Manager, Data Security (Information Security)

08 Jul 2024
13 Jul 2024
Employer Sector
Technology, IT & Telecoms
Contract Type
Full Time
Manager, Data Security (Information Security)

Friday, July 5, 2024

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation or any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at should you need an accommodation at any point in the recruitment process.

Reporting To:

Senior Manager, GRC (Information Security)

Full–Time/Part– Time:


Posting Date:

July 5, 2024

Closing Date:

July 19, 2024

Hours of Work:

8:30 a.m. – 5:00 p.m.


Office Location:


Toronto, ON

Great location! Steps away from the main public transit station

What we offer:

Highly competitive compensation package which includes base salary,

bonus,benefits, and career advancement opportunities!

Eligibility for benefits is dependent on the terms of employment

The Opportunity:

A strategic and integral member of the Information Technology organization, responsible for the Data Security Program of First National. This role, reporting to the Senior Manager, GRC (Information Security), is responsible for ensuring the confidentiality, integrity, and availability of the organization's data throughout its lifecycle (creation, storage, usage, transmission, archiving and destruction). The role will be responsible for the management and continuous improvement of the data security program taking into consideration, its strategy, policies, processes, controls, assessments, reporting, metrics, training, and awareness.

This role requires a minimum, the following skills:

  • Knowledge and experience in Information Security, data protection, and security management frameworks.
  • Knowledge and understanding of current data security, data classification, risk standards, best practices, particularly ISO 27001 and NIST CSF.
  • Experience in developing, implementing, and managing security and data protection strategies.
  • ability to influence relevant stakeholders within and external the Information Security department.
  • ability to communicate effectively.

How you will contribute:

  • Develop, implement, manage, and continually improve the Data Security Strategy and Program at First National.
  • Educate and advise other teams within First National in the design and implementation of effective security controls to protect its data.
  • Build strong cross–organizational relationships and work effectively across within and across department boundaries.


  • Develop, formalize, institutionalize, and maintain data security policies and procedures related to the data security program.
  • Document, maintain, enforce and maintain currency of the data classification policy and standards.
  • Analyze the data flows across the enterprise and institutionalize the data security controls throughout the data lifecycle and evaluate conformance to data minimization.
  • Participate, support and/ or develop relevant and necessary impact assessments such as Privacy Impact Assessment, Transfer Impact Assessment, etc.
  • Support in the development of periodic reports and dashboards as necessary.
  • Review regulatory, legal, or compliance requirement regarding to data security.
  • Act as the liaison between the Privacy Office, IT, and Information Security Department to ensure that one of First National Financial's most valuable asset, its data, is secured.
  • Collaborate with the strategies related to Privacy and Protection of sensitive data.

Data Classification

  • Identify the current sources and repositories for the organization's data, for both structured and unstructured data, and map with the catalog of current controls.
  • Collaborate with the business units (Data Owners) and Privacy Office to review and classify the business data, and work with Data Custodians to ensure that adequate controls are implemented commensurate to the associated risk.
  • Review and monitor the data classification process.
  • Implement the necessary data security protections aligned with the data classification and security policies.
  • Identify, document and present data classification metrics to senior management.
  • Periodically review the data discovery process (interview questions, tools, reporting) to check for accuracy and currency.
  • Participate in training activities for data security and data classification best practices.

Controls Management

  • Implement a maintain an approach to effectively design and implement the data security program that considers the relevant technical and process–based controls.
  • Identify the set of technical controls involved in adequately securing the organization's sensitive data.
  • Monitor security controls and measures to protect sensitive data.
  • Create, implement, and review mechanisms and strategies to protect the confidentiality, integrity, and availability of data–at–rest, data–at–use, and data–at–transit.
  • Design Data Leakage Prevention controls, and ensure they are implemented, and perform periodic compliance checks.
  • Manage tools associated that assist with Data security which have been implemented within the organization.

The experience you need:

  • Bachelor's degree in computer science/IT Management/MIS or the equivalent work. experience is required. Graduate degree preferred.
  • A minimum of 5 years of prior Information Security Management experience is required with audit or implementation of relevant information security frameworks.
  • Information Security designation or certification, such as CDPSE, ISO27001, CISM, CISA, CISSP or equivalent preferred.
  • Foundational experience in developing and maintaining Information Security policies, standards, processes, guidelines, procedures, and controls, ideally within the Financial Services industry.

Skills and Attributes:

  • A proven track record of planning and executing complex work efforts.
  • Strong interpersonal communication, analysis, and writing skills.
  • Superior verbal and written communication skills.
  • Intermediate presentation and MS Excel skills.
  • Able to align management and leadership strategies when working on projects.
  • Ability to manage relationships, resolve conflicts and constraints, ensure compliance with ethical and professional standards when managing projects.

Working Environment and Physical Demands Analysis:

  • Periods of high volume with tight timelines
  • Long periods of stationary position/sitting
  • Prolonged periods of repetitive movement (i.e. using a keyboard and mouse)
  • Long periods of time in viewing a computer screen
  • Multi–tasking may include speaking to customers on a telephone call while looking up information on a computer program.
  • Competitive Compensation
  • Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up)
  • Hybrid working environment select if applicable .
  • Extensive training programs to set our employees up for success
  • Modern office environment conducive to collaboration
  • Supportive teamwork culture
  • Opportunities to give back to the communities and work through events focused on a variety of charities
  • Ongoing social events throughout the year

The team you'll join:

Founded in 1988, First National is one of Canada's largest non–bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada's largest commercial mortgage lender.

First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.

We would like to thank all applications for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.