Director, Information Security

The Director, Information Security will be responsible for strategic development, planning and implementing firm-wide information security (“IS”) standards & practices. As the owner of all information security activities related to the availability, integrity and confidentiality of clients, lawyers, business professionals and business information, the incumbent will ensure compliance with the organization's information security policies. A key element of the Director’s role is working with the IT Committee and senior management to determine acceptable levels of risk for the firm.

PRIMARY RESPONSIBILITIES

• Provide leadership to the enterprise's information security organization.
• Work directly with the CIO to facilitate risk assessment and risk management processes.
• Evaluate the threat landscape, current practices / tools, and define improvement recommendations for reducing the organization’s risk.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program. Establish security management capabilities with a particular focus on the avoidance and mitigation of risks.
• Develop and enhance an information security management framework and strategy.
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
• Identify, recommend and implement IS solutions to meet changes in technology or business needs.
• Understand and interact with different departments to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Develop standards and protocols to ensure security controls and procedures are regularly reviewed, audited and adhered to, including implementation of monitoring/reporting mechanisms and disaster and prevention protocols.
• Work with leaders within the firm to raise awareness of risk management concerns.
• Oversee and as necessary, personally manage the execution of security projects and improvement priorities such as: identity and access management, infrastructure protection, risk and control management, threat and intelligence data, security incident/monitoring, information inventory and identification and data recovery and destruction.
• Oversee Firm IS initiatives related to file storage, digitization, retention scheduling and disaster prevention and recovery.
• Determine impact to security of new change requests and new business initiatives or strategies.
• Implement appropriate training and awareness programs regarding IS requirements, including managing all firm security related communications and development of policies, guidelines and standards.
• Review, adjust, and approve security policies and controls.
• Perform Information Security Compliance and audit activities, including regular reviews (e.g., penetration testing, access reviews) [and the achievement of new certifications (e.g., SOC2, HIPAA)]?
• Engage on client Information Security related priorities, such as providing feedback on client proposals, client reviews and the oversight of contractual requirements related to security.
• Ensure responses to client security and risk assessments are accurate and complete.
• Manage responses and mitigation to security, compliance and audit violations.
• Support Incident response priorities, including improving response plans and operational readiness.
• Provide oversight for external vendors and partners, including risk assessments, approvals, and periodic audits.
• Provide information security input on the design / development of new Products and technology platforms. Support the evaluation of third-party technology and service providers.
• Work closely with other IT teams, as well as third party security service providers to help achieve the desired security goals and objectives.
• Manage day to day operations of the security team.

• Ideally 10+ years experience in security, governance and risk compliance management [within a matrix organization, with at least 5 years in a leadership role]
• Certified Information Systems Security Professional (CISSP) required; Certified Information Security Manager (CISM) preferred
• Degree in Computer Science, IT Security, Management Information Technology, Information
• System or related technical field
• Strong knowledge of key issues regarding IT Security and Information Risk Management (Data Security, Endpoint Security, Record Retention, Data Privacy, Identity and Access Management, etc.).
• Experience developing and implementing IS strategies, programs, policies and standards with in-depth knowledge of information risk concepts and principles.
• Strong analytical, interpersonal, communication, writing and presentation skills.

IQ PARTNERS is committed to operating an inclusive, barrier-free recruitment and selection process, and we encourage candidates of every race, gender, age, religion, identity, and experience to apply for this position. We’d be happy to provide accommodation for any candidate that requires assistance due to a disability or medical need. Please contact us at 416-599-4700 or by email at info@iqpartners.com to discuss specific accommodations.

Job Title:
Director, Information Security

Location:
Toronto, Ontario

Type:
Permanent / Full Time

Job ID:
#517888

Please upload the most recent version of your resume in DOC, DOCX, RTF, PDF or HTML file formats (maximum size: 400kb)