Information Security Officer

Toronto, ON, Canada ● Virtual Req #134
Friday, January 13, 2023
At MCAN, we are most proud of the team we have built and our team member experience. Our people are our best assets and are made up of respected industry innovators, influencers and big-thinkers. We do things differently than other lenders. Our business isn’t selling mortgages, it’s building relationships. 
The #MCANLIFE is shaped around a culture of customer-centricity for both internal and external clients and powered by genuine collaboration. We are a home for talented professionals seeking a more connected career and one that allows them to use more of their skills.
#MCANLIFE means you can connect, discover, and grow.
We were recently certified from Great Place to Work® Canada and are thrilled to be recognized on the 2022 list of Best Workplaces for Women!  

We’re looking for an Information Security Officer to join the MCAN family.

Job Summary:

The Information Security Officer (ISO) will be accountable for design, development, implementation (management or oversight) information security practices at MCAN.  You will also serve as an advisor to the executive team on information security vision, strategy, governance, and direction. In this role, you will be accountable for all projects and ongoing management (or oversight) of business processes designed to reduce and mitigate information security risks across the entire organization.


In addition, you will develop best practices to avoid security breaches, lead the coordination efforts to manage any security incidents when they occur. As the ISO, you will maintain a deep understanding of all relevant aspects of Cyber governance and management and you will lead and manage all aspects of the Cyber Awareness Program at MCAN.


This role will report to the Vice President, Information Technology and have a second reporting line to the audit committee of the Board.

What you will be responsible for:

· Develop, manage, and deliver on effective implementation of the Cyber Security Program for MCAN
·       Identify security risks, develop strategies, and create the information security roadmap for the organization
·       Provide guidance and expertise regarding the security architecture for application development or infrastructure initiatives
·       Manage/facilitate security due diligence activities throughout the Application Software Development Life Cycle (SDLC) to ensure that security risks are identified, and controls are implemented to mitigate risk
·       Work collaboratively with all business functions to establish IT Security and Cyber Risk management function
·       Maintain the Enterprise Cyber Security Framework, Information Security Policy (ISP), and Standards
·       Ensure MCAN meets and exceeds all regulatory obligations and best practices (OSFI, FSCO, OSC and other related requirements)
·       Acts as a subject matter expert on relevant regulations and policies including the OSFI Cyber governance program and the relevant framework adopted by MCAN
·       Act as the primary contact during any information security incidents investigation and coordinate actions and reporting
·       Effectively manage MCAN’s Cyber Security Awareness Program to reduce employee cyber risk and promote risk culture
·       Responsible for internal/external audit and any other cyber/information security assessments and activities
·       Manage 3rd party security vendors, to ensure they are meeting their service level agreements and provide reports
·       Lead and manage the vulnerability management process and execute tasks as required
·       Develop strong relationships with cross-functional team members including IT & Business Teams and vendors


The work experience, skills, education that you bring:


·       Technology-related Engineering or Computer Science undergrad degree, at a minimum Professional security management certification such as Certified Information Systems Security Professional (CISSP) is a must


·       Excellent written and verbal communication skills
·       Experience with creation and documentation of security policies and procedures
·       Proven interpersonal and collaborative skills, with the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
·       Knowledge and understanding of relevant legal and regulatory requirements such as OSFI, OSC etc.
·       Subject matter level expert knowledge of common information security management frameworks, such as NIST/ISO/COBIT


  • 5-10 years of experience working in a Security role
  • 5-10 years network/firewall administrative experience
  • 3-5 years’ experience administrating a windows focused infrastructure
  • Successfully managing projects and tasks
  • Mastery of converting business and technical risks into actionable tactical tasks
  • Experience working with and managing policies, procedures, standards, and guidelines related to SSAE 16/18
  • Experience utilizing SIEM, Firewalls, IPS, DLP, Check Point, Antivirus/Anti-malware in an enterprise environment.
  • Hands-on experience with security management in the public cloud (MS Azure)
  • Deep experience with public/private cloud security infrastructure
  • Strong knowledge of data privacy and data protection concepts
  • Working knowledge of collaboration and messaging platforms (i.e., Office 365, MS Teams)

The above information in this description has been designed to indicate the general nature and level of work performed by employees in the position. It is not designated to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

We believe great work and collaboration can happen anywhere, which is why we are a permanent hybrid work environment! We equip our team with great technology and empower them to deliver their best results. 

We are dedicated to building an organization that reflects the diversity of our clients and the communities we serve across Canada. Do you possess and value the same attributes? Are you interested in your own development? Then come join our team! 

Requests for accommodation can be made at any stage in the recruitment process. 

We thank all applicants for their interest but only those selected for further consideration will be contacted. 

Other details

  • Pay Type Salary
  • Employment Indicator Perm FT
Location on Google Maps
  • Toronto, ON, Canada
  • Virtual