Director of Information Security 🇨🇦 🇷🇴

Toronto, ON

Applications have closed


Caseware is the leading global software provider for CPAs, auditors, risk and governance professionals. Reach new levels of productivity and efficiency today.

View company page

Caseware is one of Canada's original Fintech companies, having led the global audit and accounting software industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages. While you might not have heard of us (yet) over 36,000 accounting and audit professionals list Caseware as a skill on their LinkedIn profiles!

Caseware is seeking a Director of Information Security who will provide subject-matter expertise and leadership for all CyberSecurity-related matters across the organization. The security leader will develop policies and procedures, execute security projects, and conduct security operations. 

In this role, you will work with engineering, product owners, IT, and Cloud Operations to provide technical insight and industry perspective in creating, delivering, and integrating effective security solutions. Overall, the incumbent will leverage industry best practices to improve cybersecurity maturity.

❗ The role is open to candidates based and eligible to work in GTA, Toronto 🇨🇦 OR Cluj, Romania 🇷🇴

2 AppSec Engineers
1 CloudSec Engineer
1 Risk & Compliance manager (leading 3 Risk & Compliance Specialists + 2 Privacy Specialists)

The role reports to:
Xerxes Noble - SVP, Technology

Chengeer Lee - Senior Talent Acquisition Partner

What you'll do:

  • Lead all security matters, including governance, risk management, compliance, cybersecurity, application security, identity and access management, and security operations management
  • Evaluate the current state of CaseWare's security and risk profile and develop a risk-based gap analysis to implement and maintain a best-in-class security program
  • Partner closely with executives and business leaders, providing guidance and ensuring information security strategy aligns with business and product roadmap goals.
  • Work closely with Product Development and Engineering to ensure that we produce secure products and build features to keep users and critical data safe as a company.
  • Scale-up and out the application security program through developer empowerment, automation, and crowdsourcing, amongst others
  • Own the investigation process for all security incidents and ensure corrective actions are completed in a timely manner. Additionally, oversee the development of all security contingency plans.
  • Ensure compliance to critical standards as the company expands into new markets that require new security measures
  • Prepare and lead standards and regulatory compliance activities across the organization, e.g. SOC2, ISO27001, PCI, etc.
  • Lead and grow a team of Cloud and Product Security Engineers 
  • Expand the scope of our ISMS program to include all parts of the business, including Corporate IT, Cloud Operations, Product Security, and Distributors/Partners. 
  • Responsible for the security and privacy policies, including alignment with required privacy standards, as it pertains to business and customer information
  • Lead education, policies, and best practices for inclusion of a security-centric development practice within the SDLC
  • Work with product to identify opportunities for enhancing security features through the product roadmap.
  • Be a partner by collaborating with Technology, Product, Finance, and PeopleOps to maintain and improve existing compliance programs.

We think you'll be an amazing fit for this position if your application can demonstrate:

  • Deep expertise across security, privacy, IT audit, and legal security standards, guidelines, and principles within a complex organization.
  • Track record of building, growing and maintaining high-performing security teams, driving transformation in a growth environment. You are a hands-on leader who leads by example.
  • Past experience leading highly skilled application security and software security teams at technology companies.
  • Experience enforcing secure coding practices, threat modelling, identity, access management, and security incident response and recovery.
  • Strategic problem-solver who is analytically driven and an effective communicator who can present complex analyses to business leaders and executive leadership.
  • You understand the importance of being flexible, creative, and resourceful in order to design an information security program that addresses the specific business challenges of an innovative, growing company.
  • CISSP, CISA, CISM, Info-Sec Security certifications preferred
About Caseware

Caseware's cutting-edge software products are meticulously designed for accounting firms, corporations, and governments. Our teams are continually collaborating, innovating, and building upon our existing suite of products. With a customer-focused mindset, we are building technology that is shaping what the future of audits, financial reporting, and financial data analytics will look like.

With a recent strategic investment from Hg Capital in 2020, Caseware is now in its next major growth phase as we double down on the people and products that have made Caseware so successful to date.

One of Caseware's core values is Many Voices, One Team and with that in mind, we're dedicated to building teams as diverse as our customers in an equitable and inclusive way. We welcome and encourage candidates of all backgrounds to apply. Should you require accommodations or have any questions at any point during the application or interview process, please e-mail our People Operations team at

Any candidates successful in obtaining an offer for a position will need to successfully complete a background check through which typically includes an Identity Verification and Criminal Record Check. Executives and Senior Managers will undergo a Soft Credit Check as well.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Analytics Application security Audits Automation CISA CISM CISSP Cloud Compliance Finance FinTech Governance IAM Incident response ISMS ISO 27001 Privacy Product security Risk management SDLC Security strategy SOC 2 Strategy

Perks/benefits: Startup environment Team events

Regions: Remote/Anywhere North America
Country: Canada
Job stats:  44  5  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.