About the Company
We are looking for a Director, Security and Compliance to join us in making vacation dreams come true. As the Director, Security and Compliance you will be responsible for establishing and managing the strategic direction and implementation of comprehensive cybersecurity and compliance programs across the organization. This role is crucial for safeguarding customer data, ensuring compliance with regulatory standards, and maintaining robust, proactive defenses against evolving security threats. The position reports to the Chief Information Officer and will be located in Toronto, ON.- Spanish Speaking is an Asset
About the Role
Develop, implement, and continuously improve the organization's cybersecurity strategy Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST) Establish and maintain cybersecurity policies, standards, and procedures Conduct regular audits and compliance assessments, addressing gaps as necessary Lead the development and execution of incident response plans Oversee threat monitoring, detection, and response processes Coordinate post-incident evaluations to improve response effectiveness and resilience Implement data protection policies in alignment with data privacy regulations Oversee data encryption, secure data storage, and access control management Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards Develop and lead cybersecurity training programs for all levels within the organization Establish ongoing communication strategies to promote a culture of cybersecurity awareness Create specialized training modules for high-risk employees and stakeholders
Responsibilities
- Develop, implement, and continuously improve the organization's cybersecurity strategy
- Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making
- Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives
- Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST)
- Establish and maintain cybersecurity policies, standards, and procedures
- Conduct regular audits and compliance assessments, addressing gaps as necessary
- Lead the development and execution of incident response plans
- Oversee threat monitoring, detection, and response processes
- Coordinate post-incident evaluations to improve response effectiveness and resilience
- Implement data protection policies in alignment with data privacy regulations
- Oversee data encryption, secure data storage, and access control management
- Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards
- Develop and lead cybersecurity training programs for all levels within the organization
- Establish ongoing communication strategies to promote a culture of cybersecurity awareness
- Create specialized training modules for high-risk employees and stakeholders
Qualifications
University or College degree in a related field A certification in Cybersecurity (CISSP, CISM, CISA, CRISC)
Required Skills
- Proficiency in risk management frameworks, cybersecurity standards, and compliance requirements
- Strong understanding of incident response protocols, threat intelligence, and threat detection
- Familiarity with data protection and encryption methodologies
- Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM - moving to InTune, Microsoft Azure architecture, Vikking Cloud
Preferred Skills
Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM - moving to InTune, Microsoft Azure architecture, Vikking Cloud
Pay range and compensation package
Hybrid Work- 2-3 days onsite- near Toronto Pearson Airport
RRSP Matching Program
Growth opportunities
Free Parking
Delicious snacks and meals at a subsidized price
Competitive compensation- Up to 20% target bonus- based on personal and corporate goals
