BDO Canada’s National office is looking for a Director, Information Security, to join our National Information Technology team, responsible for leading the organization’s global information security strategy, governance, and operations. This role will develop and implement enterprise-wide security programs that protect company assets, data, and systems from internal and external threats, ensuring the confidentiality, integrity, and availability of our digital assets while enabling secure business growth across Canada and globally.
The Director will be the architect of BDO Canada’s information security vision, strategy, and compliance and shape the continued growth and maturity of the ISMS program. BDO Canada’s Information Security needs span regulatory, information security, privacy, and more. The Director will partner closely with executive leadership, IT, risk management, legal, and compliance teams to maintain a strong security posture protecting our people, clients, and data.
Key responsibilities include:
Strategic Leadership
- Develop and execute a comprehensive enterprise information security strategy aligned with business goals and risk tolerance.
- Establish a security governance framework, policies, and standards consistent with ISO 27001, SOC II, NIST, and other relevant frameworks.
- Lead the creation and execution of the organization’s security roadmap — encompassing people, process, and technology improvements.
- Present regular security posture updates, metrics, and risk assessments to executive management and the board of directors.
Risk Management & Compliance
- Identify, assess, and manage information security risks across corporate and operational environments.
- Ensure compliance with applicable regulations and standards such as PIPEDA, GDPR, SOC 2, PCI DSS, and provincial/federal privacy laws.
- Direct the execution of periodic security risk assessments, internal audits, and third-party reviews.
- Partner with Legal and Privacy teams to oversee incident response, data breach notification, and regulatory reporting requirements.
Security Operations
- Oversee day-to-day security operations, including threat detection, monitoring, vulnerability management, and incident response.
- Lead the deployment and management of security technologies (SIEM, EDR/XDR, IAM, DLP, CASB, MFA, encryption, etc.).
- Manage and continuously improve the Security Operations Center (SOC) and incident management processes.
- Coordinate with IT infrastructure and cloud teams to ensure secure architecture design, patching, and access control.
Leadership & Collaboration
- Build, mentor, and lead a high-performing information security team, fostering a culture of accountability and continuous improvement.
- Partner with IT and business units to embed security-by-design principles into projects, procurement, and system development.
- Collaborate with HR and Corporate Communications to drive security awareness and training programs for all employees.
- Act as the organization’s security spokesperson during audits, client assessments, and vendor negotiations.
Vendor and Third-Party Security
- Oversee third-party risk management programs and ensure vendors meet the company’s security standards.
- Evaluate and approve security controls for external partnerships, SaaS platforms, and cloud providers.
How do we define success for your role?
- You demonstrate BDO's core values through all aspects of your work: Integrity, Respect and Collaboration
- You understand your client’s industry, challenges, and opportunities; clients describe you as positive, professional, and delivering high quality work
- You identify, recommend, and are focused on effective service delivery to your clients
- You share in an inclusive and engaging work environment that develops, retains and attracts talent
- You actively participate in the adoption of digital tools and strategies to drive an innovative workplace
- You grow your expertise through learning and professional development
Your experience and education
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (Master’s preferred).
- 15+ years of progressive experience in information security roles, with 5+ years in a leadership capacity.
- Demonstrated success building and leading enterprise security programs in an organization of similar scale (3,000–10,000 employees).
- Strong knowledge of cloud security (Azure, AWS, M365), identity management, and modern hybrid IT environments.
- Proven experience developing and managing security budgets and vendor contracts.
- Exceptional communication and presentation skills, with the ability to influence at all levels of the organization.
- Deep understanding of risk management, data protection, and business continuity principles.
- Strategic thinker with the ability to balance security rigor and business agility.
Certifications (Preferred)
- CISSP, CISM, CISA, CCISO, or equivalent executive-level security certification.
- ISO 27001 Lead Implementer / Auditor, or NIST-based certification is an asset.
