Director, Cybersecurity Incident Response

Job Title: Director, Cybersecurity Incident Response

Location: Toronto, ON (Hybrid)
    
Estimated Duration: Fulltime

Department: Information Security and Technology Risk
Reports To: AVP, Information Security Services

About the Role

We are seeking an experienced Cybersecurity Incident Response leader to lead and mature the Cybersecurity Incident Response Program (CSIRP). This role is critical to protecting our business and the trust of our clients by ensuring rapid, effective, and efficient response to cybersecurity incidents and threats. The ideal candidate will have  proven cybersecurity incident response expertise, strong leadership and communication skills, and the ability to collaborate effectively with various departments and stakeholders.

As part of the Information Security Services group, this role will manage a team of incident responders, lead security investigations, provide adequate reporting, and implement response plans for diverse security incidents.

Key Responsibilities

• Define and execute the roadmap for the cybersecurity incident response function.
• Develop, lead, and oversee the end-to-end cybersecurity incident response process, including preparation, detection, analysis, containment, eradication, recovery, and post-incident review.
• As the primary point of contact during cybersecurity incidents, this role would be expected to collaborate with stakeholders from across the organization to provide a holistic response effort.
• Communicate effectively with senior leadership during high-severity incidents, providing regular updates on impact, response activities, and mitigation plans.
• Ensure incidents are properly documented, classified, and reported.
• Conduct tabletop exercises and simulations to assess and improve the organization’s incident response readiness.

• Manage and conduct security investigations to determine the root-cause, scope, and impact.
• Oversee evidence gathering to support investigations, ensuring chain of custody and compliance with legal and regulatory standards.

• Work closely with internal audit, governance, and risk management teams to ensure alignment with corporate security policies and regulatory requirements.
• Coordinate response efforts with the Security Operations Center (SOC), Threat Intelligence, and other technology teams to proactively detect and respond to potential threats.
• Partner with business continuity and disaster recovery teams to ensure seamless integration of incident response with overall organizational resilience.

• Continuously enhance and refine the cybersecurity incident response plan (CSIRP) and playbooks, to align with evolving threats, business objectives, and regulatory landscapes.
• Develop and maintain comprehensive incident response policies, standards, and guidelines that address the needs of the business while aligning with global best practices.
• Establish key performance indicators (KPIs) and metrics to measure the effectiveness and efficiency of the incident response program.
• Provide oversight, analytics, and reporting across all cybersecurity incidents

• Build, mentor, and manage a team of incident responders, fostering a culture of continuous learning and collaboration.
• Foster strong relationships with SOC and third-party incident response providers to ensure additional support when required.

Required Qualifications

• Bachelor’s degree in computer science, Information Security, or a related field.
• 10+ years of progressive experience in cybersecurity, with at least 5 years in a leadership role focused on incident response.
• Proven experience leading enterprise-wide incident response programs and managing major cyber incidents.
• Extensive working knowledge of incident response frameworks (NIST 800-61, ISO 27035, MITRE ATT&CK, etc.) and industry best practices.
• Experience with threat detection, digital forensics, malware analysis, network security, and endpoint security.  
• Experience with responding to security incidents in cloud (Azure, AWS, GCP) and hybrid environments.
• Strong communication skills, with experience briefing senior leadership.

• Certifications such as GCIH, GCFA, CISSP are highly desirable.
• Relevant working experience in the financial services sector is a strong asset.

Key Competencies

• Critical thinking and problem-solving under pressure.
• Excellent communication skills with the ability to explain technical concepts to non-technical audiences.
• Strong collaboration and interpersonal skills to work effectively across teams and business units.
• Detail-oriented with a high level of integrity and professionalism.