Financial Services – VP Enterprise Information Security


About the Company

Our Client is Canada’s export credit agency, offering information, knowledge and innovative commercial solutions to help Canadian exporters and investors expand their international business. They take on risk so Canadian businesses can take on the world.

When you join their team, you’ll be helping Canadian companies bring their vision, passion and innovation to the global marketplace. Your knowledge and expertise will support more than 10,000 Canadian companies and their customers in as many as 200 markets worldwide. You’ll work shoulder-to-shoulder with the best and brightest in an inclusive, collaborative environment that fosters professional development and success. And you’ll know that you’re making a difference every day—for companies, for Canada and for the people you work with.

Scope of Position:

The Vice President, Enterprise Information Security will be responsible for establishing and maintaining the information security program to ensure that information assets and associated technologies, applications, systems, infrastructure and processes are adequately protected in the digital ecosystems in which we operate.  This role will also be responsible for identifying, evaluating and reporting on legal and regulatory, Information and Technology (IT) and cybersecurity risk to information assets, while supporting and advancing business objectives.

This position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. You will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security as well as implementing and running the enterprise information security program.

This position requires a solid understanding and ability to articulate the impact of cybersecurity on (digital) business and be able to communicate this to the board of directors and other senior stakeholders. They will understand that securing information assets and associated technology, applications systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization’s perimeter.

This role requires excellent analytical skills, the ability to manage multiple projects under strict timelines as well as the ability to work well in a demanding, dynamic environment.  You must lead and motivate the information security resources to achieve tactical and strategic goals.

This individual must be knowledgeable about both internal and external business environments. They will be a thought leader, a builder of consensus and of bridges between business and technology.  A true integrator of people, process and technology.

Key Responsibilities

  • Establish Governance & Build Knowledge – facilitate an information security governance structure through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.  This would include reporting to the applicable teams, senior leaders and the board of directors.
  • Lead the Organization – lead the information security function across the company
  • Set the Strategy – develop the vision and strategy that is aligned to organizational priorities and enables and facilities the organizations business objectives and ensure senior stakeholder buy-in.
  • Develop the Frameworks – Develop and enhance up-to-date information security management framework.
  • Build the Network & Communicate the vision – create the necessary internal networks among the information security team and line-of- business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required
  • Operate the function – define and facilitate the process for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.  Develop and oversee effective enterprise business continuity management (BCM) and disaster recovery policies and standards to align with the BCM program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.

Screening Criteria

  • Minimum 15 years’ experience in a combination of risk management, information security and IT or OT (operational technology) roles.
  • Minimum 10 years’ experience in a senior leadership position managing individuals
  • Undergraduate degree in related discipline
  • Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.


  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
  • It is an asset to be bilingual in both official languages however, we encourage both bilingual and unilingual candidates to apply

StoneWood Group does not contact Clients and Candidates via WhatsApp. If you receive such an outreach it is a SCAM!