Director of Information Security - Montréal, QC, Canada - AlayaCare

Description

AlayaCare

View company page

AlayaCare is revolutionizing the way home health care is delivered. Our leading cloud -based software allows our clients around the world to manage their employees, scheduling, billing, and enable better delivery of care. We are a fast-growing SaaS company with a team of 550+ team members across Canada, US, Australia, and Brazil. We aim to be the world leader in home healthcare software solutions. We pride ourselves on our open and transparent culture, our bias for action, and being committed to a workplace where we can be ourselves.

About the Role:

AlayaCare is seeking a dynamic and practical security leader to fill the role of Director of Information Security. The ideal candidate will possess deep expertise in Information Security, along with significant hands-on experience in a similar position within a B2B SaaS environment. You should be an outstanding communicator and a persuasive influencer, ready to enhance and shape all aspects of AlayaCare's Information Security posture.

You will work closely with members of AlayaCare's management team, focusing on the key security elements of the company's overall governance, risk and compliance programs. Your leadership will extend to directing a dedicated security team and mobilizing dozens of internal security champions, particularly within our platform and Site Reliability Engineering (SRE) teams. Consequently, this position provides a unique chance to affect change across AlayaCare, influencing hundreds of employees and clients, and making a difference in the lives of millions.

A day in the life:

• Lead the development and execution of AlayaCare's information security vision across the company and its various product lines, including the seamless integration of acquisitions. Direct the Security Steering Committee, establishing a strategic plan and actionable items in alignment with the company's business objectives. Collaborate with the privacy officer, legal, and risk management teams to ensure comprehensive alignment.
• Work in partnership with the Information Technology department to bolster corporate security measures, including identity and access management, network security, email security, and endpoint protection.
• Oversee the security awareness program, utilizing the Knowbe4 platform to enhance organizational security and privacy consciousness.
• Take charge of existing compliance with SOC1, SOC2, HIPAA, and future ones such as Hitrust. This includes hands-on involvement in the annual review of certain policies and vendor risk management, as well as owning specific policies, controls, automated tests, and evidence documentation. Utilize Vanta to streamline and centralize compliance-related information.
• Engage in responding to RFPs, RFIs, and customer questionnaires regarding information security at AlayaCare. Develop a system that enables sales and account managers to autonomously access and provide up-to-date information to clients.
• Foster the growth of a pragmatic security team by setting clear goals and expectations, outlining objectives, results, and key performance metrics for team members.
• Collaborate with the Developer Experience team to establish and maintain a Secure Software Development Lifecycle (SSDLC), including the creation of Role-Based Access Control (RBAC) policies in a CI/CD environment and developing tools to support the deployment of secure software.
• Design and oversee penetration testing programs and manage the remediation of identified critical issues.
• Manage vulnerabilities within the AlayaCare Cloud Platform, ensuring they are visible in a centralized location and resolved in accordance with established SLAs.
• Lead initiatives to increase the security of our AWS infrastructure in collaboration with DevOps teams, including the adoption of AWS security best practices, maintaining high scores in Security Hub through centralized AWS security policies, and leveraging a Secure Environment Accelerator based architecture.
• Enhance the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) in partnership with the Customer Success department and Site Reliability Engineering teams, including conducting regular tabletop exercises with internal teams and key suppliers.
• Influence the inclusion of security requirements in the security architecture runway, ensuring their delivery and implementation in collaboration with the Chief Architect, product management, and engineering leadership.
• Spearhead the development and operation of the Security Operation Center for ongoing security monitoring and incident response.
• Define and manage the information security budget, ensuring resources are allocated effectively to support security initiatives and goals.

What you bring to the team:

• 10+ years of experience in information security, including at least 3 years at a managerial level.
• Excellent communication skills for both customer and executive levels. Capable of explaining complex concepts in simple terms while considering the business strategy. Additionally, you should be able to describe technical concepts, for example how AWS VPC Flow Logs can be utilized for the detection or analysis of security incidents.
• You should understand at a high level, the technical aspects of web software and, preferably, have had a technical role at some point in your career. It's important to have deep understanding of the Secure Software Development Life Cycle (S-SDLC), vulnerabilities management, and infrastructure security in mobile, web, and cloud environments.
• You have experience in driving security compliance certifications such as SOC or ISO and understand common frameworks like NIST.
• A talent magnet – skilled in recruiting, developing, and leading people. You inspire others to do their best work.
• Excellent interpersonal, collaboration, and communication skills, including writing abilities.
• Strong project management skills with a high sense of urgency.
• A firm believer in automating everything and adopting an "everything as code" philosophy, thereby shifting security to the left with integrated automated controls.
• Experience with Vanta is a plus, to automate and centralize controls and tests for compliance.
• Experience in fast-growing SaaS start-ups.
• You possess a demonstrable growth mindset.
• You are motivated to make a difference in the world by helping the most vulnerable individuals.

Location, and in-office requirements:

AlayaCare supports a flexible hybrid working model, expecting that our employees have a regular in-office presence at their closest office location while offering flexibility for some remote work. Our team encourages in-person collaboration and with this, the preferred candidate location for this position would be within the Greater Montreal Area.

What Makes AlayaCare a Great Place to Work:

• Our products have a positive impact on the lives of countless care workers and care recipients Equity in a well-funded, high-growth company
• Work where you feel most engaged and productive with our Superflex working models, whether that be at home or in one of our beautiful offices
• Competitive compensation including equity in a growing, well-funded company
• Comprehensive group benefits program, including telemedicine, effective on your first day
• Employee expense program for health, wellness, lifestyle, productivity expenses and more
• Parental leave top-up plan
• Flexible vacation policy
• Wellness Fridays for extra time to unwind
• Paid Volunteer Time off Program
• Career growth and development opportunities
• An entrepreneurial culture of transparency, collaboration, and innovation
• We are recognized as Deloitte's Technology Fast 50TM program award for our rapid revenue growth, entrepreneurial spirit, and bold innovation

If this sounds like the perfect job for you, apply today. As well as joining a great culture and a market-leading company, you will be part of a team making a positive difference in the post-acute care market. If this isn't the job for you, you may know someone who is a perfect fit. Please feel free to share this opportunity.

If you want to explore AlayaCare further, please visit our website .

Better outcomes, better belonging

Our team members are unique—like our products and the customer groups that we service. AlayaCare employees bring different strengths, perspectives, and experiences to their roles and to our products that enable better care. We are committed to offering a people-centric culture where all employees belong and feel heard.

Having a pulse on our employee feedback is important to us as we aim to continuously evolve Diversity, Equity, Inclusion, Belonging, and Accessibility within AlayaCare's policies, total rewards offerings, discussions, learning & development programs, and community partnerships. All qualified applicants will receive equal consideration.

If you require accommodation as part of the recruitment and selection process, please reach out to . Please note, we do not accept unsolicited headhunter or agency resumes.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.