Responsable de la sécurité de l'information - Chief Information Security Officer
Apply NowCompany: OneSpan Inc.
Location: Montreal, QC H1A 0A1
Description:
At OneSpan, we specialize in digital identity and anti-fraud solutions that create exceptional and secure experiences.
OneSpan est la recherche d'un Responsable de la scurit de l'information pour diriger notre vision de la cyberscurit et assurer la protection de nos produits, de nos donnes et de nos clients.
En tant que Responsable de la scurit de l'information, vous serez au cur de notre stratgie de scurit, grerez les risques l'chelle de l'entreprise et superviserez la conformit tout en favorisant une culture de scurit proactive. Vous travaillerez avec la direction gnrale, les quipes de R&D et notre groupe de travail sur l'IA pour mettre en uvre des pratiques de scurit de pointe qui s'alignent sur les normes et les rglementations de l'industrie.
Si vous vous panouissez dans un environnement collaboratif rythme rapide et que vous tes passionn par la scurisation de la transformation numrique, nous serions ravis de vous connatre.
Ce que vous ferez :
Stratgie et leadership :
Oprations de scurit :
Conformit et audit :
Formation et sensibilisation :
Fournisseurs et gestion des risques lis aux tiers :
Gestion du budget :
Ce que vous avez :
OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers.
As CISO, you'll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations.
If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we'd love to hear from you.
What You'll Do:
Strategy and Leadership:
Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
Oversee the Cybersecurity Steering Committee consisting of executive management and other key stakeholders and provide quarterly updates to the Audit Committee.
Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
Advise R&D on maintaining effective tooling to ensure secure end to end delivery of product to customer utilizing defense in-depth Product Security and Cloud Security
Serve as Info Sec expert in AI Working Group Risk Management:
Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
Develop and maintain the organization's IT Risk management framework, policies, procedures, register and standards
Security Operations:
Oversee the operation of the security operations center, security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, and endpoint security solutions.
Lead Security incident response planning and execution to mitigate potential threats and minimize impact
Oversee vulnerability management efforts across the enterprise and lead efforts to mitigate risk and maintain established security posture.
Compliance and Audit:
Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2, ISO 27001/27018
Training and Awareness:
Promote security awareness and coordinate security training programs for employees at all levels of the organization.
Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
Vendor and Third-Party Risk Management:
Evaluate, monitor, and manage risks associated with third-party vendors and service providers
Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
Budget Management:
Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities
Legal Support
Review, redline, comment, negotiate information security provisions in customer and/or contracts
Take ownership of customer escalation related to security provisions and facilitate proper resolution.
What you have:
- Proven experience (8+ years) in a mid-senior level information security management role
Degree in Computer Science, Information Technology, or a related field (advanced degree preferred)
Professional Security certifications such as CISSP, CISM, or CISA
Experience with certification of common information security management frameworks, such as SOC2, ISO 27001 and NIST
Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, NIS2, DORA)
Experience in a Global SAAS company
Experience with cloud and hybrid security principles and practices
Track record of successfully building and leading high-performing global cybersecurity teams
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
#LI-HW1
#LI-LS1
#LI-Hybrid
OneSpan est la recherche d'un Responsable de la scurit de l'information pour diriger notre vision de la cyberscurit et assurer la protection de nos produits, de nos donnes et de nos clients.
En tant que Responsable de la scurit de l'information, vous serez au cur de notre stratgie de scurit, grerez les risques l'chelle de l'entreprise et superviserez la conformit tout en favorisant une culture de scurit proactive. Vous travaillerez avec la direction gnrale, les quipes de R&D et notre groupe de travail sur l'IA pour mettre en uvre des pratiques de scurit de pointe qui s'alignent sur les normes et les rglementations de l'industrie.
Si vous vous panouissez dans un environnement collaboratif rythme rapide et que vous tes passionn par la scurisation de la transformation numrique, nous serions ravis de vous connatre.
Ce que vous ferez :
Stratgie et leadership :
- laborer et communiquer la stratgie, la vision et les objectifs de l'organisation en matire de cyberscurit la direction excutive, aux membres du conseil d'administration et aux employs.
- Superviser le comit Cybersecurity Steering Committee, compos de membres de la direction et d'autres parties prenantes cls, et fournir des mises jour trimestrielles au comit d'audit.
- Assurer la direction et l'orientation de l'quipe de scurit de l'information, en encourageant une culture de responsabilit, de transparence et d'amlioration continue proactive des pratiques de cyberscurit.
- Conseiller la R&D sur le maintien d'un outillage efficace pour assurer la livraison scurise de bout en bout du produit au client en utilisant la scurit des produits et la scurit du nuage en profondeur.
- Servir d'expert en scurit de l'information dans la gestion des risques du groupe de travail sur l'IA :
- Identifier, valuer, prioriser et grer les risques de cyberscurit pour les actifs informationnels de l'organisation.
- Dvelopper et maintenir la structure, les politiques, les procdures, le registre et les normes de l'organisation en matire de gestion des risques informatiques.
Oprations de scurit :
- Superviser le fonctionnement du centre des oprations de scurit, les solutions de scurit, y compris le dploiement, la surveillance et la maintenance de l'infrastructure, les systmes de dtection/prvention des intrusions et les solutions de scurit des points finaux.
