Chief Information Security Officer

Fulltime

Location: Calgary, Alberta (Hybrid)

Executive IT Leadership Opportunity

Our client is seeking an accomplished and forward-thinking Chief Information Security Officer to lead a multi-disciplinary team responsible for cybersecurity, infrastructure architecture, IT operations, and the service desk.

Reporting directly to the CIO, this role will shape the strategic vision for a secure, resilient, and high-performing technology environment. You will provide enterprise-wide leadership across cybersecurity, operational resilience, infrastructure modernization, and IT service excellence—while ensuring the protection and integrity of the organization’s information assets and digital ecosystem.

This is a high-impact role ideal for an experienced technology leader who thrives in complex environments, excels at driving organizational change, and is passionate about building mature, secure, cloud-forward capabilities.

Key Responsibilities:

- Develop and execute a multi-year cybersecurity, infrastructure, and operations strategy aligned with organizational priorities and future business needs.
- Act as a key advisor to the CIO and senior leadership on cyber risk, enterprise governance, and operational resilience.
- Build and foster a culture of security awareness, accountability, and shared responsibility across the organization.
- Lead change initiatives including modernization programs, process improvements, and the adoption of security best practices.
- Design and implement organization-wide cybersecurity and awareness programs that drive engagement and lasting behavioural change.
- Lead, mentor, and grow high-performing cybersecurity, infrastructure, and operations teams.
- Develop and oversee the enterprise cybersecurity roadmap, including risk management, threat detection, incident response, and recovery strategies.
- Direct the development, annual testing, and ongoing updates of cyber incident response and disaster recovery plans.
- Oversee Security Operations Center (SOC) functions, including intrusion detection/prevention, vulnerability management, and endpoint protection.
- Manage vendor and third-party risk across the procurement lifecycle, embedding security into business processes and technology solutions.
- Ensure compliance with relevant legislation and industry frameworks (e.g., POPA, ATIA, NIST CSF, ISO 27001, CIS 18).
- Own and evolve the enterprise infrastructure and security architecture, embedding secure-by-design principles across all IT initiatives.
- Advance automation, standardization, and cloud-first capabilities while evaluating emerging technologies for strategic fit and risk.
- Direct infrastructure operations across networks, servers, storage, cloud platforms, and ITSM to ensure high availability and operational resilience.
- Lead the modernization and migration of legacy infrastructure into secure cloud or hybrid environments.
- Develop and implement service desk strategies driven by SLAs, KPIs, and continuous improvement.
- Monitor, measure, and report on security metrics to ensure program effectiveness.

Qualifications:

- Bachelor’s degree in Computer Science, Information Systems, Engineering, or related discipline.
- Master’s degree or equivalent experience is an asset.
- Professional certifications such as CISSP, CISM, CRISC, CCSP, or equivalent are strongly preferred.
- 10+ years of progressive experience in information security, infrastructure, IT operations, or risk management.
- At least 5 years in a senior leadership role within a complex organization.
- Proven experience developing and maturing security programs using frameworks such as NIST CSF, ISO 27001, CIS 18, etc.
- Deep expertise in cybersecurity architecture, threat management, incident response, and operational resilience.
- Demonstrated success creating and executing enterprise-wide cybersecurity and risk strategies aligned with business goals.
- Experience with DevSecOps, identity-based security, and modern perimeter strategies.
- Strong experience reporting to executive committees or boards on security posture and risk.
- Familiarity with POPA, ATIA, and public-sector compliance considerations is an asset.
- Demonstrated ability to lead and inspire diverse technical and administrative teams.
- Strong strategic thinking, analytical skills, and the ability to balance security maturity with business enablement.
- Exceptional communication and presentation skills—able to translate technical concepts into business language.
- Highly collaborative, with strong negotiation and relationship-building skills across executive teams, vendors, and partners.

Note: This is an opportunity with a Microserve client.