Overview

Full-time, HYBRID 1–2 days/month office located in Mississauga, Ontario

Key skills: 10+ years in information security leadership; complex cloud-based SaaS; security practices across application, infrastructure, and data layers; SOC 2 and ISO 27001 compliance; AI; DevSecOps.

Industry: SaaS

Role overview

Reporting to the CTO, the Director of Information Security will lead the maturation and scaling of the company’s security practices across product, platform, and corporate environments, with a strong emphasis on responsibly leveraging AI to improve security effectiveness.

This role evolves an established security foundation into a cohesive, risk-based program that enables the business to move quickly while protecting customer data, systems, and operations. As AI becomes increasingly embedded in how software is built and how products operate, you will help the organization use AI to proactively surface risk, accelerate detection and response, and stay ahead of emerging threats.

You will define the security strategy, standards, and guardrails—and drive consistent adoption across Engineering and related functions. Operating through influence and authority (rather than direct ownership of execution teams), you will partner with Engineering, Architecture, AI, and Operations leaders to embed security into how software is designed, delivered, and operated.

The company’s purpose-built SaaS platform supports heavy equipment dealerships and rental businesses. Key modulesinclude CRM, quoting, rentals, service, parts, and fleet management.

How you will contribute

  • Security strategy & program maturity (AI-driven): Evolve the security strategy and roadmap, incorporating AI as a core capability to improve risk visibility, decision-making, and response times while scaling and strengthening existing practices.
  • AI-enabled security & governance: Define how AI is leveraged across security functions (detection, analysis, and response). Establish guardrails for safe, effective AI use across internal workflows and product capabilities, and partner with Architecture and AI leadership to align innovation with security.
  • Security governance & guardrails: Define security standards, policies, and architectural guardrails across application, platform, and AI domains. Provide executive reporting to ensure alignment and adoption across Engineering, Platform, and IT.
  • Secure development oversight: Provide direction for security within the SDLC, including secure design, threat modelling, code analysis, and vulnerability management. Ensure practices evolve for AI-assisted development while maintaining strong control and visibility.
  • Cloud & infrastructure security: Establish expectations and guardrails for securing cloud environments (identity, access, network, and data protection), partnering with Engineering Operations to drive execution.
  • Detection & response leadership: Define and maintain an organization-wide incident response framework, including playbooks, roles, and escalation paths. Leverage AI to improve signal detection, triage, and response speed, coordinating execution with Engineering and Operations.
  • Governance, risk & compliance (GRC): Mature existing compliance programs (SOC 2, ISO 27001) by strengthening controls, improving audit readiness, and aligning the program to evolving risks and operating models.
  • Security architecture & cross-functional alignment: Partner with Architecture, AI, and Engineering leadership to embed security in platform design, data handling, and system evolution.
  • Third-party & AI vendor risk management: Define and enforce standards for evaluating and managing risk from third parties, including AI providers, APIs, and external services.
  • Security culture & enablement: Promote a strong security culture—including responsible AI use—through clear guidance, education, and practical frameworks.

Requirements

  • 10+ years of experience leading and maturing security programs in complex, cloud-first SaaS environments
  • Strong understanding of modern security practices across application, infrastructure, and data layers
  • Proven ability to operate through influence and drive outcomes across multiple teams without direct ownership
  • Experience partnering with Engineering and Platform teams to embed security into development and operations
  • Experience in defining, monitoring, and reporting KPIs that represent overall security risk and trends
  • Deep experience with SOC 2 and ISO 27001 compliance frameworks

How to stand out

  • Experience using AI to improve security detection, response, or risk analysis
  • Experience evolving security practices in high-growth or scaling SaaS organizations
  • Experience defining and operationalizing security guardrails across multiple engineering functions
  • Experience with DevSecOps practices and automation-driven security
  • Experience leading or coordinating incident response in complex environments

Competencies for success

  • Risk-based decision-making and prioritization
  • Ability to influence and lead without direct team ownership
  • Systems thinking across product, platform, and AI domains
  • Ability to translate security requirements into clear, actionable guidance
  • Strong communication and cross-functional leadership

As part of our hiring process, we use AI-based systems to support initial applicant screening.

Tagged as: ai, AWS, Cloud, devsecops, director information security, ISO 27001, SaaS, SOC 2

Before applying for this position you need to submit your online resume. Click the button below to continue.