Head of Cybersecurity & IT Risk Management
Posted On: October 01, 2020
If you are looking to join one of Canada’s fastest growing companies, goeasy Ltd. is the place for you! Recognized as Canada’s Most Admired Corporate Cultures, GTA's Top 100 Employers, one of Canada’s Top 50 Fintech’s and North America’s Most Engaged Workplaces, we want the best and brightest to join our team.
We are a publicly traded company on the TSX with over 4000% shareholder return since 2001, goeasy operates two main business units. easyfinancial is our consumer lending business that offers secured and unsecured installment loans of up to $35,000 and easyhome is Canada’s largest merchandise lease-to-own company. It is our vision to provide everyday Canadians the path for a better tomorrow, today by giving them access to the credit they need and by offering them a second chance when they have been turned down by banks and traditional lenders. With a retail network of nearly 400 locations across Canada and over 1900 employees, we are able to build lasting relationships with our customers as we help them rebuild their credit and graduate towards prime rates and a brighter financial future.
We are seeking a Head of Cybersecurity & IT Risk Management, reporting to the Chief Information Officer. The successful individual will take on a key role in the organization to the lead the maturation and management of all aspects of Information and Data Security for goeasy.
- Participate as a member of the IT leadership team in governance processes of the organization’s information security strategies.
- Lead strategic information security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future information security technologies.
- Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for information system security administration and user system access based on industry-standard best practices.
- Lead the Information Risk function across the company to ensure consistent and high-value information risk management in support of the business goals.
- Lead strategic information risk planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future information security technologies and controls.
- Defines the IT Security and Data Privacy Protection Strategy and Roadmap
- Defines IT policies and standards with respect to Security and Data Privacy to ensure full protection against security and data breaches
- Define IT security standards for networks, systems, devices and applications.
- Defines IT Security and Data Privacy awareness and education programs for goeasy staff
- Advise goeasy management on implications of evolving IT Security and Data Privacy regulations and trends on a national basis
- Select and approve vendors to provide IT Security and Data Privacy Protection Services
- Serve as the lead for IT Risk Management activities within goeasy
- Serve as the primary interface with internal and external auditors for all compliance related activities, including but not limited to IT internal controls
- Responsible for all network and systems security including standards and annual tests.
This role has several key work relationships:
- Operational Business Leaders– required to ensure IT Security and Data Privacy requirements and considerations are taken into account as the goeasy business strategy and operations evolve
- goeasy Legal – required to ensure the implications of evolving data protection and privacy regulations are well understood
- goeasy Compliance and Internal Audit – required to assist with IT Security and Data Privacy considerations with respect to goeasy products and services
- IT organization peers – required to ensure IT Security and Data Privacy considerations are taken into account in all IT applications, infrastructure and services
- External IT partners – required to ensure IT Security and Data Privacy services are scoped, planned, budgeted and delivered
- 10 years or more successful experience managing IT Security and Data Privacy issues for a financial services company
- Experience with cyber security and cyber insurance is a definite asset.
- Should be well versed in current legal and regulatory issues and trends with respect to IT Security and Data Privacy on a national level
- Excellent understanding of appropriate IT controls as well as IT audit approaches
- Excellent understanding of current technologies and approaches to ensure IT Security and protect data leveraging cloud and mobile technologies
- Experience with creating a complete set of IT Security and Data Privacy policies, processes and procedures
- Strong understanding of IT Security metrics
- Strong understanding of IT Security monitoring and incident response/management tools, techniques and procedures
- Familiarity with IT Risk Management frameworks and approaches (e.g. RiskIT, etc.)
- Hold one or more relevant professional certification (CISSP, SANS GSEC or global equivalents)
- Should have excellent communications skills to interact efficiently with a variety of technical and non-technical stakeholders and program contributors
- Bachelor’s degree required, with a preference for a degree in a related field (information technology, management, pre-law, etc.)
- Experience in the financial services industry or industries is desirable
Internally this role is referred to as Director, Cybersecurity & IT Risk Management
Inclusion and Equal Opportunity Employment
goeasy is an equal opportunity employer. In addition, goeasy is committed to providing accommodations for applicants upon request at any stage of the recruitment process in accordance with all legislative requirements throughout Canada. Please let us know if you require an accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.
All candidates considered for hire must successfully pass a criminal background check, credit check, and validation of their work experience to qualify for hire. We thank all interested applicants, however we will only be contacting those for interview who possess the skills and qualifications outlined above.
Why should you work for goeasy?
To learn more about our great company please click the links below: