Director, Security and Cybersecurity

Would you like to take on a stimulating, high-impact challenge? We are looking for a Director, Security and Cybersecurity.

The role

The Director, Security and Cybersecurity is responsible for overseeing the security strategy, policies, and procedures of the organization. They ensure the organization's assets, data, and personnel are protected from internal and external threats. The Director will direct a multidisciplinary (cyber and physical) security team and collaborate with other departments to provide technical guidance. This role involves conducting risk assessments, developing mitigation strategies, and ensuring compliance with Federal Government standards and policies. The candidate is also responsible for ensuring that security systems and solutions are properly configured to meet the organization's security needs.

The responsibilities

• Develop and implement the security vision, strategy, and roadmap for the organization.
• Establish security policies, standards, and procedures that align with business objectives and comply with industry’s best practices and regulatory requirements.
• Monitor and report to senior management on the effectiveness of the organization’s security program.
• Conduct regular risk and vulnerability assessments to identify potential system threats and vulnerabilities. Develop and apply risk mitigation strategies.
• Lead incident response efforts to promptly detect, respond to, and recover from security incidents, breaches, and data leaks.
• Promote a security-oriented culture by organizing security training and awareness programs for employees and contractors.
• Guide, mentor, and manage a team of security professionals, establishing priorities and fostering individual growth.
• Manage the security budget, allocate resources effectively, and make cost-effective decisions regarding security investments.
• Undertake the requirements necessary for administering (requesting, reactivating, transferring, renewing, upgrading) personal and organizational (facility) security clearances at the level necessary (i.e., PROTECTED B).
• Design and coordinate the implementation of secure cloud architectures including access controls, firewalls, intrusion detection systems, and encryption protocols.
• Consult stakeholders and other teams on security matters.
• Monitor and review overall risk exposure, including third-party vendors and risks related to systems, networks and data.
• Conduct risk assessments and security assessments and authorizations (SA&A).
• Ensure that mitigation actions are taken to reduce residual risk to an acceptable level.
• Configure, optimize, and use security technologies (SIEM, XDR, IDS/IPS, VA scanner) to manage and mitigate risk exposure.

The requirements

• Bachelor's degree in computer science, information security, or equivalent expertise.
• CISSP (Certified Information Systems Security Professional) certification
• 10 years of professional experience, with experience in leading technical teams.
• Excellent leadership, communication, and interpersonal skills.
• Ability to think strategically, analytically, and creatively.
• Recent experience in conducting risk management activities related to the security assessment and authorization (SA&A) process, in accordance with the ITSG-33 risk management framework.
• Recent experience in providing risk-based recommendations and responding to risk-related inquiries in the context of daily operations.
• Proven track record of creating an overall "master plan" that includes identification and resolution of risks associated with corporate security
• Experience gained in the context of the Government of Canada (GC), including direct employment within a GC department, agency, or Crown corporation, or roles in the private or consulting sector where services were provided directly to a GC organization. (important asset)
• Recent experience in configuring, optimizing, and using security technologies (SIEM, XDR, IDS/IPS, VA scanner) to manage and mitigate risk exposure as well as specific technologies (e.g., Microsoft Sentinel, Microsoft Defender, Tenable Security Center).

Key Competencies

• Knowledge of cloud environment security, particularly Azure.
• Knowledge of network security best practices (e.g., CSE Top 10, SANS).
• Knowledge of risk management and vulnerability management.
• Knowledge of the following CSE publications: ITSG-33.
• Knowledge of Federal Government and CCCS standards, policies, and guidelines.
• Skills: Critical thinking, Judgment, Teamwork (collaboration and relationship management), Initiative, Communication (oral and written).

Employment Condition

• Security level: Secret

• Basic paid group insurance for you and your family: medical, dental, life, disability, etc.
• Access to wellness and health accounts to support your lifestyle.
• Flex-Alto account of $500 to encourage a healthier approach and a more sustainable mode of transportation.
• A retirement plan and savings options (RRSP and TFSA).
• Vacations based on experience, available upon hiring.
• An incentive compensation program.
• Flexible hybrid work mode.
• A work environment that encourages initiative, innovation, and forward-thinking solutions.
• A unique opportunity to shape the future of transportation in Canada.

Please note that we will communicate only with those candidates whose applications are selected for further consideration. To find out more about the entire project, visit Alto - Home.