AVP of Security Engineering

AVP, Security Engineering

We are looking for an experienced and driven AVP of Security Engineering to join the Information Security & Technology Risk (ISTR) organization.

In today’s rapidly evolving digital landscape, a robust security engineering mindset and approach is crucial to safeguard our critical infrastructure, applications, and information. This role is pivotal in fortifying the company's defense in depth approach and maintaining the integrity and resiliency of its operations.

Reporting to the Chief Information Security Officer, the AVP, Security Engineering is responsible to lead the design, implementation, and management of our security infrastructure. Responsibilities include developing information security technology stack roadmaps for on-premises and cloud-based environments, ensuring operational excellence, and maintaining robust security technology controls to protect the organization’s assets. Collaborating closely with the Business Information Security Office, Infrastructure & Operations, Enterprise Architecture, service leads from ISTR, and other stakeholders, the AVP will shape the future of security technology environment, driving innovation and excellence in cybersecurity practices.

What You Will Do

The AVP, Security Engineering is a First Line of Defense leadership role responsible for the following:

• Provide strategic leadership and direction to advance information security technology engineering across the enterprise
• Lead a team of security professionals and foster a culture that embodies an engineering mindset which values high-performance, innovation, collaboration, and continuous improvement
• Partner and enhance relationships with the Security Operations Centre, application teams, architects and other business departments to engineer and deploy solutions which protect the company’s most important information assets and services.
• Spearhead the development of a best-in-class Information Security Engineering operating model
• Develop and implement comprehensive annual and multiyear plans that enable the execution of our business strategies in a safe and secure manner
• Ensure the development, testing, and effective measurement of controls embedded in information security operations across the enterprise
• Partner with cross functional teams on the design, implementation, and continuous improvement of cloud security technologies, leveraging automation, and best practices
• Drive operational excellence and efficiency through strategic vendor partnerships and outsourcing
• Develop and deliver on sourcing and automation strategy for the information security technology stack
• Partner on strategic relationships with key information security vendors and service providers, ensuring alignment with business needs and performance expectations
• Manage security engineering budgets to maximize impact and efficiency
• Engage with external partners, vendors, and regulatory bodies to stay informed about evolving security trends and threats

What You Will Bring

• Bachelor’s degree in cybersecurity, computer science, engineering, or a related field is preferred.
• 7+ years of information security engineering and deployment experience in a large enterprise
• 5+ years in a leadership role overseeing security engineering and operations.
• Proven experience of navigating complex organization structures and managing internal stakeholders.
• In-depth knowledge of security frameworks (NIST, ISO27001, CIS), standards, and best practices.
• Proven experience and technical expertise in enterprise security engineering and related technologies (ZTNA, SASE)
• Extensive experience in cybersecurity and technology deployment, including familiarity with developing business requirements and designing application, network, and data management platforms. Background in production operations is a plus.
• Deep understanding and expertise in securing cloud environments.
• Thorough understanding of information technology service management and delivery methods.
• Strong operational aptitude and the ability to analyze highly complex situations.
• Strong vision and leadership in systematizing and operationalizing work.
• Continuous pursuit of improvement and cost-efficiency in operations.
• Highly effective teaming and collaboration skills.
• Relevant security certifications such as CISSP, CISM, CISA are considered a strong asset.

This area has 7/24 responsibility for services under their accountability and given the size and scope of our organization, we have the flexibility for this position to be in the following head office locations: Toronto, London, or Winnipeg.