DIRECTOR, SECURITY AND COMPLIANCE

About the Company

We are looking for a Director, Security and Compliance to join us in making vacation dreams come true. As the Director, Security and Compliance you will be responsible for establishing and managing the strategic direction and implementation of comprehensive cybersecurity and compliance programs across the organization. This role is crucial for safeguarding customer data, ensuring compliance with regulatory standards, and maintaining robust, proactive defenses against evolving security threats. The position reports to the Chief Information Officer and will be located in Toronto, ON.- Spanish Speaking is an Asset

About the Role

Develop, implement, and continuously improve the organization's cybersecurity strategy Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST) Establish and maintain cybersecurity policies, standards, and procedures Conduct regular audits and compliance assessments, addressing gaps as necessary Lead the development and execution of incident response plans Oversee threat monitoring, detection, and response processes Coordinate post-incident evaluations to improve response effectiveness and resilience Implement data protection policies in alignment with data privacy regulations Oversee data encryption, secure data storage, and access control management Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards Develop and lead cybersecurity training programs for all levels within the organization Establish ongoing communication strategies to promote a culture of cybersecurity awareness Create specialized training modules for high-risk employees and stakeholders

Responsibilities

• Develop, implement, and continuously improve the organization's cybersecurity strategy
• Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making
• Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives
• Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST)
• Establish and maintain cybersecurity policies, standards, and procedures
• Conduct regular audits and compliance assessments, addressing gaps as necessary
• Lead the development and execution of incident response plans
• Oversee threat monitoring, detection, and response processes
• Coordinate post-incident evaluations to improve response effectiveness and resilience
• Implement data protection policies in alignment with data privacy regulations
• Oversee data encryption, secure data storage, and access control management
• Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards
• Develop and lead cybersecurity training programs for all levels within the organization
• Establish ongoing communication strategies to promote a culture of cybersecurity awareness
• Create specialized training modules for high-risk employees and stakeholders

Qualifications

University or College degree in a related field A certification in Cybersecurity (CISSP, CISM, CISA, CRISC)

Required Skills

• Proficiency in risk management frameworks, cybersecurity standards, and compliance requirements
• Strong understanding of incident response protocols, threat intelligence, and threat detection
• Familiarity with data protection and encryption methodologies
• Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM - moving to InTune, Microsoft Azure architecture, Vikking Cloud

Preferred Skills

Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM - moving to InTune, Microsoft Azure architecture, Vikking Cloud

Pay range and compensation package

Hybrid Work- 2-3 days onsite- near Toronto Pearson Airport

RRSP Matching Program

Growth opportunities

Free Parking

Delicious snacks and meals at a subsidized price

Competitive compensation- Up to 20% target bonus- based on personal and corporate goals