Director of Cyber Security at CarltonOne Engagement ULC

Markham, Ontario, Canada -

Full Time

Start Date

Immediate

Expiry Date

22 Jul, 26

Salary

180000.0

Posted On

23 Apr, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information security, Cyber risk management, Application security, Cloud security, Governance, Risk and compliance, SSDLC, Vulnerability management, Incident response, Threat modeling, Data protection, Security operations, SOC 2, ISO 27001, PCI-DSS, GDPR

Industry

IT Services and IT Consulting

Description

CarltonOne is a global B2B technology leader, and part of the Goldman Sachs portfolio, helping organizations around the world reward and inspire exceptional people. Our solutions empower employees to be more productive, sales teams to perform at their best, and customers to stay engaged and loyal. Our platform powers the global engagement industry, enabling companies to deliver impactful employee recognition, customer loyalty, rewards, sales, and channel incentive programs. We partner with over 450 clients, 500 vendors, and serve 14 million members across 185 countries. Beyond engagement, every CarltonOne solution drives our eco-action mission: funding tree planting to help restore the planet. To date, we’ve funded over 20 million trees and are on track to plant millions more each year. Learn more at carltonone.com. About the Opportunity CarltonOne is seeking a Director, Information Security & Cyber Risk to lead and operationalize our global security program. This role is responsible for executing CarltonOne’s security strategy across information security, application security, cloud security, and cyber risk, ensuring strong protection of customer data, systems, and intellectual property. The Director will partner closely with Engineering, Product, IT, and Legal teams to embed security into technology and business processes. This is a hands-on leadership role focused on program maturity, operational excellence, regulatory compliance, and risk reduction within a growing global SaaS environment. Key Responsibilities Security Leadership & Program Execution * Lead the execution and continuous improvement ofCarltonOne’sinformation security and cyber risk programs. * Act as the primary security advisor to senior technology leadership. * Implement andmaintainsecurity governance frameworks aligned with global regulations and industry best practices. * Promote a strong security culture through awareness programs, training, and practical guidance across teams. Application & Information Security * Lead secure software development lifecycle (SSDLC) practices, ensuring security is embedded throughout design, development, testing, and deployment. * Partner with Engineering and Product teams on threat modeling, vulnerability management, secure code practices, and tooling. * Own data protection programs including data classification, access controls, encryption standards, and incident response processes. * Coordinate application security testing, penetration testing, and vulnerability remediation efforts. Cloud Security * Implement cloud security controls and standards supportingCarltonOne’scloud infrastructure and services. * Ensure secure architecture, identity and access management, and configuration best practices across cloud environments. * Work closely with engineering teams to embed security into cloud design and deployment workflows. Cyber Risk Management & Compliance * Manage enterprise cyber risk programs, including risk identification, assessment, prioritization, and mitigation. * Maintain risk registers, metrics, and dashboards to support leadershipdecision-making. * Ensure compliance with security and privacy frameworks including SOC 2, ISO 27001, PCI‑DSS, GDPR, and other applicable global regulations. * Support and coordinate security audits, certifications, and customer assurance activities. Incident Response & Threat Management * Maintain and continuously improve incident response, security monitoring, and business continuity processes. * Oversee security operations, including vulnerability management, threat detection, and incident response. Review and continuously improve incident managementprocedures andown theend‑to‑endincident response and Security Operations (SecOps) lifecycle. * Act as incident lead during security events, coordinating investigation, response, communication, andpost incidentreviews. Team Leadership & Development * Lead and develop ahigh performingsecurity team across information security, application security, and risk functions. * Set clear priorities, performance metrics, and development plans. * Drive operational maturity through KPIs, process improvement, and regular reporting. Qualifications * 8–12+ years of progressive experience in information security, with at least 3–5 years ina seniorleadership ordirector'slevelrole. * Strongexpertiseacross information security, application security, cloud security, and governance, risk, and compliance (GRC). * Proven experience implementing and maturing security programs within SaaS orhigh growthtechnologyenvironments. * Solid knowledge of regulatory and compliance frameworks including SOC 2, ISO 27001, PCI‑DSS, GDPR, CCPA, and similar standards. * Experience supporting audits, certifications, and regulatory inquiries. * Excellent communication skills with the ability to translate technical risk into business impact. * Professional certifications such as CISSP, CISM, CISA, CCSP, or equivalentare stronglypreferred. Additional Perks Here are some additional perks that we provide: * Competitive salary and benefits package. * Health, dental, and vision coverage. * 3 weeks’ vacation plus personal days. * Access to our employee benefits portal for exclusive discounts. * Monthly company-wide events, celebrations, and team activities. * Bravo reward points program for recognition and appreciation * Convenient office location close to public transit. How to Apply If this great opportunity looks rewarding to you, let’s connect. Our online application will give you the option to apply to this role directly. The target hiring range for this position is $160,000 - $180,000. Placement in the salary range will be based on factors such as market conditions, internal equity, and candidate experience, skills, and qualifications relevant to the role. We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, or if you need assistance to accommodate a disability, please contact us with the “Help” button in the application. Vacancy status: This posting represents an active vacancy for which we are currently hiring. AI Disclosure: Artificial Intelligence (AI) may be used in the hiring process for this role.

Responsibilities

The Director will lead and operationalize the global security program, including information, application, and cloud security strategies. They will also manage cyber risk, compliance frameworks, and incident response while leading a high-performing security team.