Putting people first, every day
BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, our professionals provide exceptional service, helping clients with advice and insight they can trust. In turn, we offer an award-winning environment that fosters a with a high priority on your personal and professional growth.
Your Opportunity
BDO Canada’s National office is looking for a Director, Information Security, to join our National Information Technology team, responsible for leading the organization’s global information security strategy, governance, and operations. This role will develop and implement enterprise-wide security programs that protect company assets, data, and systems from internal and external threats, ensuring the confidentiality, integrity, and availability of our digital assets while enabling secure business growth across Canada and globally.
The Director will be the architect of BDO Canada’s information security vision, strategy, and compliance and shape the continued growth and maturity of the ISMS program. BDO Canada’s Information Security needs span regulatory, information security, privacy, and more. The Director will partner closely with executive leadership, IT, risk management, legal, and compliance teams to maintain a strong security posture protecting our people, clients, and data.
Key responsibilities include:
Strategic Leadership
Develop and execute a comprehensive enterprise information security strategy aligned with business goals and risk tolerance.
Establish a security governance framework, policies, and standards consistent with ISO 27001, SOC II, NIST, and other relevant frameworks.
Lead the creation and execution of the organization’s security roadmap — encompassing people, process, and technology improvements.
Present regular security posture updates, metrics, and risk assessments to executive management and the board of directors.
Risk Management & Compliance
Identify, assess, and manage information security risks across corporate and operational environments.
Ensure compliance with applicable regulations and standards such as PIPEDA, GDPR, SOC 2, PCI DSS, and provincial/federal privacy laws.
Direct the execution of periodic security risk assessments, internal audits, and third-party reviews.
Partner with Legal and Privacy teams to oversee incident response, data breach notification, and regulatory reporting requirements.
Security Operations
Oversee day-to-day security operations, including threat detection, monitoring, vulnerability management, and incident response.
Lead the deployment and management of security technologies (SIEM, EDR/XDR, IAM, DLP, CASB, MFA, encryption, etc.).
Manage and continuously improve the Security Operations Center (SOC) and incident management processes.
Coordinate with IT infrastructure and cloud teams to ensure secure architecture design, patching, and access control.
Leadership & Collaboration
Build, mentor, and lead a high-performing information security team, fostering a culture of accountability and continuous improvement.
Partner with IT and business units to embed security-by-design principles into projects, procurement, and system development.
Collaborate with HR and Corporate Communications to drive security awareness and training programs for all employees.
Act as the organization’s security spokesperson during audits, client assessments, and vendor negotiations.
Vendor and Third-Party Security
Oversee third-party risk management programs and ensure vendors meet the company’s security standards.
Evaluate and approve security controls for external partnerships, SaaS platforms, and cloud providers.
How do we define success for your role?
Integrity, Respect and Collaboration
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: