Job Description

Associate Vice-President, Information Security

Location:

This position will be based out of our Toronto or Winnipeg office.

Our organization

:



Founded in 2017, Wellington-Altus Financial (Wellington-Altus) is the parent company to Wellington-Altus Private Counsel Inc., Wellington-Altus USA Inc., Wellington-Altus Insurance Inc., Wellington-Altus Group Solutions Inc., Independent Advisor Solutions Inc., and Wellington-Altus Private Wealth Inc.--the top-ratedinvestment dealer in Canada and one of Canada's Best Managed Companies. With nearly $40 billion in assets under administration and offices across the country, Wellington-Altus identifies with successful, entrepreneurial advisors and portfolio managers and their high-net-worth clients.

Investment Executive 2025 Brokerage Report Card.*

The opportunity:

Reporting to the Vice-President, Technology Services, the Associate Vice-President, Information Security will be responsible to create organizational awareness about cyber security and privacy, ensure that our technology stacks and data are secure by design and are adequately protected from cyber-attacks. It is also to ensure that procedures and processes are in place to guide action should an attack take place and work with the CISO and Incidence Response Commander as well as the Chief Privacy Officer.



Responsible for the development and maintenance of appropriate IT security and information privacy standards, procedures, corporate and departmental policies, and architectures. This position serves as the single point of contact with other departments, corporations and vendors for all information security and privacy requests. Manage Identity Access Management policies, procedures, and reviews processes. This individual will work with peers on the IT Leadership Team and be accountable for creating a Cyber Security & Privacy Program for the organization.



The ideal candidate will have experience in implementing and assessing processes and best practices around Cyber Security. Ability to effectively define, implement, promote, educate, assess, report, and facilitate third party audits on Information Security and IT management best practices, both internally and at third party service providers. A keen sense of balance between business and security risks is essential. This involves collaborating with business users, vendors, and technology teams to understand problems and opportunities and recommend solutions that enable the organization to meet its goals.

Key responsibilities include:

Develop an Information Security and Privacy roadmap for the next 3 years to ensure Wellington-Altus has a robust and comprehensive information security strategy. Implement a framework for information security risk governance and control that integrates a consistent methodology to identify, assess information security risks and ensures a process to address those risks. Identify the total Information Security needs and oversee the security posture across a large Enterprise by managing the full life cycle of Cybersecurity. Establish, implement, enforce, and monitor information security standards enterprise-wide. Supports the leadership team in educating the Executive Committee on current and evolving Cyber security technologies, best practices and threats. Provide support to the procurement and legal teams regarding information security and privacy with respect to agreements and contracts. Leads the ongoing security, privacy and threat risk assessments and security evaluations to verify operational compliance, identify and evaluate gaps and manage exceptions to policy. Track security related risks and correlating action plans to ensure issues are resolved. Responsible to work with third party teams, internal digital and data development teams to interpret and review results from penetration tests, vulnerability scans, and code reviews as required. Maintain organizations Security Risk Register for effective risk management and operational compliance functions. Proficient security frameworks including NIST and SOC 2, Type 2. Provide support for compliance and audit activities liaising with internal staff and external auditors. Conduct Information Security gap assessments against internal and external standards. Develops and implements metrics and reporting processes to ensure risks are effectively managed. Leads Information Security Incident & Breach Response along with key stakeholders in the event of a breach. Provide leadership in the development of managed security services to ensure strong security postures of Vulnerability Management, IAM, Endpoint Protection, etc. Responsible to ensure the appropriate technology, processes and governance are in place to monitor, detect, prevent, and react to security threats. Responsible for ensuring a culture of privacy and information security. Work closely with all business units to ensure projects reflect appropriate privacy, information security, and contract management considerations. Work with internal and external staff on new initiatives to set up and operate the appropriate security services to protect assets and computing environment. Manage and assess external vendors who contribute to overall security. Maintain current understanding of security standards and regulations and ensure with the changing laws and applicable regulations. Develop security policies and procedures with regular reviews and updates, minimum annually. Monitor compliance with policies and standards. Manage the Security organization, hiring, managing, and staffing requirements in line with project objectives. Oversee the delegation of work to Analysts and 3rd party partners. Set annual performance targets for individuals and the team and conduct performance reviews. Provide ongoing motivation, coaching, guidance, feedback, and mentoring support to the team. Manage the workload of team members on the program and help to remove obstacles to their success. Perform other duties as assigned.

The ideal candidate will possess:

Bachelor's degree in business administration, finance, or similar field of study, or equivalent combination of education and experience. 5+ years' experience in information systems support, security engineering, and/or risk and governance. Certified Information System Security Professional (CISSP). Certified Information Security Manager (CISM). ITIL 4 certification is an asset. Proficiency with the MS Office suite, including Word, Excel, PowerPoint, Teams, and Outlook. Familiarity with commonly used information security concepts, best practices, and standards. Experience with SIEM tools and operations (Splunk preferred). An ability to run the Identity and Access Management (IAM) security practice. Good analytic, troubleshooting, and problem-solving skills. Research skills for problems and find information or documentation on related topics. Experience with vulnerability scanning tools. Experience with anti-virus and endpoint security solutions. Experience with Linux and Windows operating systems. Demonstrates a high level of accountability, adaptability, and innovation in achieving both day-to-day responsibilities and long-term goals. Strong attention to detail. Excellent attitude and commitment to providing exceptional service. Exemplary interpersonal, influencing, and communication skills across multiple mediums (in-person, phone, virtual). Strong problem-solving and critical thinking abilities. Highly organized with a consistent and reliable work ethic. Comfortable with ambiguity and able to manage a high volume of competing priorities. Maintains the highest level of confidentiality.

Conditions of employment:

Must be legally eligible to work in Canada. Must be able to travel 0-5% of the time. A background check, satisfactory to the employer, may be required of the successful applicant prior to commencing employment.

Wellington-Altus Private Wealth is strongly committed to equity and diversity within its community and welcomes applications from women, racialized persons, Indigenous peoples, persons with disabilities, and persons of all sexual orientations and genders. All qualified individuals who would contribute to the further diversification of our organization are encouraged to apply.



If you require accommodation for the recruitment process, please let us know at the point of application.