Our client, LifeRaft, a Nova Scotia–based security intelligence company, is sustaining its impressive growth this year and looking to add to its team once again. LifeRaft enables enterprises to be alerted of security threats and business risks using online threat intelligence. Following an additional follow-on investment from the Canadian Business Growth Fund (CBGF), LifeRaft continues to add talent across its organization. On their behalf, Venor is recruiting a Director, Information Security & Privacy to join their team.
The Director, Information Security & Privacy is responsible for the development and delivery of a comprehensive information security and privacy program for the organization. The Director coordinates the development of the information security policies, processes, standards, and procedures and works with the DevOps team and CTO in the development of such policies. The Director is responsible for managing risks related to information security, business continuity planning, crisis management, privacy, and compliance. This position will respond to third-party audit requests, perform information security risk and privacy impact assessments, partake in testing of controls, follow up on identified gaps, and recommend improvements to reduce, contain and mitigate risks.
What you’ll be doing:
- Responsible for IT Ops, including the IT support team, directory services, device management, system patching, office connectivity, and hardware inventory
- Maintain and enhance our ISO 27001 ISMS program by keeping policies up to date, managing the risk matrix, implementing and enforcing IT controls, and ensuring that the organization remains aligned with the standard
- Actively support the sales process by ensuring prompt response to customer security and privacy compliance-related inquiries
- Discuss security and privacy compliance-related issues with management and employees and provide employee training on compliance-related topics, policies, or procedures, and promote cyber security awareness programs across the organization
- Report information security performance against established security metrics, prepare management reports recapping and trending various categories of security issues, and highlighting remediation activities
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommended methods for vulnerability detection and remediation and conduct vulnerability testing
- Conduct regular assessments and audits to ensure compliance with data security and privacy requirements
- Report any security breaches to all internal and external regulatory agencies and respond to third-party inquiries
- Maintain and expand our computer and terminal physical security by developing standards, policies, and procedures; coordinating with facilities security; recommending improvements
- Develop remediation plans and facilitate implementation to reduce future risk of security breaches, data loss, and operational disruption
- Ensure authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements
- Safeguard computer files by performing regular backups; developing procedures for source code management and disaster preparedness; recommending improvements
- Protects systems by defining access privileges, control structures, and resources. Determines security violations and inefficiencies by conducting periodic audits
- Perform privacy impact assessments, vulnerability assessments, coordinate the execution of these within the corporate context, as well as oversee the remediation activities associated with privacy and /or vulnerability/risk findings
- Monitor the organization’s networks for security breaches and investigate a violation should one occur
- Maintain documentation of compliance activities to support audit requests
- Work with our clients and sales operations to facilitate procurement by responding to security questionnaires, engaging with client security teams to answer questions, and reviewing agreements to ensure that they are in alignment with our security program and policies
- Partake in implementation of business continuity and disaster recovery environment of all IT systems/applications
- Collaborate with product management, product owners, and architects in identifying, defining, and prioritizing security, privacy, and compliance-related product and operational improvements
- Work closely with the DevOps department to ensure proper network security and access management policies across cloud vendors (AWS/GCP)
What we are looking for:
- Prior experience reviewing and responding to Data Processing Agreements in customer-facing environments
- Excellent written and oral communication skills, especially in customer-facing environments
- Experience with management and maintenance of compliance programs such as ISO 27001
- Operational experience with security and data protection and experience creating and reviewing policies and procedures
- Experience with developing metrics to report on security and privacy compliance performance
- Experience monitoring and reporting on required corrective action plans relating to security and/or privacy compliance issues, audit deficiencies, or observations
- Experience with or exposure to global data protection regimes and compliance requirements or a demonstrated ability to learn such areas quickly
- Participating in 3rd-party risk assessments
- Working knowledge of technology platforms and data flows, including cloud services
- Professional certifications in the security, privacy, risk management, and audit areas
What’s in it for you:
- Impact: Navigator advances corporate security and is designed to identify, track, and validate issues from open source channels (surface, deep web, and darknet) related to executive safety, fraud prevention, and infrastructure protection.
- Flexibility: The LifeRaft team has employees working across Canada from the comfort of their own homes. That being said, you are also welcome to work from the Halifax office, with the rest of the team… and their office dogs!
- Perks: Our client offers a comprehensive benefits plan, a fun & informal office culture, free parking, and above-average office-supplied coffee.
- Challenge: Your work is solving real-world problems, and is bridging the gap between physical and digital security challenges.
At Venor, we value and celebrate diversity. We welcome applications from all individuals of any race, color, religion, gender identity, orientation, national origin, or disability status.