Full-Time

Director – Information Security

Autotrader.ca

Autotrader.ca

1,001-5,000 employees

Digital marketplace for new and used cars in Canada

Automotive & Transportation

Senior, Expert

Greater Toronto Area, ON, Canada

Required Skills
Communications
Management
Requirements
  • Bachelor's degree in information technology or equivalent experience
  • 8-12 years of direct experience managing people in risk management, information security risk, compliance, and cloud environments
  • Knowledge of common information security management frameworks such as SOC2, ISO/IEC 27001, and NIST
  • Experience with contract and vendor negotiations and management, including managed services
  • Specific experience in software development or other best-in-class development practices
  • Experience with Cloud computing across virtualized environments
  • One or more relevant security certifications: CISSP, CCSP, SSCP, ECES, CySA+
Responsibilities
  • Responsible for the operational leadership of the information security program
  • Communicate with executives across departments to ensure security systems work smoothly to reduce operational risks in the face of a security attack
  • Work directly with the business and IT units to facilitate cyber risk assessment and cyber risk management processes
  • Partner with business stakeholders across the organization to raise awareness of risk management concerns
  • Mature the organization's business continuity management program to ensure business resiliency
  • Lead and provide oversight for security operations activities, including real-time analysis of immediate threats, security operations and challenges in the current and future state of business operations
  • Evaluate IT threat landscape, devise cyber security policy and corresponding controls to reduce risk
  • Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services
  • Develop cyber resiliency to effectively recover from hacking, security incidents, or infringements rapidly
  • Develop processes to maintain records of up-to-date security threats, oversee data loss and fraud prevention, ensure data privacy is secured and maintained, and enhance the information security management system
  • Oversee information security architecture, represent and lead the discussions around the overall business technology planning, integrate the oversight of physical security with cyber security for convergence
  • Mentor the Information Security team members and implement professional development plans for all team members
  • Manage organization-wide information security governance processes, lead and security project priorities internally and with security vendors and third-party businesses, lead auditing and compliance initiatives, and contribute to security policy domains associated with compliance, governance, risk management, incident management, HR management, and additional domains
  • Lead the procurement process for the selection and purchase of security solutions from vendors, establish a system that reduces human error and its impact on security posture
  • Develop a comprehensive plan to attract, train and retain professionals with the requisite skills and interest in pursuing a cybersecurity career, prepare employees with the tools, skills, resources, relationships, and capabilities to protect against information security risks, develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program, lead the employee security awareness training program, develop secure business and communication practices, and identify security objectives and metrics

Company Stage

N/A

Total Funding

N/A

Headquarters

Toronto, Canada

Founded

1975

Growth & Insights
Headcount

6 month growth

0%

1 year growth

11%

2 year growth

25%