Lead risk-based security assessments for new technologies and IT solutions across Canadian Technology Business Units
Safeguard cloud and on-premises environments by identifying threats, recommending controls, ensuring compliance, and driving remediation
Conduct formal risk assessments for technology systems and infrastructure (e.g., NIST RMF)
Identify compliance gaps, enforce security policies/standards, and drive timely remediation
Integrate security into workflows by partnering with technology teams (Agile/DevOps) and platform teams
Partner on RCSA initiatives to align with corporate and regulatory requirements
Manage audits, regulatory reviews, and second line of defense queries; provide evidence and mitigation plans
Define, track, and report remediation programs and corrective actions to meet regulatory requirements and global standards
Review, update, and socialize security policies, patterns, and guardrails across the organization
Offer consulting expertise to Business Unit Technology leaders to align with global security objectives
Represent the Canadian division in global security planning and standards
Build strategic partnerships with counterparts in technology, business and global cybersecurity teams; raise awareness of emerging cyber threats specific to their operations
Build deep knowledge of the Canadian segment and BUs’ or equivalent experience business processes and products to tailor risk mentorship
Report important metrics, control effectiveness, and risk posture; maintain customer dashboards and briefings
Continuously refine processes based on industry trends, threat intelligence, and audit findings
Delegate, lead, and mentor teams with the autonomy needed to facilitate decision-making

Requirements

10+ years in information security and risk management, including 5+ years in leadership roles
Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience)
Professional certifications: CISSP, CISM, CRISC (or equivalent)
Deep understanding of security and risk management frameworks (ISO 27001, NIST, COBIT) and relevant regulations (e.g., GDPR, SOX)
Deep technical knowledge and hands-on experience in: Cloud and network security, Cryptography and key management, Identity and Access Management (IAM), Application security (SDLC, SAST/DAST, threat modeling)
Experience working in Agile/DevOps environments and integrating security into CI/CD
Superb communication, consulting, and influencing skills; ability to tailor messages to technical and executive audiences
Strategic problem solver with analytical and innovative capabilities; proactive approach to issue remediation
Skilled in customer management, alignment, and cross-functional collaboration
Ability to foster a culture of security awareness across the Canadian segment
Good interpersonal skills for engaging diverse communities and executive customers.

Benefits

Health, dental, mental health, and vision insurance
Short- and long-term disability insurance
Life and AD&D insurance coverage
Adoption/surrogacy and wellness benefits
Employee/family assistance plans
Various retirement savings plans including pension and global share ownership plan with employer matching
Financial education and counseling resources
Generous paid time off including holidays, vacation, personal, and sick days
Full range of statutory leaves of absence

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securityrisk managementcloud securitynetwork securitycryptographyidentity and access managementapplication securityAgileDevOpsCI/CD

Soft Skills

communicationconsultinginfluencingstrategic problem solvinganalytical skillsinnovative capabilitiescustomer managementcross-functional collaborationinterpersonal skillsmentoring

Certifications

CISSPCISMCRISC