Director, Cyber Security and Risk Management

As the Director, Cyber Security and Risk Management, you will work with the Global CISO and play a key role in maturing, growing and optimizing our firm’s cyber security capabilities globally while positioning the organization to be agile and ready to respond to any evolving security risks. As an empowered representative of the CISO, you will contribute to the cyber security strategy, leading the enhancement and delivery of the IT risk management plan as well managing enterprise-wide security programs and information risk management initiatives.

This role involves extensive collaboration with various teams across multiple regions, as well as external partners, suppliers, and managed service providers with the goal of promoting security, providing oversight to business continuity and disaster recovery risk mitigation, and ensuring that our information assets and systems are managed in a way that is legally compliant, secure and consistent with industry best practices.

Your responsibilities:

• Develop, maintain and enhance adoption of the global information security policy framework in-line with appropriate international standards, applicable global regulations, client contractual commitments and our risk appetite;
• Elevate and lead the delivery of a structured security awareness and training program to promote awareness about security risks and encourage the adoption of security policies and practices across the enterprise;
• Establish an Information protection framework to drive a data driven approach for classifying, discovering, enforcing, and maintaining the company data through the data management lifecycle;
• Build and manage a robust supplier security assurance program to monitor the security exposure of our key suppliers and vendors and their compliance to Fiera’s policy framework and contractual commitments;
• Confer with various partners and suppliers and participate in key projects to ensure security is factored into the evaluation, selection, installation and configuration of all IT systems and services;
• Manage the relationship and ongoing engagement with the security service providers to ensure valued delivery and effective execution of committed security services in accordance with the service level agreements;
• Maintain and continually improve the security incident response capability within Fiera to drive consistent incident response, escalation and reporting;
• Lead the planning, development and ongoing testing of Fiera Capital’s Business Continuity and cyber resilience standard working collaboratively with business units and other team members;
• Work with IT and business leaders to define and present metrics and dashboards that effectively communicate Fiera’s security maturity and progress of the security program;
• Develop common framework and centralized repository to enhance Fiera’s proficiency in handling multiple client audits and due diligence requests as it pertains to security, risk and compliance;
• Stay ahead of technology evolutions, risks on the radar, and changing threat profile and proactively assess and keep all impacted parties updated on its impact on our environment and corporate risk profile;
• Own and lead all aspects of delivery of approved security initiatives and work with project managers to ensure acceptable delivery of security solutions.

Extra Information:

• Undergraduate degree ideally in information security, computer science or related field;
• 10 years of Information Security experience;
• Security qualifications such as CISP/CISA/CISM/CRISC etc.;
• Knowledge of security frameworks including ISO 27001/2, NIST, COBIT etc.;
• Demonstrated experience of data protection, security, risk and compliance related matters – preferably gained within a data centric and/or financial services environment;
• Experience of security governance and compliance in organizations that rely on outsourced model;
• Proven success at gaining consensus from decisions makers and counterparts across IT and the business;
• Sound decision maker and can rationalize between difficult choices on technical merit and real risks;
• Adept at communicating effectively and positively with teams across the organization
• Experienced in collaborating with multi-disciplinary and geographically disperse teams;
• Ability to grow, achieve and compete in a dynamic environment, with high appetite for change;
• Leadership/management experience – preferably in matrix organizational structure;
• Experience in IT Security consulting an asset.

#LI-hybrid