Job Description

Some of what you will do:

The Sr. Director, Cybersecurity & Risk Management is responsible for designing, governing, and executing the enterprise-wide security and risk strategy that protects company assets, data, customers, and brand across B2B and B2C lines of business. As the most senior security position in the enterprise, this role leads cyber defense, regulatory and standards compliance, risk management, privacy alignment, vendor audits, PCI compliance, and business resilience, ensuring that security practices enable growth, support innovation, and meet contractual, regulatory, and customer expectations. The Sr. Director partners closely with Technology, Legal/Privacy, Product, and Go-to-Market teams to embed “security-by-design” and “risk-aware” decision-making across the organization.

Specifically, You Will:

• Define and execute a multi-year cybersecurity and risk strategy aligned with business goals and regulatory requirements.
• Lead the enterprise risk program, including identification, assessment, and continuous monitoring of technology risks.
• Manage third-party/vendor risk through due diligence, contractual requirements, and ongoing oversight.
• Oversee audits, certifications, and compliance with regulatory obligations, including PCI
• Direct security operations for threat monitoring, detection, and response.
• Coordinate incident response plans and act as executive lead during major events.
• Advance DevSecOps practices and enforce secure software development life cycle requirements.
• Deliver on cyber security and risk plans by actively driving initiatives with urgency and accountability; this role is more than building policies and frameworks

Some of what you need:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field; Master’s degree preferred (e.g., MBA, MS Information Security).
• Relevant certifications strongly preferred, such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CCISO (Certified Chief Information Security Officer), CISA (Certified Information Systems Auditor), CRISC (Risk and Information Systems Control), or equivalent
• 10–12 years of progressive experience in cybersecurity, technology risk, or related fields; 5–7 years leading multi-disciplinary security teams.
• Proven track record establishing/maturing security programs and achieving external certifications/attestations .
• Experience supporting enterprise B2B consumer/B2C environments.
• Expertise in relevant cyber security standards (NIST) and applicable Canadian and Retail regulations (such as PCI-DSS, PIPEDA, SOC 2, ISO standards, Privacy legislation)
• Previously demonstrated experience in leading cybersecurity and risk management.

Physical demands/working conditions:

Office environment – Hybrid, 4 days a week in the Richmond Hill office, Monday to Thursday

Some of what you will get:

• Associate discount
• Health and Dental benefits
• RRSP/DPSP
• Performance bonuses
• Learning & Development programs
• And more...

#Bringyourpassion

We value transparency in our hiring processes. Please note, artificial intelligence may be used in certain stages to screen, assess, or select applicants, however, a human reviewer makes all final decisions. This posting is for an existing vacancy.