Chief Information Security Officer (IT)

COMPANY OVERVIEW:

The Globe and Mail is a national icon and one of Canada's most recognized media brands. We proudly serve as a trusted destination for Canadians seeking the highest caliber of journalism, and we've garnered international acclaim for our data visualization, design, and creative storytelling.

We are committed to fostering diversity and inclusivity by reflecting all Canadians in both the stories that we tell and the composition of our workforce. We are proud partners with organizations like Indigenous Works, Pride at Work, the Canadian Centre for Diversity and Inclusion, and we are a signatory of the BlackNorth Initiative. Recognizing the importance of work-life balance, we offer flexible work arrangements and support programs. We also invest in our employees' growth through training and mentorship opportunities, enabling you to expand your skills and embrace new challenges.

No matter your position at The Globe, you'll be an integral part of an organization dedicated to making a positive difference in Canada. Join us.

POSITION OVERVIEW:

The Chief Information Security Officer is a critical member of The Globe's organization. This role owns the organization’s strategic vision for cyber security. We are looking for a leader who can define and translate the enterprise security risk requirements and constraints of the business into control measures and establish performance metrics. This role will manage a small team that will coordinate the implementation and management of security posture and compliance throughout the organization.

Strategy & Planning:

• Maintain and  improve cyber risk management framework
• Maintain and improve our security awareness training program
• Maintain and  improve  the enterprise’s security documents such as policies and standards, including all relevant stakeholders during composition
• maintain and  improve the Business Continuity and Disaster Recovery Plan, where appropriate
• Enhance technology risk reporting 
• Ensure ongoing compliance with relevant security and privacy requirements and standards
• Act as point of contact by engaging in ongoing communications with peers, senior IT management as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation

Acquisition & Deployment:

• Maintain up-to-date knowledge of the security industry best practices including awareness of new or revised security solutions as it relates to our business
• Oversee security budget to ensure cost effectiveness  security solutions that improve overall enterprise security and mitigate the risks of new cyber-attacks and threat vectors in a fiscally responsible manner
• Oversee the deployment, integration, and implementation of all new security solutions and of any enhancements to the existing security solutions in accordance with industry best operating procedures
• Support Vendor Risk Management Program and Software Development Life-Cycle framework

Operational Management:

• Responsible for compliance obligations such as Payment Card Industry, and support compliance with data protection requirements
• Supervise the design and execution of vulnerability assessments, penetration tests and security audits (monthly, quarterly, and annually as required)
• Assess security control findings and recommend solutions and/or compensating controls
• Ensure the enforcement of enterprise security policies
• Protect the organization from business risk associated with technology use.
• Participate in technical and change advisory boards as required
• Supervise all cyber security investigations and provide on-going communication with senior management and applicable points of contact throughout the enterprise
• Ensure adherence to the Incident Response Plan escalation procedures and notification
• Perform regular security awareness training for all employees and applicable service partner providers to ensure consistently high levels of compliance with enterprise security policies

KNOWLEDGE AND EXPERIENCE:

• Extensive knowledge and experience in enterprise security architecture, infrastructure, and security operations
• Experience in designing and delivering employee security awareness training and security documentation
• Experience developing Business Continuity and Disaster Recovery Plans
• Strong knowledge and experience in cyber security and risk frameworks, standards, and industry best practices such as NIST CSF, ISO, PCI DSS, SOC2
• Experience in implementing and managing Governance, Risk and Compliance frameworks
• Strong understanding of project governance and methodology
• Strong understanding of Data Privacy laws
• Strong understanding of operational security technologies and services such as firewalls and network security protocols, VPN, WAF and web protection, EDR, MDR, SIEM, digital forensics, email security, mobile security, ransomware protection, and DLP
• Strong understanding of virtualization and cloud technologies such as VMware, Amazon AWS, Microsoft Azure
• Strong knowledge and experience in vulnerability management program
• Familiarity with Windows, Unix/Linux, and Mac operating systems and applications and directory services

FORMAL EDUCATION AND CERTIFICATIONS:

• College diploma or university degree in the field of computer science and 10 years’ work experience or equivalent combination of education and experience.
• Certified in one or more of the following or similar certifications:
• ISACA CISM (Certified Information Security Manager)
• ISACA CRISC (Certified in Risk and Information Systems Control)
• ISC2 CISSP (Certified Information Systems Security Professional)
• GSLC (GIAC Security Leadership)

WHY CHOOSE THE GLOBE:
 

The Globe’s mission is to deliver essential content – news, information, analysis and insights – for aspiring individuals and strong communities.  The Globe is committed to providing a respectful and inclusive workplace that upholds our values of integrity, collaboration, innovation and accountability. 
 

As Canada’s most respected media brand The Globe is dedicated to making a difference to Canada and you can make a difference by working with us.

WE OFFER:

• Competitive compensation to ensure we hire, retain and reward team members
• Hybrid work environment that promotes work-life balance
• Generous vacation and flexible work arrangements
• Parental leave top-up
• Competitive health and dental benefits
• Defined Benefit pension plan
• Annual wellness subsidy
• On-site chiropractor and registered massage therapist
• Employee and family assistance program
• Free digital subscription to globeandmail.com and 40% off other Globe products
• Education assistance for external training courses
  

SUPPORTING YOUR GROWTH:

• We are committed to creating equitable opportunities for all employees, to enable everyone to reach their full potential. This commitment is embedded in our strategic plan and core values.
• There are lateral and upward advancement opportunities for rewarding and developing careers.
• We believe in mentorship and collaborative peer-to-peer learning and have both formal and informal programs in place to encourage knowledge-sharing.
• We support continuing education and provide both internal and external opportunities for training and development.

VACCINATION POLICY:  

All offers of employment with The Globe and Mail are conditional upon the candidate being Fully Vaccinated. To be Fully Vaccinated is defined as someone who has received the full series of a vaccine or a combination of vaccines accepted by the Government of Canada (currently Pfizer, Moderna, AstraZeneca, Janssen) and has received the last dose at least 14 days prior to their start date. To prove they are Fully Vaccinated, all new hires will be required to provide evidence by emailing a copy of their vaccine dose administration receipt(s) to Human Resources prior to their start date. Those seeking exemption based on one or more of the protected grounds in the Human Rights Code will need to provide their request for accommodation to Human Resources for approval.  If the accommodation request is not approved and the candidate is not Fully Vaccinated, any offer of employment will be revoked.     

THE GLOBE AND MAIL IS DEDICATED TO DIVERSITY AND INCLUSION IN THE WORKPLACE 

The Globe and Mail is committed to fostering an inclusive, accessible work environment, where all employees feel valued, respected and supported. We believe this strengthens our business and our journalism. We welcome and encourage applications from individuals from all groups, regardless of race, ethnicity, culture, gender, sexual orientation, religion, socio-economic status, age, and physical ability. As required by the Federal Contractors Program, The Globe also tracks the proportion of staff in the four Employment Equity categories (Women, Aboriginal Peoples, Persons with Disabilities, and Members of Visible Minorities) to ensure we are reflecting the areas in which we work.          

The Globe and Mail offers accommodation for applicants with disabilities as part of its recruitment process. If you are contacted to arrange for an interview, please advise us if you require an accommodation.