Director Information Security

Founded in 1974, CMiC today delivers comprehensive and advanced enterprise and field operations solutions, purpose-built for construction and capital projects companies. CMiC’s powerful software transforms how firms optimize productivity, minimize risk and drive growth by planning and managing all financials, projects, resources, and content assets - all from a single database platform.

In the past several years, the construction industry has experienced unprecedented changes driven by new technologies - including integration with multi-dimensional modeling, an explosion of cloud-based offerings and the demand for robust mobile capabilities. CMiC has kept pace by constantly upgrading and enhancing our advanced platform to reflect the changing needs of the industry, leading to significant growth as a company.

Position Scope

The Director, Information Security will work closely with the Chief Information Security Officer (CISO) to develop and implement comprehensive cybersecurity strategies that protect our organization's information assets and those of our customers’. This role requires a deep understanding of cybersecurity principles and experience in IT Operations, strong leadership skills, and the ability to collaborate across departments to achieve security goals.

Duties & Responsibilities

• Primary Responsibilities:
• Assist in the development, implementation, and management of the organization's cybersecurity strategy.
• Monitor and analyze security threats, vulnerabilities, and incidents to identify risks and mitigate them effectively.
• Lead the design, implementation and enforcement of security policies, standards, and procedures.
• Oversee implementation and evidence collection of the SOC 1 & 2 and ISO 27001 audits
• Collaborate with IT, legal, and other internal stakeholders to ensure alignment with security protocols and regulatory requirements.
• Provide technical and operational guidance in the development and implementation of information security programs.
• Manage security incidents and coordinate incident response efforts, including root cause analysis and remediation.
• Stay current with emerging security trends, technologies, and regulatory changes.
• Report on security metrics and provide updates to senior management and the Information and Privacy Governance Committee.
• Other responsibilities
• Oversee the development and maintenance of disaster recovery and business continuity plans and table top exercises.
• Oversee regular security reviews and assessments to identify and address potential security weaknesses.
• Oversee security awareness training programs to educate employees on security best practices.
• Provide practical advice in compliance with privacy laws and regulations.

Requirements

Education and Experience:

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Certified Information Systems Security Professional (CISSP) or other relevant certifications.
• Minimum of 5 years of experience in information security management or a related role.

Skills and Competencies:

• A solid understanding of cybersecurity principles, network security, encryption, and vulnerability management
• Strong understanding of risk management framework and ability to identify, assess, and mitigate risks to the organization's information assets.
• Ability to develop and implement long-term security strategies that align with the organization's goals.

Preferred Qualifications (Optional)

• Strong knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001, AICPA Trust Services Criteria) and regulatory requirements.
• Experience in implementing security in Cloud services.
• Experience in IT Operations and system configurations.
• Be a self-starter and take ownership of initiatives.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders.
• Proven leadership abilities and experience in managing security team.
• Having IT Operational experience is a bonus.

Work Environment (Optional)

• CMiC has a hybrid work environment.  Successful candidate is expected to be in the office one to two days a week.

Benefits

• Competitive benefits Package (including Health & Dental benefits)
• Paid vacation and personal days
• Townhall meetings where all employees are encouraged to participate in open discussions
• Located on York University’s campus, easily accessible by transit (TTC, GO, etc.), walking distance to shopping and restaurants
• Outdoor lunch space, including picnic tables
• An active Social Events Committee (past events include annual seasonal parties, pool and bowling tournaments, karaoke nights, Game nights, BBQ’s, and more)
• Health and Wellness focus including virtual yoga classes and wellness webinars
• RRSP Matching Program after 2 years of employment
• Experience in a rapidly growing, socially responsible corporation

CMiC is an Equal Opportunity Employer. In accordance with the Accessibility for Ontarians with Disabilities Act, 2005 and the Ontario Human Rights Code, CMiC will provide accommodation to applicants with disabilities throughout the recruitment, selection and/or assessment process. If selected to participate in the recruitment, selection and/or assessment process, please inform Human Resources staff of the nature of any accommodation(s) that you may require.