Director, Business Information Security

Permanent Full Time

The Director - Business Information Security is part of the Business Information Security Office, first line of cyber defense team, working with IT and business partners to understand and manage information security risks and comply with the organizational information security policies. This leadership role with the team, supports providing business and technology leadership reporting on security issue status, acting as a trusted advisor on security topics, and helping the security teams understand business priorities. Finally, the role will play a key part in aligning efforts for the defined business and technology units to the broader security and technology risk strategy.

This is a senior level security role which reports to the AVP, Business information Security within the Business Information Security Office.

**What you will**do**
- Support the BISO team in business-aligned security planning, risk assessments, and control implementation.
- Partner with business leaders, IT, and security teams to integrate security into strategic initiatives, product development, and operations.
- Provide guidance on regulatory compliance, internal policies, and customer requirements.
- Coordinate responses to client security inquiries, audits, and due diligence.
- Monitor and report on business-specific security risks, control effectiveness, and remediation progress.
- Facilitate communication between business stakeholders and cybersecurity leadership to align priorities and expectations.
- Promote a culture of security awareness through targeted education and engagement.
- Stay informed on emerging threats, regulatory changes, and industry trends to advise the business proactively.
- Oversee execution of technology and security initiatives aligned with enterprise strategy and business goals.
- Oversee implementation and monitoring of security controls to ensure compliance with standards and regulations.
- Support security assessments, audits, and risk reviews, and coordinate remediation with stakeholders.
- Collaborate with IT, development, and infrastructure teams to embed security into technology projects.
- Define and report aggregated security risk metrics to business and technology leadership.
- Provide security consulting and advisory on business initiatives, including projects, client inquiries, and M&A.
- Understand business objectives to tailor security solutions that protect critical assets.
- Keep the business informed of security requirements, changes, and necessary actions to advance maturity.
- Participate in cybersecurity and business committees and working groups.
- Oversee and support business response to security incidents, investigations, and remediation.
- Manage a cybersecurity team, providing mentorship, performance management, and career development.

**What you will bring**
- 8+ years of experience in cybersecurity, IT risk management, or related fields, with at least 3 years in a leadership or managerial role.
- Strong knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001), risk management practices, and regulatory requirements.
- Proven ability to lead cross-functional teams and deliver complex security initiatives.
- Experience with security operations, incident response, vulnerability management, and governance.
- Excellent communication and interpersonal skills, with the ability to translate technical concepts into business language.
- Proficiency in resolving conflicting requirements to deliver effective cybersecurity solutions
- Proven record in assessing, prioritizing, and mitigating enterprise security risks
- Strategic planning, relationship building, and collaboration skills
- Skilled at driving cross-functional security efforts and influencing across all levels
- Adept at understanding business priorities and processes, capable of integrating cybersecurity into the business through teamwork and influence
- Ability to work effectively with diverse teams and personalities, adapting management styles to achieve mutually beneficial outcomes
- Strong analytical and problem-solving skills, with a focus on risk-based decision-making.
- Relevant certifications such as CISSP, CISM, CRISC, or equivalent are preferred.
- Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree is a plus).

The base salary for this position is between **$92,100**:

- $170,500**annually. This represents base salary only and does not represent other variable compensation components of our total compensation ( i.e. annual bonus, commission etc). If you are selected to move forward in our recruitment process, your recruiter will be able to discuss additional details of our total rewards program with you.

Be your best at Canada Life

Being a part of Canada Life means you have a voice. This is a place where your unique background, perspectives and talents are valued, and shape our future success.

You can be your best here. You’re part of a divers