Head of Information Security / CISO

CanDeal is a leading provider of electronic marketplaces and data services for Canadian dollar debt securities and derivatives. Its Markets Division provides access to liquidity for Canadian government, agency, provincial and corporate bonds, as well as money market instruments and interest rate swaps. CanDeal Solutions delivers data products and other services that support business, trading and technology needs for participants in the Canadian capital markets.

CanDeal is a growing and entrepreneurial organization with an ownership group including : BMO Nesbitt Burns Inc., CIBC World Markets, National Bank Financial Inc., RBC Capital Markets, Scotia Capital, TD Securities and TMX Group.

This is an exciting time to join a growing organization led by visionary leaders who are shaping the industry’s future.

• Leads information security function and is accountable for the enterprise information security program.
• Creates / contributes information security strategies, both short-term and long-range, in support of business strategic goals and IT strategies.
• Collaborates with senior leadership from other departments to provide oversight, operational expertise and direction to the organization and operational teams.
• Reviews IT and security governance structures, processes and procedures to prevent security breaches, major incidents and non-compliance with regulatory requirements.
• Monitors and conducts ongoing assessments of security standards, policies and controls, in accordance with recognized frameworks such as ISO, NIST and COBIT, necessary for breach prevention, data loss prevention, detection and remediation, and continuous improvement.
• Assesses security infrastructure, cloud environments, changes and new additions to existing systems including identity and access management, data protection, vulnerability assessment, testing and recommendations for improvement.
• Provides reports and recommendations to mitigate risks to senior management by communicating in non-technical, cost / benefit terms and in a format relevant to senior management so decisions can be made to ensure the security of information systems and information entrusted to CanDeal.
• Oversees all ongoing activities related to the development, implementation, and maintenance of CanDeal’s information security policies and procedures, ensuring they cover the security of information at rest or in transit and assisting departments in local process and procedure development.
• Provides mentorship and staff development, and assists other departments to ensure regulatory compliance in areas such as OSC, OSFI, PIPEDA, and GDPR to secure Privacy Information (PII).
• Chairs the Information Security Committee (ISC) and coordinates its activities so security decisions do not interrupt business processes while maintaining confidentiality, integrity and availability of CanDeal information.
• Develops information security awareness training and education programs, and collaborates with other CanDeal groups to deliver them to staff as appropriate.
• Proactively prevents potential disaster situations by implementing protections such as detection and prevention systems, secured networking systems, secured cloud hosting of CanDeal’s information, physical safeguards, and a business continuity / disaster recovery plan to offset effects of intentional or unintentional acts.
• Evaluates security incidents and determines the required response per the incident response plan, leading CanDeal responses including technical incident response teams when sensitive information is breached.
• Assesses, evaluates and coordinates with the Vendor Management Office on internal and third-party products, services and solutions.
• Manages and supports other initiatives as required.

• Post-secondary education in IT.
• Minimum 10 years of related information security experience including IT security architecture, cloud environments, security tools, network security, vulnerability management and assessment, anti-malware, endpoint security, secured software development, regulatory compliance, security program management and governance.
• Professional / industry certifications such as CISSP, GIAC, CISA, CISM, or similar.
• Knowledgeable in frameworks such as COBIT 5, ISO 27001, NIST and ITIL in assessing IT control gaps in organizations.

• Strong understanding of security architecture and methodologies.
• Ability to develop and maintain policies and procedures relating to IT / security governance.
• Ability to keep current with IT security developments and vulnerabilities.
• Proven experience in relationship and stakeholder management.
• Effectively manage multiple concurrent projects and reason analytically.
• The ability to work with and train people possessing differing levels of technical knowledge.
• Effective verbal and written communication skills and proficiency in writing technical specifications.

• Self-motivated and driven.
• Highly attentive to detail and committed to quality.
• Enthusiastic, service oriented.

• Provides input into the hiring process for IT Security Analyst roles.
• Recommends IT security tools and solutions to the CIO based on current industry knowledge and best practice, and owns IT Security policies.

• Director

• Full-time

• Accounting / Auditing

Salary and location details: Toronto, Ontario, Canada; CA$110,000.00 per annum.