Director, Information Security Protection and Analysis

Permanent management position/ Quebec City/Montreal/ Toronto/Hybrid

iA Financial Group is looking for a Director, Information Security Protection and Analysis (ISPA) to work in the security services delivery department.

In this role, it will be your responsibility to develop the ISPA team’s strategy and roadmap, privileging automation at each step. An effective information security operation is a hub for organization-wide detection and intervention, mitigating cyber threats and related technology disruptions. You must demonstrate a rigorous and unwavering commitment to security regulations as well as in-depth knowledge of the latest tactics, techniques and procedures specific to the insurance and financial services industry.

Roles and responsibilities

• Direct organization-wide information security operational activities
• Oversee the best use of a range of tools and effective solutions, promoting security and integration capabilities, with the goal of contributing to threat detection and mitigation across local and cloud-based systems
• Direct the ISPA team with your expertise in the domains of cybersecurity operations, incident response, legal investigation, application security, vulnerability, internet filtering, data-loss prevention and firewall and web application firewall management. In addition, you will be responsible for creating a plan to improve detection and response abilities.
• Develop efficiency measures and oversee the execution of security operations, reporting on progress and constantly motivating the team to improve
• Manage and direct multiple service providers
• Manage major incidents by supporting the team with your in-depth knowledge of security concepts, such as threat vectors, cyber attacks and other techniques
• Collaborate with the Chief Information Security Officer (CISO) in order to expand information security’s operational capacities to meet the growing needs of the business
• Revise and update processes in order to reinforce security threat interventions and to consolidate the security operations framework, and highlight all difficulties in service-level arrangement management
• Examine and approve the intervention plan in case of a security event, and ensure its periodic review, testing and updating, based on lessons learned
• Oversee investigations and responses to disputes, ensuring that an incident-response framework is established, and that malware analysis tools and security policies are reviewed following an incident
• Spearhead the development and implementation of processes designed to identify and monitor the movement of sensitive data, protecting it from accidental loss or malicious exfiltration
• Examine and approve the results of penetration tests concerning essential information infrastructure and the adoption of new tools and technologies, and lead the design of vulnerability management plans

Your profile: 

• Bachelor’s or master’s degree in information technology, computer sciences, engineering or business administration (or equivalent)
• At least ten (10) years experience and proven skills in the information security sector, including five (5) years leading the security operations of a large company or an insurance and financial services company
• Broad experience leading complex and large-scale security operations projects involving multiplatform solutions and multiple vendors
• Excellent communication and interpersonal skills
• Experience managing vendors
• Recognized experience defining or conceiving of measures to evaluate and improve security checks
• Excellent analytical and creative problem-solving skills, with a demonstrated ability to be flexible and use good judgement when considering problems and operational risks in a dynamic environment
• Ability to keep long-term strategic visions in mind, using the technical skills required to efficiently implement security functions
• Experience establishing and updating policies, standards, procedures and guidelines
• Excellent command of French and English (oral and written) for frequent interaction with internal and external French- and English-speaking clients, colleagues or partners across Canada and the United States  
• The following technical certifications are considered assets: Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH) and Certified Information Systems Security Professional (CISSP)

Your iA benefits:

• Base salary and organizational bonus
• Group insurance
• Defined-benefit pension plan
• Share purchase plan
• Flexible vacation days
• Flexible working hours and remote work (35 hours/week)
• Career planning and training

Are you up for the job? Apply now and/or contact me on Linkedin: https://www.linkedin.com/in/laurenceamat/