About the Company We are looking for a Director, Security and Compliance to join us in making vacation dreams come true. As the Director, Security and Compliance you will be responsible for establishing and managing the strategic direction and implementation of comprehensive cybersecurity and compliance programs across the organization. This role is crucial for safeguarding customer data, ensuring compliance with regulatory standards, and maintaining robust, proactive defenses against evolving security threats. The position reports to the Chief Information Officer and will be located in Toronto, ON.- Spanish Speaking is an Asset About the Role Develop, implement, and continuously improve the organization's cybersecurity strategy Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST) Establish and maintain cybersecurity policies, standards, and procedures Conduct regular audits and compliance assessments, addressing gaps as necessary Lead the development and execution of incident response plans Oversee threat monitoring, detection, and response processes Coordinate post-incident evaluations to improve response effectiveness and resilience Implement data protection policies in alignment with data privacy regulations Oversee data encryption, secure data storage, and access control management Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards Develop and lead cybersecurity training programs for all levels within the organization Establish ongoing communication strategies to promote a culture of cybersecurity awareness Create specialized training modules for high-risk employees and stakeholders Responsibilities Develop, implement, and continuously improve the organization's cybersecurity strategy Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST) Establish and maintain cybersecurity policies, standards, and procedures Conduct regular audits and compliance assessments, addressing gaps as necessary Lead the development and execution of incident response plans Oversee threat monitoring, detection, and response processes Coordinate post-incident evaluations to improve response effectiveness and resilience Implement data protection policies in alignment with data privacy regulations Oversee data encryption, secure data storage, and access control management Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards Develop and lead cybersecurity training programs for all levels within the organization Establish ongoing communication strategies to promote a culture of cybersecurity awareness Create specialized training modules for high-risk employees and stakeholders Qualifications University or College degree in a related field A certification in Cybersecurity (CISSP, CISM, CISA, CRISC) Required Skills Proficiency in risk management frameworks, cybersecurity standards, and compliance requirements Strong understanding of incident response protocols, threat intelligence, and threat detection Familiarity with data protection and encryption methodologies Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM - moving to InTune, Microsoft Azure architecture, Vikking Cloud Preferred Skills Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM - moving to InTune, Microsoft Azure architecture, Vikking Cloud Pay range and compensation package Hybrid Work- 2-3 days onsite- near Toronto Pearson Airport RRSP Matching Program Growth opportunities Free Parking Delicious snacks and meals at a subsidized price Competitive compensation- Up to 20% target bonus- based on personal and corporate goals
Job Title
National Consultants Professionals Ltd | DIRECTOR, SECURITY AND COMPLIANCE