Associate Vice-President, Information Security

Associate Vice-President, Information Security

Location: This in-office position will be located in our Toronto office.

Our organization:

Founded in 2017, Wellington-Altus Financial Inc. (Wellington-Altus) is the parent company to Wellington-Altus Private Counsel Inc., Wellington-Altus USA Inc., Wellington-Altus Insurance Inc., Wellington-Altus Group Solutions Inc., and Wellington-Altus Private Wealth Inc.—the top-rated* investment dealer in Canada and one of Canada’s Best Managed Companies. With more than $35 billion in assets under administration and offices across the country, Wellington-Altus identifies with successful, entrepreneurial advisors and portfolio managers and their high-net-worth clients. 

*Investment Executive 2024 Brokerage Report Card. 

The opportunity:

Reporting to the Vice-President, Solutions Architecture, the Associate Vice-President, Information Security will be responsible to create organizational awareness about cyber security and privacy, ensure that our technology stacks and data are secure by design and are adequately protected from cyber-attacks. It is also to ensure that procedures and processes are in place to guide action should an attack take place and work with the CISO and Incidence Response Commander as well as the Chief Privacy Officer.

Responsible for the development and maintenance of appropriate IT security and information privacy standards, procedures, corporate and departmental policies, and architectures. This position serves as the single point of contact to other departments, corporation and vendors for all information security and privacy requests. Manage Identity Access Management policies, procedures, and reviews processes. This individual will work with peers on the IT Leadership Team and be accountable for creating a Cyber Security & Privacy Program for the organization.

The ideal candidate will have a proven experience in implementing and assessing processes and best practices around Cyber Security. Ability to effectively define, implement, promote, educate, assess, report, and facilitate third party audits on Information Security and IT management best practices, both internally and at third party service providers. A keen sense of balance between business and security risks is essential. This involves collaborating with business users, vendors, and technology teams to understand problems and opportunities and recommend solutions that enable the organization to meet its goals.

Key responsibilities include:

• Developing an Information Security and Privacy roadmap for the next 3 years to ensure Wellington-Altus has a robust and comprehensive information security strategy.
• Implementing a framework for information security risk governance and control that integrates a consistent methodology to identify, assess information security risks and ensures a process to address those risks.
• Identifying the total Information Security needs and oversee the security posture across a large Enterprise by managing the full life cycle of Cybersecurity.
• Establishing, implementing, enforcing, and monitoring information security standards enterprise-wide.
• Supporting the leadership team in educating the Executive Committee on current and evolving Cyber security technologies, best practices and threats.
• Providing support to the procurement and legal teams regarding information security and privacy with respect to agreements and contracts.
• Leading the ongoing security, privacy and threat risk assessments and security evaluations to verify operational compliance, identify and evaluate gaps and manage exceptions to policy.
• Tracking security related risks and correlating action plans to ensure issues are resolved.
• Responsible to work with third party teams, internal digital and data development teams to interpret and review results from penetration tests, vulnerability scans, and code reviews as required.
• Maintaining organizations Security Risk Register for effective risk management and operational compliance functions.
• Proficient with security frameworks including NIST and SOC 2, Type 2.
• Providing support for compliance and audit activities liaising with internal staff and external auditors.
• Conducting Information Security gap assessments against internal and external standard's.
• Developing and implementing metrics and reporting process to ensure risks are effectively managed.
• Leading Information Security Incident & Breach Response along with key stakeholders in the event of a breach.
• Providing leadership in the development of managed security services to ensure strong security postures of Vulnerability Management, IAM, Endpoint Protection, etc.
• Responsible to ensure the appropriate technology, processes and governance are in place to monitor, detect, prevent, and react to security threats.
• Responsible for ensuring a culture of privacy and information security.
• Working closely with all business units to ensure projects reflect appropriate privacy, information security, and contract management considerations.
• Working with internal and external staff on new initiatives to set up and operate the appropriate security services to protect assets and computing environment.
• Managing and assess external vendors who contribute to the overall security.
• Maintaining current understanding security standards and regulations and ensure with the changing laws and applicable regulations.
• Developing security policies and procedures with regular reviews and updates, minimum annually.
• Monitoring compliance with policies and standard's the Security organization, hiring, managing, and staffing requirements in line with project objectives.
• Overseeing the delegation of work to Analysts and 3rd party partners.
• Setting annual performance targets for individuals and the team and conduct performance reviews.
• Providing ongoing motivation, coaching, guidance, feedback, and mentoring support to the team.
• Managing the workload of team members on the program and help to remove obstacles to their success.

The ideal candidate will possess:

• Bachelor’s degree in finance, computer science, information management or equivalent combination of experience.
• 5+ years’ experience in information systems support, security engineering, and/or risk and governance.

• Certified Information System Security Professional (CISSP).

• Certified Information Security Manager (CISM).

• ITIL 4 certification is an asset.

• Familiarity with commonly used information security concepts, best practices, and standards.
• Experience with SIEM tools and operations (Splunk preferred).
• An ability to run the Identity and Access Management (IAM) security practice.
• Good analytic, troubleshooting, and problem-solving skills.
• Research skills for problems and find information or documentation on related topics.
• Experience with vulnerability scanning tools.
• Experience with anti-virus and endpoint security solutions.
• Experience with Linux and Windows operating systems.
• Expert verbal & written communication skills; additionally, expert analytical, problem-solving, and influence skills.
• An expert ability to collaborate and act as part of a team, with a focus on cross-group collaboration.
• Expert data-driven decision-making skills.
• An ability to manage ambiguity.

Conditions of employment:

• Must be legally eligible to work in Canada.
• Must be able to travel 0-5% of the time.
• A background check, satisfactory to the employer, may be required of the successful applicant prior to commencing employment.

Wellington-Altus Private Wealth is strongly committed to equity and diversity within its community and welcomes applications from women, racialized persons, Indigenous peoples, persons with disabilities, and persons of all sexual orientations and genders. All qualified individuals who would contribute to the further diversification of our organization are encouraged to apply.

If you require accommodation for the recruitment process, please let us know at the point of application.

To apply:

Click the Apply for This Job button to submit your resume, cover letter and salary expectations. You will be contacted if you are selected for an interview. More information about working at Wellington-Altus can be found on our website at www.wellington-altus.com.