resources.
  • Ensure that disaster recovery and emergency operating procedures are in place and tested on a regular basis.
  • Provide leadership and oversight for the design and implementation of all security incident and vulnerability management processes.
  • Provide oversight and guidance in:
    • performing on-going security monitoring of information systems including assessing information security risk through qualitative risk analysis on a regular basis;
    • conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements; and
    • evaluating and recommending new information security technologies and counter-measures against threats to information or privacy, and developing security reports and dashboards.
  • Develop and sustain alliances with appropriate industry associations to benchmark best practices.
  • Establish guidelines to understand and mitigate potential risks involved in the loss of intangibles (reputation).

Competency Profile

The following competencies listed below define the role of CISO Canada:


  • Demonstrates commitment to the organization and its customers.
  • Takes personal responsibility for words and actions.
  • Maintains consistency between words and actions.
  • Acts in compliance with department, company, and industry standards.


  • Holds self and others accountable.
  • Demonstrates drive to excel.
  • Exhibits mature self-confidence.


  • Exhibits customer service orientation.
  • Demonstrates flexibility and change.
  • Demonstrates analytical thinking.
  • Demonstrates conceptual thinking.


  • Exhibits teamwork and collaboration.
  • Communicates effectively.
  • Understands and influences others.

Preferred Experience / Education

The following indicates specific industry, academic and functional experience/qualifications that are important to the successful achievement of the identified responsibilities and performance deliverables

  • The successful candidate will bring a minimum of 10 years of information security experience with at least 3-5 years of experience related to IT security architecture.
  • A positive and participative leadership style with an ability to earn the trust and support of all levels of senior management across the organization.
  • A strategically oriented individual with superior communication and interpersonal skills and a willingness to roll-up his/her sleeves to achieve agreed upon outcomes.
  • The successful candidate will have a minimum 4 year undergraduate degree with an industry recognized IT security designation (CISSP, CISA or CISM).
  • Prior experience working in the financial services industry would be ideal.
  • Experience with policy compliance tools and control processes.

Remuneration & Benefits 

  • Highly competitive base salary, variable compensation along with other compensation.

StoneWood Group does not contact Clients and Candidates via WhatsApp. If you receive such an outreach it is a SCAM!