The Information Security Director is responsible to manage compliance to regulations and standards related to Information Security, Privacy, and Data Protection, ensuring the effectiveness and compliance of the company Information Security Management System and the maintenance of the relevant certifications and attestations.
Reports to: Global CISO
Responsibilities:
Privacy and Data Protection
- Overseeing data protection strategy and implementation to ensure compliance with GDPR and other privacy regulations requirements
- Manages the achievements and maintenance of certifications and attestation (like ISO 27001 and SOC 2) relevant to the company legal entities in the assigned geographical areas
- Constantly updates the cyber security strategy to leverage new technology and threat information
- Provides support in the definition of the strategy and the budget for the information security program.
Information Security Management
- Participates in the risk assessment activities supporting the risk treatment plan definition: disaster recovery and business continuity plans are in place and tested
- Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
- Operates the defined Information security program and risk treatment plan for the assigned responsibility areas.
Action plan and people management
- Oversees the implementation and operations of the company Information Security Management System and the compliance with the relevant standards
- Ensuring that cyber security policies and procedures are communicated to all personnel and that compliance is enforced
- Coordinates the activities of the direct reporting teams, ensuring the achievements of the defined objectives
- Managing all teams, employees, contractors and vendors involved in IT security, which may include hiring
- Providing training and mentoring to security team members
Requirements:
- Prior experience in similar roles: 10+ years of experience in information security and information technology or cyber security with at least 5 in roles with a project or team management responsibility
- Strong technical background on information security and knowledge of the relevant principles, techniques, trends, best practices, and standards
- Familiarity with the main applicable standards and regulations such as SSAE16 (SOC1, SOC2, SOC3), ISO 2700X, NIST, SOX, PCI-DSS
- Familiarity with privacy regulations such as GDPR, PIPEDA, CCPA, and of law aspects related to innovation and technology
- Familiarity with risk management and related assessment/audit activities
- Knowledge of Threat modeling, MS SDL, OWASP, and Secure SDLC process
- Familiarity with penetration test requirements and testing tools
- Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements for this position
- Experience developing and maintaining a scalable data structure in similar organization
- Focus on problem solving and performance, through teamwork
- Attention to detail and accuracy
- Leadership skills, propensity to encourage collaboration and to improve team engagement
- Excellent communication skills
About Docebo:
Here at Docebo, we power learning experiences for over 2,000 customers around the world with our easy-to-use, AI-powered Suite designed to close the enterprise learning loop. We have successfully achieved 2 IPOs (TSX: DCBO & NASDAQ: DCBO), been recognized as a Top SaaS e-learning Solution, and are growing exponentially in the process.
Docebo is a global company with offices in North America, EMEA, LATAM and more. Our people believe in six core values, simply defined and manifested in everything we do - Innovation, Simplicity, Accountability, Togetherness, Curiosity, and Impact. If this sounds like you, now is your time to join one of the fastest-growing learning technology companies on the market. Apply today!
Docebo is an Equal Employment Opportunity employer. We are committed to diversity and inclusion in our workforce. All qualified applicants and employees will receive consideration for employment regardless of their race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, citizenship status, age, disability, genetic information, or any other category protected under applicable law.
Any individuals with a disability requiring a reasonable accommodation to assist with their job search or application for employment should send an e-mail to recruiting_accommodations (at) docebo.com. The e-mail should include a description of the requested accommodation and the position you’re applying for or interested in.