Director, Information Security
Toronto, Ontario
Wave HQ
Create beautiful invoices, accept online payments, and make accounting easy—all in one place—with Wave’s suite of money management tools.
We believe small businesses are at the heart of our communities, and championing them is worth fighting for. We empower small business owners to manage their finances fearlessly, by offering the simplest, all-in-one financial management solution they can't live without.
The Director, IT Security, will drive to deliver a security-first culture whilst ensuring development teams continue to operate with speed and agility. This includes building/improving and maintaining a security management program that governs the creation, administration, and oversight of enterprise-wide information security activities while being an effective bridge to other stakeholder departments. As part of the information security program, this role is responsible for the improvement, implementation, and management of areas including enterprise information security services, cyber resilience, information security governance, and information security risk management.
The successful candidate will oversee the team responsible for providing security services focused on network and endpoint security, identity access management, vulnerability management, security tooling for our CI/CD pipelines and implementing DevSecOps processes. They will also be responsible for the collaboration and integration of security policies and procedures with Wave’s parent company.
Work From Where You Work Best: We will always have a welcoming, energizing, and world-class office (in Toronto) with a space for you. Or, if you’re more comfortable working from home, the choice is yours.We Care About Future You: You will stretch yourself and you will grow at Wave. You will also be supported on this journey with diverse learning experiences, educational allowances, mentorship, and so much more.We Support the Full You: We make a serious investment in your health & wellness. When we think about benefits we think about body, mind, & soul and we take this stuff very seriously. We Take Care of the Fundamentals: Fair compensation, all the office perks you’d want, and the various goodies you’d expect from a growing tech company. This is the obvious stuff, but we don’t want you to think we forgot!
We believe that a diverse and inclusive culture creates the best workplace. We embrace our differences, value individuality, and the broad spectrum of every Waver's skills and abilities. We challenge each other from a place of respect and pursuit of continuous growth. We trust each other and encourage everyone to bring their authentic selves to work, everyday. As Wavers, our voices matter, our opinions are met with an open mind. The best ideas win, no matter whose they are. Contributing to an inclusive culture is a part of all of our job descriptions.
We’ve been continuously recognized as one of Canada's Top Ten Most Admired Corporate Cultures and one of Canada’s Great Places to Work in categories including Technology, Millennials, Mental Health, Inclusion and Women.
Are you ready to be a Waver? Join us!
The Director, IT Security, will drive to deliver a security-first culture whilst ensuring development teams continue to operate with speed and agility. This includes building/improving and maintaining a security management program that governs the creation, administration, and oversight of enterprise-wide information security activities while being an effective bridge to other stakeholder departments. As part of the information security program, this role is responsible for the improvement, implementation, and management of areas including enterprise information security services, cyber resilience, information security governance, and information security risk management.
The successful candidate will oversee the team responsible for providing security services focused on network and endpoint security, identity access management, vulnerability management, security tooling for our CI/CD pipelines and implementing DevSecOps processes. They will also be responsible for the collaboration and integration of security policies and procedures with Wave’s parent company.
Here’s How You Make an Impact:
- Own and manage security processes with accountability for successful audit compliance (SOC2, PCI, HIPAA) and developer productivity metrics
- Drive tooling simplification and management of access controls in order to reduce costs, business complexity and risk
- Developing long term vision (2+ years) and though leadership (SMEs) for the security origination in partnership with Corporate IT, Compliance and Risk
- Refining security team roles and developing role guidelines, including career development paths
- Defining and improving the security incident management process
- Working with stakeholders to ensure that security is a primary focus across all of Wave, including education
- Rolling up your sleeves for hands-on work configuring security tools, monitoring and alerting
- Proactively identifying gaps in Wave’s security posture and developing solutions and standards to address potential threats
- Performing security reviews for new technologies and vendor risk assessments to enable the business to make informed decisions
- Conducting threat and risk analysis of our cloud-based systems, applications and supply chains
- Investigating and triaging security incidents and conducting technical and forensics evidence gathering
- Driving compliance activities including regular reviews and audits
- Coaching and growing a team of Security Engineers
You Thrive Here By Possessing the Following:
- 7+ years of progressive experience that includes designing and implementing an enterprise information security strategy and program
- 5+ years of related experience in a leadership role in an Cloud/SaaS Infrastructure environment (i.e. AWS)
- Previous experience managing a team or acting as a team lead responsible for a technical team
- Demonstrated information security experience across multiple disciplines (ops, engineering, incident response, application security, etc)
- Experience implementing regulatory frameworks such as SOC, PCI, HIPAA, SOX, PIPEDA
- Competent with a common scripting language (Python)
- Ideal candidate has experience working with SaaS and/or FinTech organizations
Work From Where You Work Best: We will always have a welcoming, energizing, and world-class office (in Toronto) with a space for you. Or, if you’re more comfortable working from home, the choice is yours.We Care About Future You: You will stretch yourself and you will grow at Wave. You will also be supported on this journey with diverse learning experiences, educational allowances, mentorship, and so much more.We Support the Full You: We make a serious investment in your health & wellness. When we think about benefits we think about body, mind, & soul and we take this stuff very seriously. We Take Care of the Fundamentals: Fair compensation, all the office perks you’d want, and the various goodies you’d expect from a growing tech company. This is the obvious stuff, but we don’t want you to think we forgot!
We believe that a diverse and inclusive culture creates the best workplace. We embrace our differences, value individuality, and the broad spectrum of every Waver's skills and abilities. We challenge each other from a place of respect and pursuit of continuous growth. We trust each other and encourage everyone to bring their authentic selves to work, everyday. As Wavers, our voices matter, our opinions are met with an open mind. The best ideas win, no matter whose they are. Contributing to an inclusive culture is a part of all of our job descriptions.
We’ve been continuously recognized as one of Canada's Top Ten Most Admired Corporate Cultures and one of Canada’s Great Places to Work in categories including Technology, Millennials, Mental Health, Inclusion and Women.
Are you ready to be a Waver? Join us!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
8
1
0
Categories:
Architecture Jobs
Leadership Jobs
Tags: Application security Audits AWS CI/CD Cloud Compliance DevSecOps Endpoint security FinTech Forensics Governance HIPAA Incident response Monitoring PIPEDA Python Risk analysis Risk assessment Risk management SaaS Scripting Security strategy SOC SOC 2 SOX Strategy Vulnerability management
Perks/benefits: Career development Health care Team events Wellness
Region:
North America
Country:
Canada
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Specialist jobsPenetration Tester jobsSenior Cyber Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsSenior Network Security Engineer jobsInformation System Security Officer jobsCloud Security Architect jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsCybersecurity Consultant jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsFinance jobsDoDD 8570 jobsTerraform jobsBash jobsITIL jobsOWASP jobsCRISC jobsUNIX jobsGIAC jobsDocker jobsCompTIA jobsIntrusion detection jobs
TCP/IP jobsBanking jobsSANS jobsThreat detection jobsData Analytics jobsActive Directory jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsCyber defense jobsVPN jobsIT infrastructure jobsJavaScript jobsSOC 2 jobsAnsible jobsSOX jobsDNS jobsSOAR jobsJira jobsGCIH jobsSecurity strategy jobsOracle jobsNIST 800-53 jobsCryptography jobs