- Diriger la planification et l'excution de la rponse aux incidents de scurit afin d'attnuer les menaces potentielles et de minimiser l'impact.
- Superviser les efforts de gestion des vulnrabilits dans l'ensemble de l'entreprise et diriger les efforts visant attnuer les risques et maintenir la posture de scurit tablie.
Conformit et audit :
- Assurer la conformit de l'organisation avec les rglementations, les lois et les normes relatives la scurit de l'information.
- Collaborer avec les auditeurs internes et externes pour mener des valuations de scurit rgulires, des audits et une recertification russie de SOC2, ISO 27001/27018.
Formation et sensibilisation :
- Promouvoir la sensibilisation la scurit et coordonner les programmes de formation en matire de scurit pour les employs tous les niveaux de l'organisation.
- Favoriser une culture de sensibilisation et de responsabilisation proactive en matire de cyberscurit dans l'ensemble de l'organisation.
Fournisseurs et gestion des risques lis aux tiers :
- valuer, contrler et grer les risques associs aux fournisseurs et prestataires de services tiers.
- S'assurer que les contrats comprennent des exigences de scurit appropries et procder des valuations rgulires des pratiques de scurit des fournisseurs.
Gestion du budget :
- laborer et grer le budget de la scurit de l'information, en veillant l'affectation optimale des ressources et des investissements conformment aux priorits de l'organisation.
- Soutien juridique
- Examiner, rviser, commenter et ngocier les dispositions relatives la scurit de l'information dans les contrats et/ou les contrats avec les clients.
- Prendre en charge les escalades des clients concernant les dispositions relatives la scurit et faciliter la rsolution des problmes.
Ce que vous avez :
- Exprience confirme (8+ ans) dans un rle de gestion de la scurit de l'information un niveau moyen-suprieur.
- Diplme en informatique, en technologie de l'information ou dans un domaine connexe (diplme suprieur de prfrence)
- Certifications professionnelles en matire de scurit telles que CISSP, CISM ou CISA
- Exprience avec la certification de cadres communs de gestion de la scurit de l'information, tels que SOC2, ISO 27001 et NIST
- Forte comprhension des technologies de cyberscurit, des cadres de gestion des risques et des exigences rglementaires mondiales (GDPR, CCPA, NIS2, DORA).
- Exprience au sein d'une socit SAAS internationale
- Exprience avec les principes et les pratiques de scurit en nuage et hybride
- Exprience russie dans la mise en place et la direction d'quipes de cyberscurit performantes au niveau mondial.
- Pense innovante et leadership avec une capacit diriger et motiver des quipes interfonctionnelles et interdisciplinaires.
OneSpan is seeking a Chief Information Security Officer (CISO) to lead our cybersecurity vision, ensuring the protection of our products, data, and customers.
As CISO, you'll spearhead our security strategy, manage enterprise-wide risk, and oversee compliance while fostering a culture of proactive security. You'll work alongside executive leadership, R&D teams, and our AI Working Group to implement cutting-edge security practices that align with industry standards and regulations.
If you thrive in a fast-paced, collaborative environment and have a passion for securing digital transformation, we'd love to hear from you.
What You'll Do:
Strategy and Leadership:
Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees
Oversee the Cybersecurity Steering Committee consisting of executive management and other key stakeholders and provide quarterly updates to the Audit Committee.
Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices
Advise R&D on maintaining effective tooling to ensure secure end to end delivery of product to customer utilizing defense in-depth Product Security and Cloud Security
Serve as Info Sec expert in AI Working Group Risk Management:
Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets
Develop and maintain the organization's IT Risk management framework, policies, procedures, register and standards
Security Operations:
Oversee the operation of the security operations center, security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, and endpoint security solutions.
Lead Security incident response planning and execution to mitigate potential threats and minimize impact
Oversee vulnerability management efforts across the enterprise and lead efforts to mitigate risk and maintain established security posture.
Compliance and Audit:
Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security
Collaborate with internal and external auditors to conduct regular security assessments, audits and successful recertification of SOC2, ISO 27001/27018
Training and Awareness:
Promote security awareness and coordinate security training programs for employees at all levels of the organization.
Foster a culture of proactive cybersecurity awareness and accountability throughout the organization
Vendor and Third-Party Risk Management:
Evaluate, monitor, and manage risks associated with third-party vendors and service providers
Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices
Budget Management:
Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities
Legal Support
Review, redline, comment, negotiate information security provisions in customer and/or contracts
Take ownership of customer escalation related to security provisions and facilitate proper resolution.
What you have:
- Proven experience (8+ years) in a mid-senior level information security management role
Degree in Computer Science, Information Technology, or a related field (advanced degree preferred)
Professional Security certifications such as CISSP, CISM, or CISA
Experience with certification of common information security management frameworks, such as SOC2, ISO 27001 and NIST
Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, NIS2, DORA)
Experience in a Global SAAS company
Experience with cloud and hybrid security principles and practices
Track record of successfully building and leading high-performing global cybersecurity teams
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
#LI-HW1
#LI-LS1
#LI-Hybrid