Chief Information Security Officer

Chief Information Security Officer page is loaded Chief Information Security Officer Apply locations CA ON Toronto time type Full time posted on Posted 3 Days Ago job requisition id JR100330 Information Security OfficeRegular, Full timeThe Ontario Securities Commission (OSC) is the statutory body responsible for regulating Ontario's capital markets in accordance with the mandate established in the provincial Securities Act and the Commodity Futures Act. The mandate of the OSC is to provide protection to investors from unfair, improper or fraudulent practices, to foster fair, efficient and competitive capital markets and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, adjudication and enforcement work. The OSC also contributes to national and global securities regulation development.We offer a diverse, fair, and flexible work environment and take pride in our challenging and rewarding work.The Ontario Securities Commission (OSC) is responsible for regulating Ontario's capital markets. Our mandate is to provide protection to investors from unfair, improper, or fraudulent practices, to foster fair, efficient and competitive capital markets, and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, adjudication and enforcement work. The OSC also contributes to national and global securities regulation development.We are looking for a highly skilled and experienced Chief Information Security Officer (CISO) to join our leadership team in Toronto, Ontario. As our CISO, you will shape the future of information security at the OSC and develop and implement strategies to protect our organization from evolving cyber threats.You will have the opportunity to work alongside globally renowned regulators and thought leaders as we execute against our digitally enabled business strategy to protect investors and foster fair, efficient and competitive capital markets.If you have a proven track record within complex technology environments, are a dynamic and self-directed, adaptable, mission-driven leader with a passion for achieving strategic goals, while fostering a culture of excellence we want to hear from you!About the JobReporting to the COO, the Chief information Security Officer (CISO) is responsible for establishing information security strategies to protect the OSC against cyber threats and ensuring adherence to industry standards and best practices. This role will also be responsible for designing, implementing, and monitoring an information security governance, risk, and compliance control framework to support the confidentiality, integrity, and availability of the OSC's information assets. In addition, this role includes the development and implementation of policies and procedures designed to protect enterprise information assets, communications systems, and facilities from both internal and external threat as well as auditing existing systems and processes to ensure compliance with current polices and standards.What the role entails:Strategy and GovernanceDevelop and maintain a robust information security strategy and program aligned with OSC's business objectives, industry best practices and applicable Government programs and directives.Collaborate with senior management to ensure alignment of information security strategies and programs with overall business objectives.Establish and enforce security policies, standards and procedures.Provide updates on security strategies and plan to executives, the Board and other stakeholders as required.Promote and oversee strategic security relationships with external entities, including other government agencies, vendors, and partner organizations.Risk Assessment and MitigationMonitor and assess the organization's security posture, identifying vulnerabilities and risks.Conduct security & threat risk assessments and security evaluations.Define, manage and support information security reviews by third party vendors as required.Present risk assessment results and remediation plans to the senior leadership team and the Board as required.Proactively manage and track information security related risks and corresponding action plans with due dates to ensure that the issues are resolved.Stay informed about emerging security threats and recommend appropriate course of action.Security Awareness and TrainingDevelop and manage the organization's information security training and awareness programs.Promote security awareness across the organization.Incident Response and RecoveryDevelop and maintain information security incidence response plans, procedures, third-party arrangements, and audits.Assist with the design and implementation of disaster recovery and business continuity and incident response plans and audits.Coordinate and lead incident response efforts during security incidentsCommunicate updates on security incidents to relevant stakeholders, including senior leadership and the Board.Supplier Risk ManagementAssess security risks associated with third party service suppliers.Working with the legal and procurement teams, ensure that contracts include appropriate clauses.Monitor vendor compliance with security requirements.Secure Technology and InfrastructureDevelop and enforce policies and standards for acquiring, implementing, and operating new systems and technologies.Lead the security design of "projects" (application, infrastructure etc.) as required.Serve as a technical adviser for projects and provide technical support on matters related to information security.Working with the information technology and data teams, evaluate, select and implement security technologies (e.g. Firewalls, intrusion detection systems, encryption tools, etc.)Oversee the design and maintenance of secure IT infrastructure.Operational ManagementDevelop, track, and control the Information Security unit's annual operating and capital budgets for purchasing, staffing, and operations.Develop and report on Information Security metrics.Collaborate with Information Services, General Counsel Office (Privacy Officer), Corporate Services and Human Resources to establish and maintain a system for ensuring that security and privacy policies are met.Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.Remain informed on trends and issues in the security industry, including current and emerging technologies and prices.What you will bring to the role:Formal Education & CertificationAn undergraduate degree in Information Technology, Computer Science, Engineering or equivalent. Information security specific coursework is an asset.CISSP, CISM, CISA or equivalent certification is required.Knowledge & Experience10+ years of broad and progressive experience managing and/or directing Information Security Operations.Proven experience in planning, organizing, and developing IT security and facility security system technologies.Experience in planning and executing security policies and standards development.Excellent knowledge of technology environments, including cloud security, network security, operating system security, physical and environmental; security and defense in depth solutions.Considerable knowledge of business theory, business processes, management, budgeting, and business office operations.Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems.Good understanding of computer systems characteristics, features, and integration capabilities.Experience with systems design and development from business requirements analysis through to day-to-day management.Excellent understanding of project management principles.Knowledge of secure application development practices and how they can be used effectively.In-depth knowledge of applicable laws and regulations as they relate to information security.Experience collaborating with or managing vendors and auditors.Proven leadership ability.Personal AttributesAbility to set and manage priorities judiciously.Excellent written and oral communication skills.Excellent interpersonal skills.Strong negotiating skills.Ability to present ideas in business-friendly and user-friendly language.Exceptionally self-motivated and directed.Keen attention to detail.Superior analytical, evaluative, and problem-solving abilities.Exceptional service orientation.Proven ability to manage competing priorities and work under pressure.Ability to motivate in a team-oriented, collaborative environment.  What we offer at the OSC! Competitive compensation package which includes performance-based incentives and a premier pension plan.Generous vacation and personal time entitlements.Best in class comprehensive health and wellness benefit package which includes gym membership discounts with Goodlife Fitness.Tuition reimbursement program.Training and development programs.Flexible hybrid work environment (3 days in office each week at 20 Queen Street West).Grow your career and make a difference working at the OSC.* OSC Employees:please apply in Workday using the Browse Jobs feature within your Jobs Hub *We thank all applicants for their interest in the Ontario Securities Commission. We will contact those selected for an interview.The OSC is committed to diversity and providing an inclusive workplace and providing accommodation in accordance with the Accessibility for Ontarians with Disabilities Act and the Human Rights Code. It is our priority to ensure employment opportunities are visible and barrier-free to all under-represented groups including but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the LGBTQ2S community, to achieve an employee demographic profile reflective of the demographic profile of Ontarians.The OSC is a proud partner with the following organizations: BlackNorth Initiative , Canadian Centre for Diversity and Inclusion , and Pride at Work Canada  If you require an accommodation during the recruitment process, please let us know by contacting our confidential inbox HRRecruitment@osc.gov.on.ca .  Visit Accessibility at the OSC  to review the OSC's policies on accessibility and accommodation in the workplace. Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.About OSCThe Ontario Securities Commission is an independent Crown agency that regulates Ontario's capital markets by making rules that have the force of law and by adopting policies that influence the behaviour of capital markets participants.The OSC carries out the powers, duties and functions given to it pursuant to the Securities Commission Act, 2021 . The OSC exercises its regulatory oversight function through the administration and enforcement of Ontario's Securities Actand Commodity Futures Actand administration of certain provisions of Ontario's Business Corporations Act.

#J-18808-Ljbffr