Director of Information Security

Please refer to theHow to Apply for a Job (for External Candidates)job aid for instructions on how to apply.

If you are an active McGill employee (ie: currently in an active contract or position at McGill University) do not apply through this Career Site. Login to your McGill Workday account and apply to this posting using the Find Jobs report (type Find Jobs in the search bar).

Position Summary: The Director of Information Security is responsible for the strategic leadership development and implementation of McGill Universitys information security program. This role oversees the protection of institutional data ensures compliance with regulatory requirements and manages risk across the Universitys digital infrastructure. They provide vision and direction for security architecture governance incident response and awareness initiatives while fostering a culture of security throughout the institution.

Duties and Responsibilities:

• Develop and lead the University-wide information security strategy aligned with institutional goals and regulatory requirements. Hold quarterly or bi-annual security governance meetings with Deans unit heads and research leaders to align local practices with McGills security strategy.
• Define departmental objectives and key performance indicators in collaboration with the CIO and IT leadership. Maintain and update an institutional risk register with quarterly updates to executive leadership.
• Establish and enforce information security policies standards and procedures. Lead recurring compliance audits (e.g. PCI research data protection privacy impact assessments).
• Oversee the development and execution of information risk management and threat mitigation strategies. Conduct quarterly reviews of technical and administrative controls to ensure alignment with evolving threats and regulatory requirements.
• Oversee the design and implementation of security architecture across applications networks and systems.
• Review and disseminate threat intelligence updates regularly (e.g. monthly briefings) to IT leads across faculties. Oversee an ongoing vulnerability management cycle including monthly/quarterly vulnerability scans penetration tests and patching reviews. Ensure results are tracked prioritized and remediated in collaboration with units.
• Direct incident response planning and execution including coordination with internal and external stakeholders. Run bi-annual incident response simulations with faculties/units to test preparedness and response coordination.
• Partner with IT leadership and other units/departments to ensure secure deployment of technologies and services. Represent McGill in external security forums and maintain relationships with regulatory bodies and peer institutions.
• Promote cybersecurity literacy across the University community through targeted training programs. Deliver annual or semi-annual awareness campaigns (e.g. phishing simulations research data protection cloud usage).
• Manage the Information Security team including hiring performance management coaching and professional development.
• Oversee budget planning and resource allocation for the Information Security unit.
• Provide expert guidance to senior leadership on emerging threats compliance issues and strategic investments in security.

Minimum Education & Experience:

• Education: Undergraduate Degree in Computer Science Information Technology Cybersecurity or a related field.
• Experience: Minimum of eight (8) years of progressive experience in IT Security including five (5) years in a leadership role.

Other Qualifying Skills and/or Abilities:

• Proven experience developing and implementing enterprise-wide security programs.
• Strong leadership and team management skills with the ability to influence cross-functional teams.
• Deep understanding of security frameworks and standards (e.g. ISO 27001 NIST PCI-DSS Cobit).
• Expertise in risk management incident response and compliance enforcement.
• Familiarity with cloud security virtualized environments and modern infrastructure services.
• Excellent communication strategic planning and stakeholder engagement skills.
• Certifications such as CISSP CISM CISA or equivalent are highly desirable.
• Bilingual: English (spoken and written) French (spoken and read).

As one of Montreals Top Employers here is what we offer:

• Competitive benefits package (Health Dental Life Insurance) (if eligible)
• Defined contribution pension plan (with employer contribution up to 10%) (if eligible)
• Group Registered Retirement Savings Plan (RRSP) and Tax Free Savings Account (TFSA)
• Competitive vacation policy
• Two (2) personal days
• Two (2) floating holidays
• Nine (9) Summer Fridays - paid days off between the St-Jean Baptiste holiday and Labour Day
• Paid time off over the December holiday period
• Tuition waiver for regular employees and their dependents
• Up to two (2) days of remote work per week where the position permits

Before applying please note that to work at McGill University you must be both authorized to work in Canada and willing to work in the province of Quebec at the campus where the position is based / located.

Knowledge of English: McGill University is an English-language university where day to day duties may require English communication both verbally and in writing. The level of English required for this position has been assessed at a level # 3 on a scale of 0-4.

For a definition of our language proficiency levels please click here.

Job Profile: