Job Title

SGGG Fund Services Inc., 121 King Street West, Toronto, Ontario, Canada Job Description Posted Tuesday, December 16, 2025 at 11:00 AM Position Summary Under the direction of the Chief Technology Officer (CTO), the Director of Cybersecurity is responsible for executing the organizations cybersecurity strategy and managing operational risk controls. The Director of Cybersecurity also serves as the accountable authority for all regulatory compliance programs and certifications. This role ensures the protection of information assets, adherence to regulatory requirements, and resilience against evolving cyber threats. The Director of Cybersecurity leads the execution and management of compliance programs, acts as the primary authority for audit readiness and regulatory liaison, drives cybersecurity initiatives, collaborates with key stakeholders, and champions cybersecurity awareness across the business. Operational Requirements & Activities - Develop and execute the cybersecurity roadmap and operational controls in alignment with the CTOs defined risk tolerance and governance framework. - Lead the execution of incident response and crisis management programs, escalating significant incidents and risk decisions to the CTO for final resolution and communication with the executive team. - Lead and coordinate the future proofing of incident response and disaster recovery strategies for cybersecurity events, ensuring alignment and integration with enterprise-wide business continuity planning. - Establish governance structures for cybersecurity, manage third-party and vendor risks, and lead regulatory compliance programs, ensuring clear boundaries between operational risk management and regulatory compliance. - Monitor, investigate, and respond to security incidents, vulnerabilities, and emerging threats; proactively gather threat intelligence and conduct threat hunting activities to mitigate risks. - Develop, test, and continuously improve incident response playbooks; conduct post-incident reviews to identify lessons learned and drive process enhancements. - Implement, regularly review, and update cybersecurity policies, standards, and procedures to ensure ongoing relevance, effectiveness and compliance. - Oversee and coordinate risk assessments, penetration testing, and vulnerability management programs, ensuring timely remediation of identified issues. - Lead and manage all regulatory compliance programs relevant to the organizations operations, including but not limited to SOC 1 / SOC 2, GDPR, PIPEDA, ISO 27001, and other applicable standards. - Lead initiatives for audit, ensure compliance with internal policies and procedures that meet audit requirements, and liaise with internal and external stakeholders to achieve certification. - Prepare and deliver regulatory compliance posture updates and recommendations to the CTO for inclusion in reports for the executive team. - Lead and manage data privacy and data loss prevention (DLP) initiatives, ensuring compliance with GDPR, PIPEDA, and other applicable regulations. - Manage and optimize cybersecurity technologies (e.g., SIEM, firewalls, endpoint protection, identity management) and vendor relationships to support organizational security objectives. - Develop, track, and report cybersecurity metrics and KPIs on a regular basis; use insights to drive continuous improvement in security posture. - Integrate security requirements into solution architecture and throughout the secure software development lifecycle (SDLC). - Design, deliver, and evaluate cybersecurity awareness and training programs for staff to foster a security-first culture. - Collaborate with IT infrastructure and application teams to ensure cybersecurity is integrated into all technology initiatives and projects. - Engage and collaborate with external cybersecurity organizations, regulatory bodies, and law enforcement agencies to strengthen security posture and maintain awareness of industry best practices. - Oversee and coordinate physical security controls, ensuring integration with cybersecurity measures for comprehensive protection of organizational assets. - Advocate for cybersecurity across the business, driving adoption of best practices and fostering a culture of continuous improvement. Position Qualifications Work Experience - 10+ years of experience in information technology with at least 5 years in a senior cybersecurity leadership role. - Proven ability to develop and execute strategic cybersecurity plans and communicate effectively with executive leadership. - Experience in financial services, preferably investment fund industry, with strong understanding of technical and business processes. - Advanced knowledge of enterprise architecture, identity and access management (IAM), and security technologies. - Demonstrated experience in vendor management, capacity planning, and change management. - Demonstrated experience leading regulatory compliance programs and audits in financial services, including SOC 1 / SOC 2, GDPR, PIPEDA, and ISO 27001. - Ensure compliance readiness and provide posture updates to the CTO for executive-level reporting. - Proven ability to develop, track, and report cybersecurity metrics and KPIs. - In-depth knowledge of Azure infrastructure, cloud applications, and enterprise-level cloud technologies. - Experience developing, testing, and leading incident response and crisis management programs. - Experience collaborating with external cybersecurity organizations, regulatory bodies, and law enforcement agencies. - Process-oriented with ability to lead and manage complex security projects. Education & Certifications - University Degree or College Diploma in Computer Science, Information Security, or related field. - Required: CISA and/or CISM certification. - Preference for CISSP or other advanced security certifications. - ITIL or PMP certification considered an asset. Soft Skills - Excellent communication and leadership skills. - Strong analytical and problemsolving abilities. - Ability to work collaboratively across departments and with external partners. #J-18808-Ljbffr