We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:

• Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few   

• In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1

• A hybrid work model that truly balances work and personal life

• Opportunities for learning, training and development, and much more... 

POSITION OVERVIEW  

Reporting to the Chief Information Officer (CIO) and a key member of the Information Technology leadership team, the Vice President, Information Security, is responsible for establishing and maintaining the vision, strategy and programs to ensure the adequate protection at all times of the company’s information and technology assets. In particular, the incumbent must manage the team responsible for all aspects of IT-related risks, including those associated with information security: establishing, managing and monitoring the policies and corporate directives as well as the associated processes and procedures intended to ensure the secure and uninterrupted operation of all information processing systems.

More specifically, the incumbent will be required to establish and communicate to BDC the standards, procedures and guidelines to prevent the unauthorized use, release, modification, or destruction of data in any form. In collaboration with various key corporate stakeholders, the CISO must ensure compliance with essential security measures by performing system reviews, monitoring system usage, implementing security procedures and legal requirements and consulting on long-range security planning.

The individual upholds BDC’s cultural standards and demonstrates passion for the organization’s mission, vision and values.

CHALLENGES TO BE MET  

• Lead a team composed of 7 leaders, approximately 35 qualified professionals, 30 external consultants and third-party firms delivering specific services.

• Perform IT internal controls and security assessments; develop information, system and infrastructure security strategies and establish appropriate Policies and Corporate Directives.

• Recommend security solutions to assist with the assessment and improvement of networks and security infrastructure and demonstrate a strong expertise of the internal and external IT security landscape, including emerging risks and cybersecurity solutions.

• Perform strategic identification and evaluation of security risks, threats and vulnerabilities as well as related intelligence to prevent, protect against or mitigate identified risks.

• Understand the System Security Delivery Life Cycle (SSDLC) methodologies and support the various IT teams in incorporating security controls in compliance with security standards into each phase.

• Translate business needs and regulatory requirements into risk-appropriate controls to successfully implement an effective security governance program.

• Act as a primary subject matter expert, resource, and liaison for government security regulatory agencies; work closely with various corporate sectors (Finance, Human Resources, Legal, Risk Management, Property Management) and the business lines to manage technological risks.

• Develop training and awareness efforts for employees to establish a “culture of security” to prevent or mitigate security incidents.

• Act as lead or provide technical support for major incident investigations involving security-related issues.

• Participate on occasion in investigating potential fraud.

• Facilitate effective, clear and consistent communications for various audiences, including Senior Management and Board of Directors, regarding the status of security issues, evolving risks and related recommendations.

• Develop metrics to measure the effectiveness and efficiency of all information security programs and personnel.

• Support leadership in the development and maintenance of business continuity and crisis management/incident command programs, including planning and conducting simulations.

• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations.

• Monitor and stay current with cyber security threats and related proven practices and technology, namely by overseeing the establishment and maintenance of a large network of contacts in the field.

WHAT WE ARE LOOKING FOR   

• Bachelor’s or Master’s degree in Information Systems Management, Computer Science, Engineering or equivalent.

• Minimum of ten years of progressive responsibilities in information security program management or related experience in risk/security management, with three to five years of applied leadership experience overseeing security initiatives and solutions in a large company.

• Practical experience with Emergency Preparedness, Critical Incident Management, Business Continuity and Disaster Recovery principles and program development.

• Experience working in nuanced 3 Lines of Defense environments, notably in leading a 1B function and managing interactions with Enterprise Risk Management and Audit partners.

• The candidate must demonstrate great adaptability and be able to quickly adjust to frequent and unforeseen changes in a dynamic environment.

• Experience developing corporate and cloud security programs in an agile approach.

• An exceptional understanding of comprehensive security programs, including technologies and tools.

• Strong technical competence with a strong interest in being hands-on.

• Demonstrated ability to work in a collaborative environment and influence others to ensure adequacy of IT operational risk mitigation efforts.

• Exceptional cross-functional team leadership.

• Ability to develop and maintain highly effective relationships, internally and externally.

• Strong critical thinking and analytical skills; demonstrated ability to identify risks associated with business processes, IT operations, information security programs, and technology projects.

• Ability to handle the stress related to balancing multiple issues and perspectives.

• Comfortable with leading and initiating change; consciously managing and shaping change; flexibility and the ability to multi-task in a fast-paced environment.

• Dedication to client service and to delivering timely and high-quality results.

• Drive to constantly improve processes.

• Continuous improvement/learning mindset.

• Proven record in applying judgment in creating and sustaining the right level sense of urgency anticipating and/or preventing impacts to the organisation.

• Excellent written and verbal communication skills in both French and English, including presentations, and ability to interact effectively with people at all levels of the company, from technical teams to members of Senior Management.

• Knowledge of the financial sector is an asset.

• Certification in one of the following is an asset: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Project Management Professional (PMP), ITIL v3/2011, Six Sigma or lean management or equivalent work experience.

Proudly one of Canada’s Top 100 Employers and one of Canada’s Best Diversity Employers, we are committed to fostering a diverse, equitable, inclusive and accessible environment where all employees can thrive and feel empowered to bring their whole selves to work. If you require an accommodation to complete your application, please do not hesitate to contact us at [email protected].

While we appreciate all applications, we advise that only the candidates selected to participate in the recruitment process will be contacted.