itjobs.ca Logo
Indigo Books & Music Inc. logo

Director, Information Security

Indigo Books & Music Inc.about 2 months ago
Toronto, Ontario, Canada
Senior Level
Full-Time

About the role

Company DescriptionIndigo is a physical and digital place inspired by and filled with books, ideas, beautifully designed lifestyle products, and the creative people who help make it all happen. We believe in real books, living life fully and generously, being kind to each other and to the environment, and that stories — big and little — connect us. Indigo is our customer's happy place — for joyful moments of discovery and to connect with people who share their passion for reading, their belief in ideas, and their commitment to making the world a better and more beautiful place. OUR GUIDING PRINCIPLES Our Mission is to inspire reading and enrich the lives of booklovers. As such, we believe in the power of people and their stories. We aim to attract top talent, nurture the potential of our employees, and create space for everyone to thrive. Our Guiding Principles are the few key ideas that are meant to influence everything we do, every day. We Will Hire, Inspire, Promote and Retain the BestWe Will Be Customer CentricWe Will Be EntrepreneurialWe Will Be Committed to Caring About Each Other, Our Communities, and Our EnvironmentWe Will Be Committed to True and Shared Value CreationWe Will Be Systems Thinking, Data Driven and AI enabled Job DescriptionMISSIONAccountable for establishing and executing the enterprise information security strategy to guarantee the confidentiality, integrity, and availability of Indigo’s information assets. This role proactively manages enterprise technology risk, ensures strict compliance with regulatory and industry frameworks, and safeguards data through the leadership of Governance, Risk & Compliance (GRC), Security Architecture, and Security Operations.KEY PERFORMANCE METRICSZero critical preventable security breaches.Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) within established operational SLAs.100% compliance with critical regulatory and industry frameworks (e.g., PCI-DSS, PIPEDA).High completion rates for enterprise-wide security awareness training.KEY ACCOUNTABILITIESStrategicDevelop and implement a comprehensive enterprise information security strategy that aligns with Indigo's business objectives and risk tolerance.Partner cross-functionally at the senior level to embed security-by-design principles into all foundational technology and retail store operations.Set and manage operational and capital budgets to ensure the cost-effective execution of security infrastructure and compliance initiatives.FunctionalEnterprise Risk Management: Establish and maintain a continuous IT risk assessment framework to identify, quantify, and mitigate cybersecurity risks across retail, e-commerce, and corporate environments.Regulatory Compliance: Guarantee strict adherence to critical data protection regulations and industry frameworks (e.g., PCI-DSS, PIPEDA) through systematic control validations and comprehensive security audits.Policy Governance: Formulate, publish, and enforce data-driven information security policies, standards, and operational guidelines across the organization.Security Architecture Integration: Embed secure-by-design principles, NIST framework methodologies, and threat modeling into the lifecycle of all cloud, network, and retail store systems.Identity & Access Management (IAM): Oversee the enforcement of Zero Trust architectures, privileged access management, and robust authentication mechanisms to protect all enterprise assets.Threat Monitoring: Direct 24/7 Security Operations Center (SOC) activities, utilizing threat intelligence and data analytics to proactively detect and analyze anomalous network behavior.Vulnerability Management: Execute systematic vulnerability scanning, penetration testing, and data-backed remediation prioritization to continuously reduce the organizational attack surface.Incident Response: Lead the enterprise security incident response process, directing rapid containment strategies and conducting empirical root-cause analysis to prevent recurrence.Security Awareness: Implement measurable, enterprise-wide security awareness training and phishing simulations to cultivate a resilient, security-first workforce.Third-Party Risk Management: Assess and continuously monitor the cybersecurity posture of IT vendors, supply chain partners, and integrated platforms to ensure strict alignment with Indigo's risk tolerance.PeopleAccountable for the overall engagement, productivity, turnover and bench strength of the teamSupports the creation and maintenance of a talent succession planCollaborate with others to drive flexible and iterative solutions, quickly and easilyShare technical knowledge with others and actively seek to learn from those more knowledgeable than yourselfHelp others see the impacts of their efforts and proactively engage other functions to get inputEncourage others to freely share their point of view and be open to feedbackUnderstand and follow Indigo's core HR process - staffing, performance management, rewards, and developmentEnsures all team members are provided with clear performance objectives that are aligned with Indigo Functional and Departmental goalsHas the ability to see the total organization with an integrated perspectiveDevelops positive and productive peer relationshipsCulturalModel Indigo’s beliefs and convey a positive image in everything you doUnderstands/demonstrates in a manner that promotes, and is aligned with, Indigo's Mission, Vision, BeliefsAs a leader, hold others accountable in maintaining the integrity of Indigo's culture Celebrate diversity of thought and have an open mindsetTake an active role in fostering a culture of continual learning, taking risks without the fear of making mistakesEmbrace, champion, and influence change through your team and/or the organizationSCOPEReports to: VP, Enterprise ITManager once Removed (MOR): Chief Technology & AI OfficerKEY RELATIONSHIPSInternal:ITDigitalFinanceSupply ChainCommercial GroupCreativeConsumer ExperienceHuman ResourcesRetail leadershipExternal:Approved VendorsExternal auditorsRegulatory bodiesQualificationsWork Experience / Education / CertificationsBachelor's or master’s degree in computer science, Information Systems, or other related field with at least 15 years of Information Technology experience.Minimum of 10 years’ experience working in a leadership position.A professional certification (or suitable compensating experience) in the audit (CISA, etc) or security field (CISSP or CISM for instance) considered an asset.Strong experience working with frameworks and regulations (PCI, ISO, PIPEDA, GDPR, etc).Strong understanding of network design, tiered and secure architectures.Competencies / Skills / AttributesStrategic thinker with analytical and problem-solving experience.A strong ability to influence and discuss complex technology problems in business language.Must be an excellent and polished communicator who may be called upon to create and present materials to the Executive Committee and the Board of Directors.Fast-learner and multi-tasker with the ability to adjust their outlook and leadership style to respond to quickly changing business priorities.Additional InformationThis posting is for a current opportunity within Indigo.Indigo uses artificial intelligence (AI) tools to assist with certain aspects of the hiring process, such as screening and assessments. These tools support our team but do not replace human judgment. We are committed to using AI responsibly, fairly, and in compliance with applicable employment and anti-discrimination laws. We regularly review these tools to help prevent bias or discrimination.At Indigo, Diversity, Equity, Inclusion, and Accessibility are core to our values. We integrate these principles into our training, policies, and hiring practices and continuously evolve to reflect the needs of the communities we serve. We welcome applicants from all backgrounds and lived experiences, including but not limited to individuals who identify as BIPOC (Black, Indigenous, and People of Colour), members of the LGBTQIA+ community, and persons with disabilities. If you require an accommodation during the recruitment process, please contact Human Resources at [email protected].

Department: Information Technology Employee Type: Permanent Full-Time/Part-Time: Full-Time Compensation: CAD 170000 - CAD 190000 - yearly

About Indigo Books & Music Inc.

Retail

Similar Jobs