Job Information
EDC VP, Enterprise Information Security in Ottawa, Ontario
VP, Enterprise Information Security - 0004N1
Posting Date: Apr 22, 2024, 1:02:15 PM
Primary Location: Ontario-Ottawa
Job Type: Permanent
Schedule: Full-time
Description
Export Development Canada (EDC) is a financial Crown corporation dedicated to helping Canadian businesses make an impact at home and abroad. EDC offers financial products and knowledge to help Canadian businesses confidently enter new markets, reduce financial risk, and grow their business.
When you join our team, you’ll be helping Canadian businesses learn the endless possibilities that open to them through export and help bring their vision, passion, and innovation to the world. Your knowledge and expertise will support more than 25,000 Canadian businesses and their customers in as many as 200 markets worldwide. You’ll work amongst the best and brightest in an inclusive, collaborative environment that fosters professional development and success. And you’ll know that you’re making an impact every day – for businesses, for Canada and for the people you work with.
Are you ready to make an impact? Join EDC, recognized as a Top 100 and Top Family-Friendly Employer, as we take on the risk so Canadian businesses can take on the world. #LI-Hybrid
Position Summary
We're looking for a dynamic and visionary Vice-President of Information Security to lead our cybersecurity efforts and ensure that our systems and data remain protected in an ever-evolving digital landscape. EDC is committed to delivering excellence to our customers while maintaining the highest standards of security and data integrity.
Reporting into the SVP, Chief Digital Technology Officer (CDIO), the Vice President, Enterprise Information Security and Chief Information Security Officer (CISO) will be responsible for establishing and maintaining the information security program to ensure that information assets and associated technologies, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystems in which we operate.
This position requires a visionary leader with sound and working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. You will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security as well as implementing and running the enterprise information security program. It requires a solid understanding and ability to articulate the importance of cybersecurity and be able to communicate this to the board of directors and other senior stakeholders.
The ideal candidate is a business technology leader, a builder of consensus and of bridges between business and technology. Ultimately, the CISO is a thought leader with a strong track record of competency in the field of information security. Central to all cyber security matters, the leader of cyber security will be working in close collaboration with business unit executives, and peers in the digital and technology team to achieve the mandate of protecting Export development Canada (EDC).
Why you should join us:
National Impact: Contribute to Canada's economic growth and prosperity by safeguarding the digital infrastructure that supports our nation's exports expansion.
Innovative Environment: Be part of a dynamic team that leverages cutting-edge technology and innovative solutions to address the evolving cybersecurity landscape.
Career Growth: Expand your horizons and advance your career with ample opportunities for professional development and growth within our organization.
Collaborative Culture: Join a collaborative and inclusive culture where your expertise and insights will be valued, and your contributions will make a tangible difference.
Global Reach: Work on a diverse range of projects and initiatives that have a global impact, supporting Canadian businesses as they compete on the international stage.
Work-Life Balance: Enjoy a supportive work environment that prioritizes work-life balance and offers flexibility to accommodate your personal and professional commitments
Key Responsibilities
Lead the Organization
Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.
Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas.
Manages the budget for the information security function, monitoring, and reporting.
Set the Strategy
Evolves the vision and strategy that is aligned to organizational priorities and enables and facilities the organizations business objectives and ensure senior stakeholder buy-in.
Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled or/and processed by the organization.
Build the Network & Communicate the vision
Creates the necessary internal networks among the information security team and line-of- business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
Liaises with external agencies, such as GoC and cyber agencies and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
Operate the function
Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.
Develop and maintain an incident response plan to effectively detect, respond to, and recover from security incidents.
Oversee day-to-day security operations, including monitoring, logging, and analysis of security events and incidents.
Governance & Build Knowledge
Facilitate an information security governance structure through, including the leading our Information Security Executive Committee (ISEC). This would include reporting to the applicable teams, senior leaders, and the board of directors on a regular basis.
Directs the cyber security awareness training program for all employees, contractors, and approved system users, and establishes metrics to measure the effectiveness of this security training program for different audiences.
Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
Develops, socializes, and coordinates approval and implementation of security policies.
Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
Provide regular reports and updates to senior management and stakeholders on the organization's security posture, including notable risks and incidents.
Education, Training and Previous Experience
Demonstrated experience and success in senior leadership roles in information security, and IT security.
Degree in business administration or a technology-related field, or equivalent work- or education-related experience
Applied knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
Professional certifications such as CISSP, CISM, or CISA are highly desirable.
Deep understanding of information security principles, technologies, and best practices.
It is an asset to be bilingual in both official languages however, we encourage both bilingual and unilingual candidates to apply.
Minimum 15 years’ experience in a combination of risk management, information security and IT roles.
Minimum of 10 years of experience in a leadership position managing high-performing teams
Proven track record and experience in developing information security policies and procedures, as well as successfully executing cyber programs.
Knowledge and Skills
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
Excellent stakeholder management skills
Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.
Salary Range:
- VP Enterprise Info&Security 22: Salaries are based on qualifications and experience and typically range from $170, 366 To $227,154 plus a STI and LTI performance-based incentive.
Location
Export Development Canada is a hybrid work environment.
This role will be performed from EDC’s headquarters in Ottawa or Toronto or Montreal.
Relocation assistance is available for eligible candidates.
EDC's Commitment to Employment Equity
EDC is committed to employment equity and achieving a diverse workforce. EDC actively encourages applications from women, Aboriginal peoples, visible minorities, persons with disabilities and members of the 2SLGBTQI community. If selected for an interview, please advise us if you need any special accommodation.
How to apply
Only candidates selected for an interview will be contacted. : Application deadline on www.edc.ca/careers : May 3, 2024, 10:59:00 PM EDC is committed to employment equity and actively encourages applications from women, Aboriginal people, persons with disabilities and visible minorities. If selected for an interview, please advise us if you require special accommodation. Candidates must meet the requisite government security screening requirements. :
Req ID: 0004N1