Director, Cloud Security
Toronto, ON, Canada
Job ID: 44676
Ingram Micro’s mission is to help businesses to fully realize the promise of technology. No other company delivers the full spectrum and scale of global technology to businesses around the world. Ingram Micro’s global infrastructure and deep expertise in platform technology, cloud and mobility enable our customers to operate efficiently and successfully in an increasingly digital economy.
With the launch of our Global Cloud Marketplace, Ingram Micro Cloud is changing how business is done in the Cloud. We are a master cloud service provider (mCSP), empowering organizations to configure, provision and manage cloud technologies with confidence and ease.
We are seeking a talented individual to lead the information security program for Ingram Micro Cloud and CloudBlue. The position requires sound knowledge of security, privacy, and business management to develop and further the information security program for an IT services organization.
Reporting to the Vice President, Global Cloud Technical Operations, this individual will be responsible for managing the information security program for the business. The program is to mature and evolve policies, processes, and standards across the organization related to security and privacy of all areas of the business, including related to compliance, development, design, implementation, and operations. This challenging position requires in-depth knowledge of cloud security architecture, design and standards, cross-functional knowledge of business processes, information security risks, internal controls and understanding of technology.
- Define IT Infrastructure & Security strategy and standards, including those related to security governance (security policies and procedures), security strategy (security planning), risk (risk assessments and management), cloud data protection (classification, encryption, tokenization), identity and access management, cloud architecture, secure development (development, testing, and maintenance), and compliance (audits, regulatory requirements)
- Define security controls relevant to compliance with legal, best-practice, and regulatory requirements for cloud environments (GDPR, PCI, ISO, FedRAMP, CCPA, SOC, etc.)
- Hire and lead the growth, development, and support of a global security team running 24x7
- Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud security frameworks, compliance requirements and security operations
- Create and maintain documented internal policies and procedures on the management of information security
- Develop and maintain a program for secure application development, testing, and vulnerability management
- Develop and maintain a program on handling security incident response, disaster recovery, and business continuity
- Establish lines of communication with leadership for understanding business needs and coordinating activities to further the information security program within the organization
- Actively monitor and research cyber threats with a direct or indirect impact to business operations, or technology infrastructure
- Understand business engagements, requirements and enablement opportunities as it relates to specific use cases
- Engage and negotiate with customers and partners on Data Privacy Agreements and security requirements
- Build and maintain a comprehensive and continuously up-to-date inventory of all supported applications, servers, interfaces and IT services being used to support Ingram Micro Cloud operations
- Minimum of 10 years cumulative experience in a combination of risk management, information security, and IT (at least 5 years in a senior leadership role)
- In-depth knowledge of business management and a strong understanding of information security risk management and cybersecurity technologies
- Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concern
- Demonstrated ability to lead and manage large, complex projects involving cross-functional teams
- Familiarity with industry compliance, i.e. PCI, HIPAA, GDPR, PIPEDA, ISO 27001, SOC (1 and 2), etc.
- Experience working with SaaS and PaaS environments and Cloud Native technologies
- Demonstrated ability to establish a security program that addresses security concerns of clients in delivering IT services
- Experience within a 24x7 production environment, preferably across multiple data centers and 3rd party cloud environments
Nice to have:
- Professional certifications in the security, privacy, risk management and audit areas highly desirable, such as: CISSP, CRISC, CISM, CISA, PCIP, CIPP
Successful candidates will join an elite team, that strives to innovate and automate, while contributing to a center of excellence within the organization. If you are a talented, detail-oriented and enthusiastic professional who is passionate about technology and working with high performing teams, this position is for you!