Job Category: Investments, Regulatory & Digital Strategy

Requisition Number: ASSOC001553

Posted: March 18, 2025

Full-Time

Locations

Location: This in-office position will be located in our Toronto office.

Our organization:

Founded in 2017, Wellington-Altus Financial Inc. (Wellington-Altus) is the parent company to Wellington-Altus Private Counsel Inc., Wellington-Altus USA Inc., Wellington-Altus Insurance Inc., Wellington-Altus Group Solutions Inc., and Wellington-Altus Private Wealth Inc.-the top-rated investment dealer in Canada and one of Canada's Best Managed Companies. With more than $35 billion in assets under administration and offices across the country, Wellington-Altus identifies with successful, entrepreneurial advisors and portfolio managers and their high-net-worth clients.

Investment Executive 2024 Brokerage Report Card.

The opportunity:

Reporting to the Vice-President, Solutions Architecture, the Associate Vice-President, Information Security will be responsible for creating organizational awareness about cyber security and privacy, ensuring that our technology stacks and data are secure by design and adequately protected from cyber-attacks. This role includes ensuring that procedures and processes are in place to guide action should an attack take place and working with the CISO and Incident Response Commander as well as the Chief Privacy Officer.

This position is responsible for the development and maintenance of appropriate IT security and information privacy standards, procedures, corporate and departmental policies, and architectures. It serves as the single point of contact for other departments, corporations, and vendors for all information security and privacy requests. The individual will manage Identity Access Management policies, procedures, and review processes, and will work with peers on the IT Leadership Team to create a Cyber Security & Privacy Program for the organization.

Key responsibilities include:

• Developing an Information Security and Privacy roadmap for the next 3 years to ensure Wellington-Altus has a robust and comprehensive information security strategy.
• Implementing a framework for information security risk governance and control that integrates a consistent methodology to identify and assess information security risks.
• Identifying the total Information Security needs and overseeing the security posture across a large Enterprise by managing the full life cycle of Cybersecurity.
• Establishing, implementing, enforcing, and monitoring information security standards enterprise-wide.
• Supporting the leadership team in educating the Executive Committee on current and evolving Cyber security technologies, best practices, and threats.
• Providing support to the procurement and legal teams regarding information security and privacy with respect to agreements and contracts.
• Leading ongoing security, privacy and threat risk assessments and evaluations to verify operational compliance and identify gaps.
• Tracking security-related risks and correlating action plans to ensure issues are resolved.
• Working with third-party teams and internal digital and data development teams to interpret and review results from penetration tests, vulnerability scans, and code reviews as required.
• Maintaining the organization's Security Risk Register for effective risk management and operational compliance functions.
• Providing support for compliance and audit activities liaising with internal staff and external auditors.
• Conducting Information Security gap assessments against internal and external standards.
• Developing and implementing metrics and reporting processes to ensure risks are effectively managed.
• Leading Information Security Incident & Breach Response along with key stakeholders in the event of a breach.
• Providing leadership in the development of managed security services to ensure strong security postures of Vulnerability Management, IAM, Endpoint Protection, etc.
• Ensuring appropriate technology, processes, and governance are in place to monitor, detect, prevent, and react to security threats.
• Fostering a culture of privacy and information security across the organization.
• Working closely with all business units to ensure projects reflect appropriate privacy, information security, and contract management considerations.
• Managing and assessing external vendors who contribute to the overall security.
• Maintaining current understanding of security standards and regulations and ensuring compliance with changing laws.
• Developing security policies and procedures with regular reviews and updates, at least annually.
• Overseeing the delegation of work to Analysts and 3rd party partners.
• Setting annual performance targets for individuals and the team and conducting performance reviews.
• Providing ongoing motivation, coaching, guidance, feedback, and mentoring support to the team.
• Managing the workload of team members on the program and helping to remove obstacles to their success.

The ideal candidate will possess:

• Bachelor's degree in finance, computer science, information management, or equivalent combination of experience.
• 5+ years' experience in information systems support, security engineering, and/or risk and governance.
• Certified Information System Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• ITIL 4 certification is an asset.
• Familiarity with commonly used information security concepts, best practices, and standards.
• Experience with SIEM tools and operations (Splunk preferred).
• An ability to run the Identity and Access Management (IAM) security practice.
• Good analytic, troubleshooting, and problem-solving skills.
• Research skills for problems and find information or documentation on related topics.
• Experience with vulnerability scanning tools.
• Experience with anti-virus and endpoint security solutions.
• Experience with Linux and Windows operating systems.
• Expert verbal & written communication skills; additionally, expert analytical, problem-solving, and influence skills.
• An expert ability to collaborate and act as part of a team, with a focus on cross-group collaboration.
• An ability to manage ambiguity.

Conditions of employment:

• Must be legally eligible to work in Canada.
• Must be able to travel 0-5% of the time.
• A background check, satisfactory to the employer, may be required of the successful applicant prior to commencing employment.

Wellington-Altus Private Wealth is strongly committed to equity and diversity within its community and welcomes applications from women, racialized persons, Indigenous peoples, persons with disabilities, and persons of all sexual orientations and genders. All qualified individuals who would contribute to the further diversification of our organization are encouraged to apply.

If you require accommodation for the recruitment process, please let us know at the point of application.

To apply:

Click the Apply for This Job button to submit your resume, cover letter, and salary expectations. You will be contacted if you are selected for an interview. More information about working at Wellington-Altus can be found on our website at .