Director, Cybersecurity

**Company Description**
American Iron & Metal (AIM) is a family-owned company and recognized global leader in the metal recycling industry with more than 125 sites and 4000 employees worldwide. We have continued to prosper for the last eight decades thanks to the dedication of our employees and the ongoing trust and support of our customers.

Become part of team AIM, a growing team with an entrepreneurial spirit who has over the years evolved into a successful and multifaceted company with business divisions that include metal recycling, decommissioning and demolition, auto-parts sales and recycling, manufacturing of solder assemblies, construction waste recycling, and production of customized industrial and mining products.

We take pride in doing good things for the environment to help create a greener, more sustainable future for all.

It’s simple; we do it right. We AIM for excellence.

You will assume a pivotal role in safeguarding our organization's digital assets and ensuring the confidentiality, integrity, and availability of critical information and systems. Reporting directly to the Chief Information Officer (CIO), you will lead all assurance activities related to IT security and cybersecurity operations, driving the development and enforcement of information security policies. Your strategic vision and leadership will be instrumental in establishing and maintaining a robust corporate-wide information security management program.
- Develop, implement, and continuously monitor a strategic and comprehensive enterprise information security and IT risk management program.
- Collaborate closely with business units to facilitate risk assessment and management processes, ensuring alignment with organizational objectives.
- Enhance and maintain an information security management framework to establish consistent policies and standards across all technology projects, systems, and services.
- Provide visionary leadership to the enterprise's information security organization, fostering a culture of accountability and excellence.
- Partner with business stakeholders across the company to raise awareness of risk management concerns and promote proactive cybersecurity practices.
- Assist in overall business technology planning, offering insights into current technology landscapes and future trends.
- Assess the company's existing cybersecurity posture and develop and adjust the current cybersecurity roadmap as required.
- Evaluate the performance of the cybersecurity team and make necessary adjustments to build a high-performance IT security team.
- Drive contract and vendor negotiations and management, particularly in managing an external SOC provider, to ensure effective security operations.
- Demonstrate expertise in Agile (scaled) software development or other best-in-class development practices to enhance security posture.
- Possess proficiency in Cloud computing and elastic computing across virtualized environments and related security practices.
- Interact confidently and present effectively to senior executive leadership, articulating cybersecurity strategies and initiatives.
- Stay current with rapidly evolving cybersecurity practices and trends, integrating the latest solutions and technologies into organizational security practices.
- Exhibit strong leadership during crisis situations, maintaining composure and guiding the organization through cybersecurity incidents.
- Foster a culture of urgency within the cybersecurity team, emphasizing the importance of swift action in protecting organizational assets.
- Fluently bilingual in French and English, with the ability to communicate effectively in both languages.
- Experience in implementing processes and solutions to comply with data privacy legislation such as Law 25 or GDPR is a strong asset.
- Solid experience in a similar role, preferably having built and managed a successful IT cybersecurity practice in manufacturing or heavy industries.

**Qualifications**
- Bachelor's degree in business administration or a technology-related field. Advanced degree preferred.
- Professional security management certification such as CISSP or equivalent is mandatory.
- A minimum of eight to twelve years of progressive experience in risk management, information security, and IT roles.
- In-depth knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST.
- Exceptional written and verbal communication skills, coupled with a high level of personal integrity.
- Innovative thinking and leadership with the ability to inspire and motivate cross-functional teams.
- Experience in contract and vendor negotiations and management, particularly in managing an external SOC provider.
- Proficiency in Agile (scaled) software development or similar methodologies.
- Experience with Cloud computing and elastic computing across virtualized environments and related security practices.
- Strong ability to work under pressure and manage crises effec