ITECH - VP of Information Security

Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission driven alternative mortgage lender. The name Haventree is representative of the bank’s mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system.

Position Summary:

We’re looking to expand Haventree’s leadership by adding an experienced, brilliant, and proven VP of Information Security to our team in Toronto.  As our VP of Information Security, you will oversee all information security and cybersecurity initiatives, while adding your industry expertise and strategic savvy to our team. You’ll work directly with our Senior Management team and roll up your sleeves to help us develop and execute against the business strategy. You’ll collaborate with stakeholders across the business to identify and develop Haventree’s key strategic priorities from a security perspective.

You will have oversight and responsibility for corporate IT security, digital product security, cloud infrastructure security, and overall security posture. You bring experience in building security teams, including security testing teams, and can develop a comprehensive, effective approach for a product and technology-driven company leading the way in digital banking at Haventree.

Major Duties & Responsibilities:

• Develop and execute our cybersecurity strategy, and act as a strategic partner to senior leaders by proactively identifying opportunities for innovation, improvement, and growth.
• Articulate a vision for the company's security now and in the future.
• Create a culture of security across the entire organization through public speaking, training, documentation and enforcing accountability.
• Assume full ownership of our security posture and roadmap, ensuring each item on our roadmap fits into the overall business strategy at Haventree.
• Work closely with our Risk and Compliance team to ensure high-level controls and policies are implemented through best-in-class technology and automation.
• Work closely with our VP Information Technology, Director Software Development, and other leaders to ensure we build and maintain secure products and secure systems.
• Ensure alignment to documented industry standards for security, facilitating internal audits and working with third-party auditors as needed to maintain compliance.
• Inspire, manage, and lead a high functioning cybersecurity team to achieve our vision, setting priorities and holding the team accountable for clear goals & milestones.
• Become an expert in our products, technology, and systems.
• Lead the company smoothly through change, adoption of process improvements, and further adoption of best practices while minimizing friction or disruption.
• Take a charismatic approach to communicating security posture or negotiating security agreements with other C-level, Board members, and VP-level stakeholders.
• Review contractual and legal terms related to security; author policies, build process documentation, and build practice documentation for internal and external use.
• Ensure applicable security metrics are tracked and measured appropriately to demonstrate effectiveness and allow for continuous optimization.

Qualifications & Experience:

• 10+ years of experience in related technology and/or cybersecurity roles including 3+ years experience in a similar leadership role (CISO, CISP, CTO, VP, etc).
• At least one major certification such as CISSP, CISM or similar, or post-grad degree.
• Exposure to substantial and significant scale within a fast-paced, fast-growing company.
• Proficiency in C-suite level communications (written and verbal).
• Both tactically and strategically minded. You should be able to operate in the weeds, but also be the leader with the ability to build security strategy, roadmaps, and frameworks.
• Fluency across both corporate IT security and product cybersecurity areas.
• Experience in a heavily regulated industry dealing with regulatory compliance and handling sensitive and private data (banking, finance, equities).
• Demonstrated ability to drive change and manage teams to ensure quality, timely delivery of projects.
• Hands-on experience collaborating with in-house software development teams, including experience securing web and mobile applications and securing data environments.
• Expert knowledge of infrastructure security, strongly focused on cloud-based infrastructure security practices and technologies. Expertise in AWS cloud preferred.
• Success hiring and fostering growth of your team in parallel with fast-paced execution.
• Business-first and solution-oriented approach to security that goes far beyond identifying gaps, finding problems, allocating vendor spending, or documenting risks.