Director of Information Security

Position Overview:

Reporting to the Chief Information & Technology Officer (CITO), the Director, Information Security will be responsible for developing, implementing, and overseeing security protocols, compliance programs, and risk management strategies across Sylogist. The successful candidate will bring a strong background in cloud infrastructure management, compliance frameworks, and strategic security planning.

Responsibilities Include:

• Enhance security team accomplishments and competencies by planning the delivery of solutions and responding to technical RFPs and miscellaneous questions.
• Define security protocols by evaluating business strategies and requirements.
• Develop, review, and approve installation requirements for LANs, WANs, VPNs, firewalls, routers, and related network devices.
• Execute corporate identity and access control by implementing Azure AD solutions, MFA, and Privileged Access Management (PAM).
• Respond to and investigate security incidents, providing thorough post-event analysis.
• Manage secure phishing programs and ensure compliance through tools and ongoing training.
• Develop and maintain a corporate security roadmap to include ongoing system upgrades.
• Conduct vulnerability scans, penetration tests, and incident response drills.
• Verify security systems by developing and implementing test scripts.
• Stay current on emerging security practices and standards; participate in educational opportunities, review professional publications, and engage in professional organizations.
• Partner with DevOps and architectural teams on security best practices.
• Document and review corporate policies to ensure compliance with NIST and other industry standards.
• Review and ensure product compliance with privacy requirements (GDPR, CCPA, PIPEDA, and global privacy laws).
• Implement data classification, encryption (at rest/in transit), and DLP solutions.
• Develop, implement, and document disaster recovery and business continuity plans.
• Conduct Privacy Impact Assessments (PIAs) for new systems and data flows.
• Conduct quarterly security workshops on emerging threats (e.g., ransomware, social engineering).
• Maintain training records for compliance audits (SOC 2, ISO 27001).
• Vendor & Cloud Risk:
  • Manage third-party risk assessments (including Microsoft Azure environments).
  • Monitor compliance of SaaS vendors.

What We Look for in You

Must Haves

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in information security.
• Cloud infrastructure management experience.
• Certifications such as CISSP, CISM, Azure Solutions Architect Expert, Azure Security Architect Expert, or CCSP (preferred).
• Proficiency in Azure IaaS/PaaS, IaC (Terraform/Bicep), and SIEM tools.
• Deep knowledge of GDPR, SOC 2, NIST CSF, and PCI DSS.
• Experience managing global compliance programs.
• Strategic planning, vendor negotiation, and crisis management skills.
• Strong working knowledge of IT risks, cybersecurity, and operating systems.
• Excellent communication and interpersonal skills.

Nice-to-Haves

• Microsoft Azure security certification.
• Additional advanced security or cloud certifications.
• Experience with privacy compliance programs across multiple jurisdictions.