Director, Information Security Operations

Tucows (NASDAQ:TCX, TSX:TC) is possibly the biggest Internet company you’ve never heard of. We started as a simple shareware site in 1993 and have since grown into a stable of businesses: Tucows Domains, Ting Internet and Wavelo.

What's next at Tucows

We embrace a people-first philosophy that is rooted in respect, trust, and flexibility. We believe that whatever works for our employees is what works best for us. It’s also why the majority of our roles are remote-first, meaning you can work from anywhere you can connect to the Internet!

Today, over one thousand people work in over 20 countries to help us make the Internet better. If this sounds exciting to you, join the herd!

We are seeking a Director of Information Security to lead our cybersecurity initiatives, focusing primarily on information security and application security. The ideal candidate will be a visionary leader capable of driving technical excellence, innovation, and operational rigor within our cybersecurity team here at Tucows.

You will report directly to the VP, Infrastructure Engineering and will work in concert with the Governance, Risk, and Compliance (GRC) and IT functions. This position plays a pivotal role in collaborating with and influencing stakeholders across the organization to foster a culture of security.

Key Responsibilities:

• Lead and expand a team of cybersecurity experts, fostering a culture of technical excellence, innovation, and continuous improvement.
• Manage security projects from initiation through completion, ensuring timely and budget-compliant delivery.
• Build, enhance, and manage the Incident Response function to provide quick, effective responses to minimize the impact of security breaches.
• Implement process improvements to boost the efficiency and effectiveness of security operations.
• Develop and manage budgets and financial forecasts in line with business needs and objectives.
• Align the cybersecurity program with business goals and compliance with regulations like CCPA and GDPR through strategic collaboration with senior management.
• Provide expert guidance on threat modeling, secure configurations, and company-wide risk mitigation strategies.
• Oversee the detection, investigation, and resolution of security incidents across all company infrastructure and applications.
• Drive the selection and optimization of security technologies and managed services, with a focus on automation and operational efficiency.
• Collaborate with various teams to identify and prioritize mitigation of vulnerabilities based on risk and business impact.
• Maintain the integrity of physical security measures and actively engage with external security communities to stay abreast of emerging trends.
• Continually update knowledge and incorporate security best practices in design and development processes with developers and system engineers.
• Serve as a key advisor on security architecture and requirements for business partnerships and third-party data handling.
• Develop and maintain a roadmap for security architecture and standards, ensuring the Global Security Strategy meets the security and privacy needs of all stakeholders.
• Foster information security awareness across the organization and ensure alignment with governance, risk management, and compliance strategies in collaboration with the Director of GRC & Compliance.

Qualifications:

• Minimum of 10 years in cybersecurity and IT, with at least 6 years in a cybersecurity-focused role.
• Bachelor’s degree in a relevant field or equivalent experience.
• Cybersecurity certifications such as CISA, CISSP, GSEC, CCNA, CISM, or CRISK.
• Demonstrated ability to establish and maintain effective relationships with employees, partners, and vendors.
• Excellent communication skills, capable of engaging technical and non-technical audiences.
• Deep knowledge of SIEM, Vulnerability Management, Penetration Testing, IAM, IDS/IPS, advanced encryption at rest techniques, and other security protocols.
• Proactive and pragmatic approach to problem-solving.
• Experience dealing with external entities like auditors and customers.
• Passion for shaping the workplace culture and environment.
• Familiarity with cybersecurity frameworks (NIST, ISO 27001, PCI, SOX, SOC 2) and regulatory requirements (CCPA, GDPR).

The base salary range for this position is $174,800 to 205,700 USD for US residents OR $149,600 to $176,000 CAD for Canadian residents. Other countries will differ. Range may vary on a number of factors including, but not limited to: location, experience and qualifications. Tucows believes in a total rewards offering that includes fair compensation and generous benefits.

Want to know more about what we stand for? At Tucows we care about protecting the open Internet, narrowing the digital divide, and supporting fairness and equality.

We also know that diversity drives innovation. We are committed to inclusion across race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability status. We celebrate multiple approaches and diverse points of view.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.

Tucows and its subsidiaries participate in the E-verify program for all US employees.

Learn more about Tucows, our businesses, culture and employee benefits on our site here.