Director, Information Security Operations (Montreal, QC)

Montreal, QC, Canada

Applications have closed

Company Description

SSENSE (pronounced [es-uhns]) is a global technology platform operating at the intersection of culture, community, and commerce. Headquartered in Montreal, it features a mix of established and emerging luxury brands across womenswear, menswear, kidswear, and Everything Else.

SSENSE has garnered critical acclaim as both an e-commerce engine and a producer of cultural content, generating an average of 100 million monthly page views. Approximately 80% of its audience is between the ages of 18 to 40. It is privately held and has achieved high double digit annual growth and profitability since its inception.

Job Description

Responsibilities

Information Security Strategy (20%)

  • Define and own the information security operations roadmap at SSENSE across all technology, and work with the CISO to ensure congruence and support with the overall Information Security Roadmap and business objectives and desired risk posture.
  • Develop and manage the budget for delivery of the information security operations service and identify opportunities for synergies and efficiencies in line with other functions in the organisation
  • Establish and track Security Key Performance Indicators (KPIs) including tracking of ROI for security investments.

Information Security Operations (40%)

  • Partner with the IT team and other internal teams to ensure the effective design and operations of the information security operations service for SSENSE
  • Lead, manage, and motivate a team of professionals both in-house and through a MSSP to ensure success of the Security Operations function
  • Lead vulnerability management, incident response, threat intelligence, event management, and SOC operations utilizing various controls and systems
  • Plan, direct, and manage day-to-day activities across the Cyber Security Operations team including, but not limited to:
    • Analyze and evaluate network, system, and security alerts to include determining scope, urgency, and potential impact
    • Develop and implement security standards and procedures for security operations
    • implement, mature and lead the incident response program, including documentation, planning, incident coordination, forensics, threat intelligence, and internal and external incident response functions
    • Implement, mature and lead the vulnerability management program
    • Coordinate vulnerability research activities with the IT team
    • Establish and coordinate proactive incident response planning through table top exercises
  • Oversee all enterprise-wide incident reporting, including review for compliance with established standards and appropriate follow up activities
  • Reinforce industry best practices in incident response, cybersecurity analysis, and knowledge management
  • Lead response to security incidents, ensuring alignment with IR plan and all stakeholder requirements
  • Review reports on incidents and breaches and provide executive summaries to senior IT leadership
  • Manage technical security infrastructure to include security tools such as endpoint protection, log management, intrusion detection, and multi-factor authentication

Outsource Management (20%)

  • Implement a Co-Managed SIEM leveraging both internal and third-party resources and integrate relevant event data sources across the enterprise
  • Manage the Security Operations Center function delivered through a MSSP
  • Establish and manage objectives and performance, including establishing service level objectives and tracking overseeing metrics
  • Work with the outsourced service providers to achieve desired outcomes and addressing and supporting resolution of identified security risks
  • Track service provider remediation plans as required to achieve desired outcomes
  • Chair monthly governance meetings with the MSSP to review security risks and ensure continuous improvement

People Leadership & Development (20%)

  • Hold weekly one-on-ones, conduct performance reviews, analyse individual KPIs and assess promotion readiness to help each contributor evolve in their roles
  • Drive team mobilisation by regularly gauging team engagement and implementing appropriate means to create a transparent, collaborative and productive work environment 
  • Identify current gaps within the team/department structure and work with Senior Leadership on resourcing plans
  • Establish the resource plan for the direct team
  • Establish the short term objectives for the department and ensure team's are engaged towards achieving the department's missions
  • Drive the Department's mission and vision throughout the teams

Qualifications

REQUIREMENTS

  • Bachelor’s degree in Computer Science, Information Security, or a related field
  • A minimum of 10 years experience in Information Security, Security Operations, or IT operations
  • A minimum of 5 years experience of direct people leadership experience
  • Experience with Public Cloud (AWS, Google)
  • Strong experience with corporate security technologies such as firewalls, anti-virus software, End-Point Detect & Respond (EDR), Data Leakage Prevention (DLP), Security Incident & Event Management (SIEM) solutions, etc.
  • Experience with various forensic log artefacts found in SIEM logs, web server logs, AV logs, protection logs such as HIDS and NIDS logs
  • Experience with Information Security Industry Standards (ISO27001, SOC3, CSA) and audits
  • Experience with scripting automation is an asset
  • Familiarity with global privacy laws such as GDPR, CCPA, China PIPL, etc. is highly desirable

SKILLS

  • Ability to evaluate risk and provide operational strategies and response based on risk to SSENSE
  • Ability to manage and grow a team of internal personnel and external partners
  • Ability to communicate technical concepts and complexity to all types of audiences
  • Ability to comply with regulatory requirements
  • Strong collaboration and influencing skills
  • High work ethic and results-oriented
  • High sense of accountability and ownership
  • Solution-oriented mindset and can-do attitude to overcome challenges
  • Ability to thrive in a fast-paced environment and master frequently changing technologies and techniques
  • Ability to lead a project from initial conceptual stages through to completion

Additional Information

WORLD CLASS TECHNOLOGY 

Technology is at the core of everything we do at SSENSE. Driven by an engineering mindset and a problem-solving attitude, we blend fashion with technology to deliver an unparalleled experience to our customers as we build seamless, custom solutions to deliver the SSENSE offering. 

WORLD CLASS TEAM
The SSENSE tech team is responsible for an international headless commerce platform. Working in an agile environment, our squads are made up of experienced innovators in Product Management, QA, Design, DevOps, Software Development, Machine Learning, Data Engineering, and Security. Headquartered in Montreal, our technology organization has been growing at a rate of 2X year-over-year and is doubling once again in 2021 as we expand across Canada, US, and Europe.  

WORLD CLASS PLATFORM 

The SSENSE platform runs on Amazon Web Services making use of serverless microservices across web, mobile and app. Our event-source architecture already achieves over 10,000 requests / second and growing at an unmatched pace, currently unseen across the industry.  Our data-driven culture of innovation empowers every product team across the tech organization to explore building, testing and learning with the latest in Machine Learning techniques. Our automated continuous improvement DevOps model (making use of both blue / green and canary deployments) results in an average of 50 production releases every day.  

Read more about us on our SSENSE Tech Blog.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Audits Automation AWS CCPA CISO Cloud Compliance Computer Science DevOps E-commerce EDR Firewalls Forensics GDPR Governance Incident response Intrusion detection ISO 27001 KPIs Machine Learning Microservices Privacy Scripting Security strategy SIEM SOC SOC 3 Strategy Threat intelligence Vulnerability management

Perks/benefits: Career development Startup environment Team events

Region: North America
Country: Canada
Job stats:  7  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.