About Équité Association
As a not-for-profit organization, Équité Association supports Canadian insurers to fight fraud by using advanced analytics, intelligence best practices, and coordinated investigations. Combining expert investigative services and advanced analytics, Équité serves as a unified organization, delivering improved service and fraud analytics for vehicle and cargo recovery. Leveraging relationships with law enforcement, partners and industry organizations, Équité serves as a centre point for insurance crime across all insurers, and is protecting Canadians by working to eradicate insurance fraud and crime. Équité, is invested in diminishing crime in Canada, and protecting all Canadians against exploitation.
About the Role
The Director, Head of Cyber Security, reports to the VP, Chief Data & Technology Officer and requires the ability to think critically, and offer solutions to problems with a high level of professionalism and confidentiality. The role is primarily responsible for administering and maintaining all information security policies and controls to ensure information assets and technologies are protected and monitored against emerging threats at all times.
The Director supports the organization in identifying, developing, implementing, and maintaining processes, controls and technologies across the enterprise to ensure information and information technology risks are within acceptable levels as defined by the CDTO, CEO and the Executive Leadership Team (ELT). Working with the CDTO and team, this role is also responsible for maintaining and executing a security strategy, intended to drive situational awareness, collaboration, deliver meaningful services, and create unity and consensus on what efforts are important to more effectively address threats across a diverse, complex technology environment; and ensuring vendors maintain the same security posture.
The position offers a motivated, astute person the opportunity to have an indelible impact on the organization’s evolution—an organization focused on creating a vibrant, accessible culture that welcomes open discourse, supports the members, and balances technology, process and people.
Specific accountabilities include:
- Work with the CDTO to develop a security vision and program along with security projects that address identified risks and business security requirements.
- Define, communicate and lead security initiatives both internal to the organization, but also initiatives that have impact on the industry.
- Lead the development of Information Security standards and procedures consistent with leading edge Information Security practices and the Board-approved Security Policy and Compliance Framework
- Drive forward the cybersecurity mandate with internal, external, regulatory stakeholders to develop and execute a cyber security strategy.
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CDTO with a realistic overview of risks and threats in the enterprise environment.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements and defined policies.
- Manage production issues and incidents, and participate in problem and change management forums.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical expertise for the administration of security tools.
- Work as a liaison with vendors to establish mutually acceptable best practices, contracts and service-level agreements.
- Develop and implement controls and configurations aligned with security policies and audit requirements.
- Lead and coordinate operational components of threat and cyber attack management, including monitoring, detection, response and reporting.
- Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks
- Provide security communication, awareness and training for staff, which may range from senior leaders to field staff.
- Lead the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
A strong technical background in information security controls, as well as an ability to work with the broader organization and business management to align priorities and plans with key technical objectives.
The Director will act as an empowered representative of the CDTO during IT security planning initiatives to ensure that security measures are incorporated into IT plans and that service expectations are clearly defined. The Director will also be responsible for working with members to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
- 5+ years of experience in security management, preferably in the P&C insurance or banking industry
- 7+ years in technology field
- Undergraduate degree in a related field
- Industry Accreditation: CISSP, CISA, CISM would be an asset
- Experience with IT contracts is essential
- Experience with cloud-based security and on premise
- Strong leadership skills and leading within complex businesses and outsourced relationships
- Knowledge of information security management frameworks (ISO 27001 or NIST), SOC2 Compliance
- Strong organizational planning and communication skills; attention to detail
- Results-focused approach and strong work ethic
- Energized by a fast-paced environment
- Able to maintain a high level of integrity and discretion in handling confidential information
- Comfortable and excels within remote work environments
We encourage applications from all backgrounds and communities. We highly value our diversity and inclusion culture and welcome all candidates, including women, BIPOC, LGBTQ2S+ and allies.