Director of Cyber Security

Position Summary

Under the direction of the Chief Technology Officer (CTO), the Director of Cybersecurity is responsible for executing the organization's cybersecurity strategy and managing operational risk controls. The Director of Cybersecurity also serves as the accountable authority for all regulatory compliance programs and certifications. This role ensures the protection of information assets, adherence to regulatory requirements, and resilience against evolving cyber threats.

The Director of Cybersecurity leads the execution and management of compliance programs, acts as the primary authority for audit readiness and regulatory liaison, drives cybersecurity initiatives, collaborates with key stakeholders, and champions cybersecurity awareness across the business.

Operational Requirements & Activities

• Develop and execute the cybersecurity roadmap and operational controls in alignment with the CTO's defined risk tolerance and governance framework.
• Lead the execution of incident response and crisis management programs, escalating significant incidents and risk decisions to the CTO for final resolution and communication with the executive team.
• Lead and coordinate the future proofing of incident response and disaster recovery strategies for cybersecurity events, ensuring alignment and integration with enterprise-wide business continuity planning.
• Establish governance structures for cybersecurity, manage third-party and vendor risks, and lead regulatory compliance programs, ensuring clear boundaries between operational risk management and regulatory compliance.
• Monitor, investigate, and respond to security incidents, vulnerabilities, and emerging threats; proactively gather threat intelligence and conduct threat hunting activities to mitigate risks.
• Develop, test, and continuously improve incident response playbooks; conduct post-incident reviews to identify lessons learned and drive process enhancements.
• Implement, regularly review, and update cybersecurity policies, standards, and procedures to ensure ongoing relevance, effectiveness and compliance.
• Oversee and coordinate risk assessments, penetration testing, and vulnerability management programs, ensuring timely remediation of identified issues.
• Lead and manage all regulatory compliance programs relevant to the organization's operations, including but not limited to SOC 1 / SOC 2, GDPR, PIPEDA, ISO 27001, and other applicable standards.
• Lead initiatives for audit, ensure compliance with internal policies and procedures that meet audit requirements, and liaise with internal and external stakeholders to achieve certification.
• Prepare and deliver regulatory compliance posture updates and recommendations to the CTO for inclusion in reports for the executive team.
• Lead and manage data privacy and data loss prevention (DLP) initiatives, ensuring compliance with GDPR, PIPEDA, and other applicable regulations.
• Manage and optimize cybersecurity technologies (e.g., SIEM, firewalls, endpoint protection, identity management) and vendor relationships to support organizational security objectives.
• Develop, track, and report cybersecurity metrics and KPIs on a regular basis; use insights to drive continuous improvement in security posture.
• Integrate security requirements into solution architecture and throughout the secure software development lifecycle (SDLC).
• Design, deliver, and evaluate cybersecurity awareness and training programs for staff to foster a security-first culture.
• Collaborate with IT infrastructure and application teams to ensure cybersecurity is integrated into all technology initiatives and projects.
• Engage and collaborate with external cybersecurity organizations, regulatory bodies, and law enforcement agencies to strengthen security posture and maintain awareness of industry best practices.
• Oversee and coordinate physical security controls, ensuring integration with cybersecurity measures for comprehensive protection of organizational assets.
• Advocate for cybersecurity across the business, driving adoption of best practices and fostering a culture of continuous improvement.

Position Qualifications

Work Experience

• 10+ years of experience in information technology with at least 5 years in a senior cybersecurity leadership role.
• Proven ability to develop and execute strategic cybersecurity plans and communicate effectively with executive leadership.
• Experience in financial services, preferably investment fund industry, with strong understanding of technical and business processes.
• Advanced knowledge of enterprise architecture, identity and access management (IAM), and security technologies.
• Demonstrated experience in vendor management, capacity planning, and change management.
• Demonstrated experience leading regulatory compliance programs and audits in financial services, including SOC 1 / SOC 2, GDPR, PIPEDA, and ISO 27001.
• Ensure compliance readiness and provide posture updates to the CTO for executive-level reporting.
• Proven ability to develop, track, and report cybersecurity metrics and KPIs.
• In-depth knowledge of Azure infrastructure, cloud applications, and enterprise-level cloud technologies.
• Experience developing, testing, and leading incident response and crisis management programs.
• Experience collaborating with external cybersecurity organizations, regulatory bodies, and law enforcement agencies.
• Process-oriented with ability to lead and manage complex security projects.

Education & Certifications

• University Degree or College Diploma in Computer Science, Information Security, or related field.
• Required: CISA and/or CISM certification.
• Preference for CISSP or other advanced security certifications.
• ITIL or PMP certification considered an asset.

Soft Skills

• Excellent communication and leadership skills.
• Strong analytical and problem-solving abilities.
• Ability to work collaboratively across departments and with external partners.
• Highly organized and detail oriented.

About SGGG Fund Services Inc.

SGGG Fund Services is Canada's largest independent administrator of alternative funds with $100 billion (CAD) under administration. Using
Diamond
, our proprietary fund administration software, SGGG-FSI's nearly 400 employees provide full-service fund administration to clients from our headquarters in Toronto and affiliate offices in Cayman, the United States, and India. Our vision is to be the first choice for fund administration.

We have repeatedly earned Top Hedge Fund Administrator at the Canadian Hedge Fund Awards, and have been named to several national Great Place to Work lists.

Our office is in the heart of downtown Toronto. We have adopted a hybrid work model that offers great flexibility between working remotely or in the office.

Additional Information

• Number of positions: 1 new headcount
• Submit your application: ASAP, no later than: January 2, 2026
• Anticipated start date: Q1 2026
• Salary range: $150-200k annually
• Additional compensation: Discretionary bonus, benefits, insurance, RRSP match, and generous PTO
• Background Check: Hire contingent on successful completion of references, credit, criminal & education checks (employer paid).

AI Disclosure

• We use AI-enabled tools to sort applications based on job-related criteria. A human decides who moves forward. Some AI proctored tests may also be scored with AI; Trained staff review the scores before any decision is made.

IDEA & Accommodations (AODA)

• SGGG-FSI supports a workplace that respects inclusion, diversity, equity and accessibility (IDEA). We appreciate the unique perspectives and experiences each of our employees bring to the job, and our success is underpinned by their contributions to our culture and our values.
• SGGG-FSI welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.