Key Responsibilities:
1. Enterprise IT Risk Assessment & Control Framework Oversight
- Lead the identification, evaluation, and mitigation of IT and cybersecurity risks across infrastructure, applications, and data assets.
- Define and manage control frameworks to address key risk areas, especially in cloud, hybrid, and multi-tenant environments.
- Conduct executive-level risk assessments and deliver control strategies to reduce vulnerabilities and ensure operational integrity.
- Oversee business impact analyses, risk appetite assessments, and the integration of risk controls into broader IT governance.
2. Security Operations & Incident Oversight
- Provide strategic direction and oversight to Security Operations Center (SOC) activities and security monitoring initiatives.
- Lead high-severity incident management efforts, ensuring timely escalation, communication, and root cause analysis.
- Evaluate detection and response capabilities, and implement enhancements for real-time threat intelligence and response workflows.
- Define SOC performance metrics and ensure adherence to service-level agreements and best practices.
3. Compliance Management & Regulatory Alignment
- Lead enterprise compliance efforts with international and local regulations (e.g.,GDPR, Law 25, PIPEDA, ISO 27001, PCI-DSS).
- Develop and maintain governance models, internal controls, and audit mechanisms to ensure regulatory readiness.
- Manage client-facing and internal audit engagements, ensuring timely resolution of compliance gaps and issues.
- Act as a strategic liaison between technical teams, compliance officers, and legal counsel.
4. Data Privacy & Protection Governance
- Oversee the design and implementation of robust data protection programs, including encryption, anonymization, and access controls.
- Ensure organizational adherence to privacy laws through formal policies, data protection impact assessments (DPIAs), and secure data lifecycle management.
- Collaborate with Data Protection Officers (DPOs) and client stakeholders to operationalize privacy-by-design principles.
5. Crisis Management & Business Continuity Leadership
- Lead enterprise crisis response planning and business continuity initiatives, including scenario testing and tabletop exercises.
- Provide senior guidance during major cybersecurity incidents or breaches, ensuring minimal business disruption and timely recovery.
- Evaluate and enhance continuity plans to account for evolving threats and operational dependencies.
6. Security Awareness, Training & Stakeholder Engagement
- Develop organization-wide training programs to promote security best practices and compliance awareness.
- Deliver executive workshops and functional team training on cybersecurity risks, policy compliance, and secure operations.
- Foster a culture of accountability and security ownership across business units and client organizations.
7. Strategic Threat Intelligence & Regulatory Monitoring
- Monitor emerging cybersecurity threats, evolving attack vectors, and global regulatory developments.
- Translate external intelligence into actionable internal strategies, technology investments, and control adjustments.
- Provide forward-looking guidance to leadership and clients to stay ahead of regulatory and technological shifts.
8. Reporting, Governance, and Executive Communication
- Oversee the creation of risk dashboards, compliance status reports, and security performance metrics for executive audiences.
- Present complex security and compliance concepts to senior stakeholders in a clear and actionable manner.
- Support board-level reporting and contribute to security strategy development in alignment with corporate objectives.
Required Qualifications:
- Bachelor's or Master's degree inComputer Science, Information Security, Risk Management, or related discipline.
- 8-14 years of experiencein cybersecurity, IT risk management, compliance, or information security governance, with3+ years in managerial role.
- Deep expertise in regulatory standards and control frameworks, such asISO 27001, NIST, COBIT, PCI-DSS, GDPR, Law 25, and PIPEDA.
- Strong knowledge of SOC operations, SIEM tools, threat detection, and incident response strategies.
- Proven ability to manage and influence stakeholders at all levels, including C-suite and board members.
- Excellent written and verbal communication skills inFrench and English.
- Preferred certifications:CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent.
