Job Title: Director, Information Security & Risk Location: Toronto, ON (Hybrid)
Estimated Duration: Fulltime
Job Description:
The Senior Director, Information Security Officer (ISO) is a strategic executive leadership role responsible for overseeing the entire cybersecurity posture. The ISO leads the development, execution, and continuous improvement of comprehensive cybersecurity programs that protect digital and information assets and ensure organizational resilience. This position is accountable for ensuring the confidentiality, integrity, and availability of our client's technology infrastructure, and for aligning security strategies with business objectives, regulatory compliance, and emerging threats.
The ISO directly advises the Executive Leadership Team and Board of Directors, and leads cross-functional collaboration with municipal, regulatory, and law enforcement partners.
Key Responsibilities:
• Lead enterprise-wide cybersecurity governance, risk management, operations, and compliance across the organization and affiliates.
• Design and implement cyber strategy, policies, standards, procedures, and controls aligned with NIST CSF and other frameworks.
• Oversee threat monitoring, incident response, vulnerability management, and forensics functions.
• Manage and mentor a large multidisciplinary cybersecurity team (20+ staff), including four senior managers.
• Provide expert advisory and reporting to the CFO, executive leadership, and Board Committees.
• Ensure alignment of cybersecurity posture with operational technology (OT) and information technology (IT).
• Supervise cybersecurity risk assessments, maturity assessments, and internal/external audits.
• Direct disaster recovery (DR), business continuity planning (BCP), and emergency response efforts.
• Ensure legal, privacy, regulatory and audit compliance across cybersecurity programs.
• Establish and report enterprise-level KPIs and performance metrics.
• Lead strategic vendor and stakeholder management with other regulatory bodies, vendors, and law enforcement.
• Oversee a cybersecurity budget of $3.5M–$4.5M and ensure responsible fiscal management.
• Promote cyber awareness programs and conduct executive-level and board-level training.
• Act as incident commander during major cyber events or crises, including war room coordination.
Reporting Structure:
• Reports To: Chief Financial Officer
• Direct Reports: 4 Senior Managers (IS Defense & Operation; GRC/Risk & Security Architecture; Security Program Execution; Security Program Manager)
• Team Size: Over 20 staff including supervisors and leads
Key Interfaces:
• Internal: Legal, Compliance, Enterprise Risk, IT, Facilities, Communications, Finance, People & Culture
• External: Regulatory Bodies, Cybersecurity Vendors, Auditors, Law Enforcement
Qualifications:
Experience:
• Minimum 15 years in information security, with at least 10 years in senior leadership roles.
• Proven experience in leading cybersecurity transformation programs in complex environments.
Education:
• Bachelor’s or Master’s degree in cybersecurity, information systems, or related field.
Certifications (at least one preferred):
• CISSP, CISM, CRISC, CISA, GSLC
Desired Qualifications:
• Experience in the public sector or similarly complex organizations.
• Strong technical knowledge in IT/OT security, cloud security, and incident response.
• Expertise in security frameworks: NIST CSF, ISO 27001, COBIT, etc.
• Ability to communicate cyber risks to non-technical executive stakeholders and Boards.
• Demonstrated ability to lead under crisis, including ransomware and breach scenarios.
Working Conditions / Special Considerations:
• Regular hours: 36.25 hour work week.
• Requires availability during emergencies, breaches, and war room scenarios.
• May involve evening, weekend, and extended-hour commitments.
• Requires handling highly confidential and sensitive data
Estimated Duration: Fulltime
• Lead enterprise-wide cybersecurity governance, risk management, operations, and compliance across the organization and affiliates.
• Design and implement cyber strategy, policies, standards, procedures, and controls aligned with NIST CSF and other frameworks.
• Oversee threat monitoring, incident response, vulnerability management, and forensics functions.
• Manage and mentor a large multidisciplinary cybersecurity team (20+ staff), including four senior managers.
• Provide expert advisory and reporting to the CFO, executive leadership, and Board Committees.
• Ensure alignment of cybersecurity posture with operational technology (OT) and information technology (IT).
• Supervise cybersecurity risk assessments, maturity assessments, and internal/external audits.
• Direct disaster recovery (DR), business continuity planning (BCP), and emergency response efforts.
• Ensure legal, privacy, regulatory and audit compliance across cybersecurity programs.
• Establish and report enterprise-level KPIs and performance metrics.
• Lead strategic vendor and stakeholder management with other regulatory bodies, vendors, and law enforcement.
• Oversee a cybersecurity budget of $3.5M–$4.5M and ensure responsible fiscal management.
• Promote cyber awareness programs and conduct executive-level and board-level training.
• Act as incident commander during major cyber events or crises, including war room coordination.
• Reports To: Chief Financial Officer
• Direct Reports: 4 Senior Managers (IS Defense & Operation; GRC/Risk & Security Architecture; Security Program Execution; Security Program Manager)
• Team Size: Over 20 staff including supervisors and leads
• Internal: Legal, Compliance, Enterprise Risk, IT, Facilities, Communications, Finance, People & Culture
• External: Regulatory Bodies, Cybersecurity Vendors, Auditors, Law Enforcement
Experience:
• Minimum 15 years in information security, with at least 10 years in senior leadership roles.
• Proven experience in leading cybersecurity transformation programs in complex environments.
Education:
• Bachelor’s or Master’s degree in cybersecurity, information systems, or related field.
Certifications (at least one preferred):
• CISSP, CISM, CRISC, CISA, GSLC
• Experience in the public sector or similarly complex organizations.
• Strong technical knowledge in IT/OT security, cloud security, and incident response.
• Expertise in security frameworks: NIST CSF, ISO 27001, COBIT, etc.
• Ability to communicate cyber risks to non-technical executive stakeholders and Boards.
• Demonstrated ability to lead under crisis, including ransomware and breach scenarios.
• Regular hours: 36.25 hour work week.
• Requires availability during emergencies, breaches, and war room scenarios.
• May involve evening, weekend, and extended-hour commitments.
• Requires handling highly confidential and sensitive data
The pay range that the employer reasonably expects to pay for this position is between CA$185,000 and CA$210,000
Our voluntary benefits offering includes medical, dental, vision and retirement benefits.
Applications will be accepted on an ongoing basis.
Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.
Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.
Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!
Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.
Open ears. Open minds. Open futures