DIRECTOR, SECURITY AND COMPLIANCE

Job Category: Cybersecurity
Job Type: Full Time
Job Location: Canada
Salary: CA$170K/yr - CA$180K/yr
Company Name: National Consultants Professionals Ltd

Company Overview

National Consultants Professionals provides a broad range of business and technology solutions to assist clients in improving their staffing and business needs. NCP provides clients SOLUTIONS and COST SAVINGS. NCP has resource specialists with expertise servicing clients for over 25 years in the following areas: IT Contract & Temporary Staffing IT Bilingual Support Resourcing Bilingual Call Centre/Level 1/Level 2/Level 3 Permanent Placement Staffing Services Payroll Services Project Management Services NCP prides itself on offering timely, personalized and FLEXIBLE services that save our clients TIME and MONEY.

About the job

About the Company

We are looking for a Director, Security and Compliance to join us in making vacation dreams come true. As the Director, Security and Compliance you will be responsible for establishing and managing the strategic direction and implementation of comprehensive cybersecurity and compliance programs across the organization. This role is crucial for safeguarding customer data, ensuring compliance with regulatory standards, and maintaining robust, proactive defenses against evolving security threats. The position reports to the Chief Information Officer and will be located in Toronto, ON.- Spanish Speaking is an Asset

About the Role

Develop, implement, and continuously improve the organization’s cybersecurity strategy Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST) Establish and maintain cybersecurity policies, standards, and procedures Conduct regular audits and compliance assessments, addressing gaps as necessary Lead the development and execution of incident response plans Oversee threat monitoring, detection, and response processes Coordinate post-incident evaluations to improve response effectiveness and resilience Implement data protection policies in alignment with data privacy regulations Oversee data encryption, secure data storage, and access control management Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards Develop and lead cybersecurity training programs for all levels within the organization Establish ongoing communication strategies to promote a culture of cybersecurity awareness Create specialized training modules for high-risk employees and stakeholders

Responsibilities

  • Develop, implement, and continuously improve the organization’s cybersecurity strategy
  • Conduct regular risk assessments and vulnerability analyses to guide risk-based decision-making
  • Collaborate with executive leadership to align cybersecurity initiatives with overall business objectives
  • Ensure compliance with relevant laws, standards, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST)
  • Establish and maintain cybersecurity policies, standards, and procedures
  • Conduct regular audits and compliance assessments, addressing gaps as necessary
  • Lead the development and execution of incident response plans
  • Oversee threat monitoring, detection, and response processes
  • Coordinate post-incident evaluations to improve response effectiveness and resilience
  • Implement data protection policies in alignment with data privacy regulations
  • Oversee data encryption, secure data storage, and access control management
  • Conduct regular privacy impact assessments and ensure data retention and destruction processes align with legal standards
  • Develop and lead cybersecurity training programs for all levels within the organization
  • Establish ongoing communication strategies to promote a culture of cybersecurity awareness
  • Create specialized training modules for high-risk employees and stakeholders

Qualifications

University or College degree in a related field A certification in Cybersecurity (CISSP, CISM, CISA, CRISC)

Required Skills

  • Proficiency in risk management frameworks, cybersecurity standards, and compliance requirements
  • Strong understanding of incident response protocols, threat intelligence, and threat detection
  • Familiarity with data protection and encryption methodologies
  • Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM – moving to InTune, Microsoft Azure architecture, Vikking Cloud

Preferred Skills

Experience using one or more of the following technologies: CrowdStrike (EDR, DLP, Threat Protection), PaloAlto firewalls, HP Aruba switches, Cloudflare, PRTG, ManageEngine MDM – moving to InTune, Microsoft Azure architecture, Vikking Cloud

Pay range and compensation package

Hybrid Work- 2-3 days onsite- near Toronto Pearson Airport

RRSP Matching Program

Growth opportunities

Free Parking

Delicious snacks and meals at a subsidized price

Competitive compensation- Up to 20% target bonus- based on personal and corporate goals

How to Apply

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx