Director, Information Security

Fengate Asset Management • Full-time • Oakville, ON, CA • 1w ago

OPPORTUNITY

Fengate's Information Technology team is seeking an experienced Director of Information Security. They will be responsible for establishing and maintaining a comprehensive information security and risk management program including the protection of assets from external or internal threats.

This role involves identifying, evaluating, and reporting on security risks to ensure compliance and alignment with business unit objectives. The Director will collaborate with business units to implement best practices and standards that protect our data and systems, focusing on confidentiality, integrity, and availability. This individual will also serve as the primary liaison between the IT department and the Infra/PE/RE/CS functions, with an exciting opportunity to act as a cybersecurity advisor to our portfolio companies, supporting their security posture and risk management practices.

This role will enhance information management by implementing policies, procedures, standards, and controls to protect the firm's information systems, networks, and data. The Director of Information Security will collaborate with all departments, vendors, and the IT team to lead governance, risk, and compliance activities, ensuring alignment with industry trends and best practices. This impactful leadership position involves fostering strong stakeholder relationships and driving technology solutions that support business outcomes.

KEY RESPONSIBILITIES

Partner with corporate function leaders to understand their strategic objectives and ensure IT initiatives support these goals.
Develop, implement, and monitor a strategic enterprise information security and IT risk management program to protect sensitive information and maintain system integrity.
Establish and maintain a comprehensive risk management framework, leading risk assessments and mitigation strategy development.
Oversee the management and continuous improvement of the ISO 27001 framework to ensure alignment with industry standards and regulatory requirements.
Implement a risk-based vendor management process to assess and mitigate risks from partners, consultants, and service providers.
Maintain and communicate up-to-date security policies, standards, and guidelines.
Collaborate with business units to conduct IT risk assessments and manage acceptable levels of risk.
Provide strategic cybersecurity and risk guidance for business and IT projects, assessing and recommending appropriate technical controls.
Oversee vendor management for security services, including managed security service providers (MSSPs), to ensure alignment with security standards and service level agreements.
Create and manage security awareness programs to educate employees, contractors, and approved users about potential security threats.
Develop a comprehensive understanding of business processes, market trends, and industry standards.
Foster collaboration among legal, compliance, and operational teams to address regulatory changes and audit requirements.
Assess and document the organization's compliance and risk posture concerning information assets and operating models across business units.
Investigate and manage security incidents to protect IT assets, including intellectual property and sensitive data.
Independently manage IT security projects, from planning to budget/resource estimation.
Enhance the organization's security posture through process improvement, automation, testing, and monitoring.
Define business process ownership and risks within a GRC tool and provide GRC-based reporting.
Regularly assess the effectiveness of controls, document gaps, and provide remediation guidance.

Requirements

KEY QUALIFICATIONS

Minimum 10+ years of Information Security related experience.
Excellent stakeholder engagement and relationship-building skills with a focus on strategic alignment.
Strong understanding of the ISO 27001 information security framework.
Implementation and technical management experience with Zero Trust and Security Service Edge (SSE) frameworks and security models.
Demonstrated experience with Information Security Risk Management Programs, specifically helping to define an IS risk register which includes identifying threats and risks to the organization.
Skilled in identifying and measuring Key Performance Indicators and Key Risks Indicators.
Experience managing IT security programs in cloud-centric organizations.
Experience with key cloud providers and their respective IAM security products/solutions.
Experience with leading discussions, establishing outcomes, and negotiate paths forward with stakeholders.
Excellent analytical and problem-solving skills with attention to detail.
Proficiency in project management and experience in people leadership.
Ability to evolve security strategy based on research, data, business direction, and industry trends.
Ability to effectively communicate technical requirements to non-technical professionals in a simple manner.

LOCATION

This position will work out of our Oakville or Toronto office, and is required to be in office 3 - 4 days a week.

Fengate is an equal opportunity employer, we strive to attract and retain a diverse workforce and are committed to promoting diversity, equity, inclusion, and belonging in the workplace. It is a core priority at Fengate to create, operate with, and continuously grow and sustain an inclusive culture that respects and connects the diversity of our team, our clients, our partners, and the communities we work in.