About the Company
Located in western Canada, our client is a leader in the financial services industry. With a well-established presence it proudly serves millions of customers with a myriad of best-of-class products and services.
A well-known employer of choice, our client’s brand extends to superior customer service and experience, both via its extensive brick-and-mortar network and its continually evolving digital capabilities. It is expected that technology will play an ever-more important role in providing the rich omni-channel experience expected by customers.
Our client now seeks a Deputy Chief Information Security Officer (CISO) to serve a critical role in its operations.
Scope of Position
Broadly, the objective of the role of the Deputy CISO is to cultivate an environment that attracts, deploys and retains the human and other resources required to establish and maintain the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Reporting to the Chief Technology Officer, the successful candidate will ensure that the company’s IT security framework, governance, policies and processes are consistent with the overall corporate goals and objectives.
- Collaborate with key stakeholders to determine acceptable levels of risk in compliance with regulatory requirements.
- Direct the development of an information security framework, along with the underlying standards, processes and procedures.
- Provide guidance and leadership with developing, maintaining and updating the information security strategy.
- Develop, implement and effectively communicate a security awareness program for information security throughout the organization.
- Actively ensure appropriate administrative, physical and technical safeguards are in place to protect the information assets from internal and external threats.
- Introduce and implement appropriate processes and procedures to test all information security safeguards on a regular basis.
- Undertake periodic reviews and audits, as required, engaging both internal business partners throughout the organization as well as external resources.
- Ensure that disaster recovery and emergency operating procedures are in place and tested on a regular basis.
- Provide leadership and oversight for the design and implementation of all security incident and vulnerability management processes.
- Provide oversight and guidance in:
- performing on-going security monitoring of information systems including assessing information security risk through qualitative risk analysis on a regular basis;
- conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements; and
- evaluating and recommending new information security technologies and counter-measures against threats to information or privacy, and developing security reports and dashboards.
- Develop and sustain alliances with appropriate industry associations to benchmark best practices.
- Establish guidelines to understand and mitigate potential risks involved in the loss of intangibles (reputation).
The following competencies listed below define the role of Deputy CISO:
Integrity & Sincerity
Inspires trust and supports others through own authenticity and following up on commitments. Maintains high ethical standards both personally and professionally. Shows consistency among principles.
Aims to improve upon past performance. Conveys a sense of urgency and drives issues to closure. Establishes aggressive personal targets and strives to achieve them. Focuses strongly on achieving agreed upon outcomes and ensures that key objectives are met.
Can alter own perspective and behaviour in order to adjust to changing demands and plans. Open to change and readily adopts new methods in the face of shifting priorities and ambiguity. Quickly adapts to new situations and approaches.
Able to stand back from immediate problems in order to focus on more far reaching ideas. Develops a strategic plan to realize the vision. Revises strategy in light of changing circumstances. Takes a long-term view of organizational success. Works to clarify long term organizational goals.
Brings various perspectives and approaches together, combining them in a creative fashion to implement effective improvements. Challenges existing assumptions. Generates new ideas. Goes beyond the status quo. Recognizes the need for new or modified approaches.
Balances personal goals with those of the team. Fosters collaboration among team members. Helps to create a sense of team spirit and harmonious relations through cooperation and support.
Preferred Experience / Education
The following indicates specific industry, academic and functional experience/qualifications that are important to the successful achievement of the identified responsibilities and performance deliverables
- The successful candidate will bring a minimum of 15(?) years of information security experience with at least 3-5 years of experience related to IT security architecture.
- A positive and participative leadership style with an ability to earn the trust and support of all levels of senior management across the organization.
- A strategically oriented individual with superior communication and interpersonal skills and a willingness to roll-up his/her sleeves to achieve agreed upon outcomes.
- The successful candidate will have a minimum 4 year undergraduate degree with an industry recognized IT security designation (CISSP, CISA or CISM).
- Prior experience working in the financial services industry is strongly preferred.
- Experience with policy compliance tools and control processes.
Remuneration & Benefits
- Highly competitive base salary, variable compensation along with other compensation.
If interested, please contact:
StoneWood Group, Toronto
Bus: 416-365-9494 Ext. 233
StoneWood Group, Toronto
Bus: 416-365-9494 Ext. 555