Director, Information Security at Indigo Books & Music — NeverHard

Job Description MISSION Accountable for establishing and executing the enterprise information security strategy to guarantee the confidentiality, integrity, and availability of Indigo’s information assets. This role proactively manages enterprise technology risk, ensures strict compliance with regulatory and industry frameworks, and safeguards data through the leadership of Governance, Risk & Compliance (GRC), Security Architecture, and Security Operations. KEY PERFORMANCE METRICS Zero critical preventable security breaches. Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) within established operational SLAs. 100% compliance with critical regulatory and industry frameworks (e.g., PCI-DSS, PIPEDA). High completion rates for enterprise-wide security awareness training. KEY ACCOUNTABILITIES Strategic Develop and implement a comprehensive enterprise information security strategy that aligns with Indigo's business objectives and risk tolerance. Partner cross-functionally at the senior level to embed security-by-design principles into all foundational technology and retail store operations. Set and manage operational and capital budgets to ensure the cost-effective execution of security infrastructure and compliance initiatives. Functional Enterprise Risk Management: Establish and maintain a continuous IT risk assessment framework to identify, quantify, and mitigate cybersecurity risks across retail, e-commerce, and corporate environments. Regulatory Compliance: Guarantee strict adherence to critical data protection regulations and industry frameworks (e.g., PCI-DSS, PIPEDA) through systematic control validations and comprehensive security audits. Policy Governance: Formulate, publish, and enforce data-driven information security policies, standards, and operational guidelines across the organization. Security Architecture Integration: Embed secure-by-design principles, NIST framework methodologies, and threat modeling into the lifecycle of all cloud, network, and retail store systems. Identity & Access Management (IAM): Oversee the enforcement of Zero Trust architectures, privileged access management, and robust authentication mechanisms to protect all enterprise assets. Threat Monitoring: Direct 24/7 Security Operations Center (SOC) activities, utilizing threat intelligence and data analytics to proactively detect and analyze anomalous network behavior. Vulnerability Management: Execute systematic vulnerability scanning, penetration testing, and data-backed remediation prioritization to continuously reduce the organizational attack surface. Incident Response: Lead the enterprise security incident response process, directing rapid containment strategies and conducting empirical root-cause analysis to prevent recurrence. Security Awareness: Implement measurable, enterprise-wide security awareness training and phishing simulations to cultivate a resilient, security-first workforce. Third-Party Risk Management: Assess and continuously monitor the cybersecurity posture of IT vendors, supply chain partners, and integrated platforms to ensure strict alignment with Indigo's risk tolerance. People Accountable for the overall engagement, productivity, turnover and bench strength of the team Supports the creation and maintenance of a talent succession plan Collaborate with others to drive flexible and iterative solutions, quickly and easily Share technical knowledge with others and actively seek to learn from those more knowledgeable than yourself Help others see the impacts of their efforts and proactively engage other functions to get input Encourage others to freely share their point of view and be open to feedback Understand and follow Indigo's core HR process - staffing, performance management, rewards, and development Ensures all team members are provided with clear performance objectives that are aligned with Indigo Functional and Departmental goals Has the ability to see the total organization with an integrated perspective Develops positive and productive peer relationships Cultural Model Indigo’s beliefs and convey a positive image in everything you do Understands/demonstrates in a manner that promotes, and is aligned with, Indigo's Mission, Vision, Beliefs As a leader, hold others accountable in maintaining the integrity of Indigo's culture Celebrate diversity of thought and have an open mindset Take an active role in fostering a culture of continual learning, taking risks without the fear of making mistakes Embrace, champion, and influence change through your team and/or the organization SCOPE Reports to: VP, Enterprise IT Manager once Removed (MOR): Chief Technology & AI Officer KEY RELATIONSHIPS Internal: IT Digital Finance Supply Chain Commercial Group Creative Consumer Experience Human Resources Retail leadership External: Approved Vendors External auditors Regulatory bodies