Head of Information Security

Leith Wheeler Investment Counsel • Full-time • Vancouver, British Columbia, Canada • C$ 150k - C$ 200k / year • 3h ago

Leith Wheeler Investment Counsel Ltd. is an employee-owned firm, headquartered in Vancouver with offices in Calgary, Toronto and Montreal. We manage over $30 billion of assets on behalf of pension, foundation, corporate, Aboriginal, and individual clients across Canada.

We are seeking a seasoned Head of Information Security to lead and execute the firm’s cybersecurity strategy and manage operational risk controls. The Head of Information Security also serves as the accountable authority for all regulatory compliance programs and certifications. This role ensures the protection of information assets, adherence to regulatory requirements, and resilience against evolving cyber threats.

The Head of Information Security leads the execution and management of compliance programs, acts as the primary authority for audit readiness and regulatory liaison, drives cybersecurity initiatives, collaborates with key stakeholders, and champions cybersecurity awareness across the business.

This is an individual contributor role, reporting to the Chief Financial Officer.

Key Responsibilities:

Strategic Leadership

Define and execute the enterprise cybersecurity strategy, roadmap, and operating model aligned with business objectives, risk appetite, and governance frameworks.
Embed cybersecurity into enterprise architecture, technology initiatives, and the secure software development lifecycle (SDLC).
Integrate cyber and technology risks into the broader enterprise risk management framework.
Advocate for cybersecurity across the organization, fostering a security-first culture and continuous improvement.
Engage with external industry bodies, regulators, and partners to maintain awareness of emerging threats and best practices

Operational Excellence

Lead cybersecurity operations including threat monitoring, intelligence, vulnerability management, penetration testing, and proactive threat hunting.
Direct incident response, crisis management, escalation, and post-incident reviews, ensuring effective executive communication.
Develop, test, and continuously enhance incident response, disaster recovery, and cybersecurity components of business continuity planning.
Oversee data protection, privacy, and data loss prevention (DLP) programs.
Manage cybersecurity technologies, tooling, and vendor relationships to support organizational security objectives.
Design and deliver cybersecurity awareness and training programs for staff.

Governance, Risk & Compliance

Establish and maintain cybersecurity governance, policies, standards, and procedures.
Lead third-party and vendor cybersecurity risk management programs.
Own and manage all cybersecurity and data privacy regulatory compliance initiatives (e.g., SOC 1/2, ISO 27001, GDPR, PIPEDA).
Lead audits, certifications, and regulatory engagements; prepare and present cybersecurity risk and compliance updates to executive leadership.
Define, monitor, and report cybersecurity metrics, KPIs, and risk indicators.
Oversee alignment of physical security controls with cybersecurity measures for comprehensive asset protection.

Qualification and Experience:

10+ years of experience in information technology with at least 5 years in a senior cybersecurity leadership role.
Proven ability to develop and execute strategic cybersecurity plans and communicate effectively with executive leadership
Experience in regulated financial services, preferably investment fund industry, with strong understanding of technical and business processes
Advanced knowledge of enterprise architecture, identity and access management (IAM), and security technologies
Demonstrated experience in vendor management, capacity planning, and change management
Demonstrated experience leading regulatory compliance programs and audits in financial services, including SOC 1 / SOC 2, GDPR, PIPEDA, and ISO 27001
Proven ability to develop, track, and report cybersecurity metrics and KPIs
In-depth knowledge of Azure infrastructure, cloud applications, and enterprise-level cloud technologies
Experience developing, testing, and leading incident response and crisis management programs

Education & Certifications:

University Degree or College Diploma in Computer Science, Information Security, or related field
CISSP, CISM, and CRISC certifications

Diversity & Inclusion:

Diversity is an important value to us. We are committed to providing equal opportunities in employment and to providing a workplace which is free from discrimination and harassment. This means that all job applicants and employees will receive equal treatment regardless of race, color, ethnic or national origins, sex, marital status, disability, age, sexual orientation, religion, or belief.

What We Offer:

Employee Ownership: As an employee-owned firm, we believe in rewarding those who contribute to our collective success. Team members have the opportunity to become future shareholders and grow alongside the firm.
Open and Transparent Culture: We value open dialogue, collaboration, and trust. Everyone has a voice, and ideas are encouraged—whether they come from a new hire or a long-time partner.
Team-Oriented and Supportive Environment: You’ll work closely with experienced professionals who are approachable, respectful, and invested in each other’s success.
Leadership Opportunity: This is a high-impact leadership role during a critical modernization phase providing an opportunity to leave a lasting, well-governed security and risk foundation.
Competitive Compensation: Base salary for this role typically falls between CAD $150,000 – $200,000, with potential flexibility for highly experienced candidates.