Director, Information Security

at  autoTRADERca

TRADER Corporation is a trusted Canadian leader in online media, dealer and lender services. The company is comprised of AutoTrader.ca, AutoSync and Dealertrack Canada. AutoTrader.ca (AutoHebdo.net in Quebec) offers the largest inventory of new cars and used cars in Canada, receiving over 25 million monthly visits to its marketplace. With over 3,500 subscribers and counting, AutoSync is the largest and fastest growing dealer and OEM software provider in Canada. The platform’s suite of connected automotive software solutions brings advertising, conversion and operational support together, synchronizing the entire retail process. AutoSync’s diverse range of offerings includes: vAuto, EasyDeal, xtime, Motoinsight, Activix, TAdvantage and TRFFK. Dealertrack is Canada’s largest automotive financing portal, enhancing efficiency and profitability for all major segments of the automotive, marine, recreational vehicle, motorcycle and powersport retail industries. Over 6.5 million credit applications are submitted via the Dealertrack Canada portal each year. Visit tradercorporation.com to learn more..
Responsible for overseeing the Cybersecurity function, leading identification, assessment, monitoring, remediation, and reporting of operational risk efforts within TRADER Corporation.
The Director of Information Security establishes and administers the strategies and procedures for the information security function. Develops and implements information security and disaster recovery programs driving the improvement of organizational information security standards. Proactively evaluates overall information and technological and environmental risks in an effective and consistent manner, promoting information security awareness within the TRADER organization.
This individual has the ability to create and execute functional strategies and specific objectives of the organization. This individual will also have experience in developing and managing budgets, policies, and procedures for the area of responsibility. The successful candidate also can positively influence the organization at all levels to increase the relevancy of security within the TRADER organization.
The ideal candidate is a collaborative leader of people who provides mentoring and coaching to their team of security professionals to ensure they perform optimally and are able to achieve their professional goals; a collaborating partner who is not afraid to roll up their sleeves and lead by example.
Requires a bachelor’s degree in information technology or equivalent experience and 8-12 years of direct experience managing people in a combination of risk management, information security risk, compliance, and cloud environments.

• Responsible for the operational leadership of the information security program
• Communicate with executives across departments to ensure security systems work smoothly to reduce operational risks in the face of a security attack.
• Work directly with the business and IT units to facilitate cyber risk assessment and cyber risk management processes.
• Partner with business stakeholders across the organization to raise awareness of risk management concerns.
• Mature the organization’s business continuity management program to ensure business resiliency.
• Lead and provide oversight for security operations activities, including real-time analysis of immediate threats, security operations and challenges in the current and future state of business operations.
• Evaluate IT threat landscape, devising cyber security policy and corresponding controls to reduce risk.
• Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services;
• Develop cyber resiliency to effectively recover from hacking, security incidents, or infringements rapidly.
• Develop processes to maintain records of up-to-date security threats, helping understand security problems that might arise.
• Oversee data loss and fraud prevention, ensuring internal staff does not misuse data.
• Ensure the data privacy is secured and maintained as part of the privacy program, leading electronic discovery and forensic investigations and enhancing the information security management system.
• Oversee information security architecture, including the planning, buying, and rolling out security solutions, and ensuring IT and network infrastructure is designed with best information security practices in mind.
• Represent and lead the discussions around the overall business technology planning, providing current knowledge and future vision of technology and systems to enable the organization’s digital transformation plan securely
• Integrate the oversight of physical security with cyber security for convergence
• Provide in-depth knowledge of cyber security operations and functions to make effective business decisions.
• Mentor the Information Security team members and implement professional development plans for all team members.
• Accountability: Governance, Risk and Compliance (GRC) Management
• Manage organization-wide information security governance processes, chair the Information Security Steering Committee and lead and security project priorities internally and with security vendors and third-party businesses (as and when required).
• Leading auditing and compliance initiatives, ensuring adaptability to evolving compliance regulations.
• Leading and contributing to a variety of security policy domains associated with compliance, governance, risk management, incident management, HR management, and additional domains.
• Program onboarding—weighing business opportunities against security risks that can potentially compromise your organization’s long-term financial rewards.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Lead the procurement process for the selection and purchase of security solutions from vendors, ensuring that the company is in regulatory compliance with the rules for relevant bodies and enforcing adherence to security practices.
• Establish a system that reduces human error and its impact on security posture.
• Accountability: Security Training and Awareness
• Develop a comprehensive plan to attract, train and retain professionals with the requisite skills and interest in pursuing a cybersecurity career.
• Prepare employees with the tools, skills, resources, relationships, and capabilities to protect against information security risks.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Lead the employee security awareness training program, develop secure business and communication practices, and identify security objectives and metrics.