- Company Name
- Alto
- Job Title
- Directeur·trice, Sécurité et cybersécurité
- Job Description
-
**Job title**
Director, Security and Cybersecurity
**Role Summary**
Lead the organization’s security and cybersecurity program, defining strategy, policies, and procedures to protect assets, data, and personnel. Manage a multidisciplinary security team, collaborate with other departments, and ensure compliance with federal regulations and industry best practices. Guide risk assessments, incident response, and security architecture, while maintaining a culture of security awareness.
**Expectations**
* Deliver a comprehensive security vision, strategy, and roadmap aligned with business objectives.
* Achieve measurable improvements in security posture, risk reduction, and incident handling efficiency.
* Maintain compliance with Canadian federal standards (e.g., ITSG‑33) and contractual obligations with government entities.
* Build and retain a high‑performing security team, fostering professional growth and accountability.
* Effectively manage the security budget and resource allocation to maximize ROI.
**Key Responsibilities**
* Develop and implement security vision, strategy, and roadmap.
* Establish security policies, standards, and procedures that align with business goals and regulatory requirements.
* Monitor program effectiveness and report findings to senior leadership.
* Conduct regular risk and vulnerability assessments; design and apply mitigation strategies.
* Lead incident response, quickly detecting, containing, and remediating security incidents and data breaches.
* Promote a security‑first culture through training and awareness programs for staff and contractors.
* Guide, coach, and manage security professionals, prioritizing tasks and supporting career development.
* Allocate and manage the security budget, making sound investment decisions.
* Manage security clearances, authorizations, and access controls required by PROTÉGÉ B levels.
* Design and coordinate secure cloud architectures, including access controls, firewalls, IDS/IPS, and encryption protocols.
* Consult with stakeholders on security matters and coordinate cross‑functional security initiatives.
* Monitor overall risk exposure, including third‑party vendor and system‑level risks.
* Execute SA&A processes and ensure residual risk is acceptable.
* Deploy and optimize security technologies (SIEM, XDR, IDS/IPS, vulnerability scanners).
**Required Skills**
* Strategic, analytical, and creative thinking.
* Leadership, communication, and interpersonal skills.
* Expert knowledge of risk management frameworks (ITSG‑33).
* Strong incident response and crisis management ability.
* Proficiency in security architecture design and cloud security.
* Experience managing SIEM, XDR, IDS/IPS, and vulnerability scanning tools.
* Governance, policy development, and compliance expertise.
* Budget planning and resource allocation.
* Coaching and team‑development capabilities.
* Ability to influence stakeholders across technical and business domains.
**Required Education & Certifications**
* Bachelor’s degree in Computer Science, Information Security, or equivalent.
* Certified Information Systems Security Professional (CISSP).
* Minimum 10 years of relevant professional experience, including leadership of technical teams.
* Recent experience with SA&A activities under ITSG‑33 and risk‑based recommendations.
* Demonstrated experience working with the Canadian Government or providing services to a GC organization is highly desirable.