Director, Security and Cybersecurity

September 5, 2025

Apply for this job

Email *

Job Description

Description

Join to apply for the Director, Security and Cybersecurity role at Alto

1 day ago Be among the first 25 applicants

Join to apply for the Director, Security and Cybersecurity role at Alto

At Alto, we are actively contributing to the transformation of Canada’s future with our high-speed train project connecting Quebec City and Toronto. With the support of the Government of Canada, this innovative project aims to improve the quality of life of our citizens, strengthen ties between communities and stimulate economic growth.
Would you like to take on a stimulating, high-impact challenge? We are looking for a Director, Security and Cybersecurity.
The role
The Director, Security and Cybersecurity is responsible for overseeing the security strategy, policies, and procedures of the organization. They ensure the organization’s assets, data, and personnel are protected from internal and external threats. The Director will direct a multidisciplinary (cyber and physical) security team and collaborate with other departments to provide technical guidance. This role involves conducting risk assessments, developing mitigation strategies, and ensuring compliance with Federal Government standards and policies. The candidate is also responsible for ensuring that security systems and solutions are properly configured to meet the organization’s security needs.
The Responsibilities

  • Develop and implement the security vision, strategy, and roadmap for the organization.
  • Establish security policies, standards, and procedures that align with business objectives and comply with industry’s best practices and regulatory requirements.
  • Monitor and report to senior management on the effectiveness of the organization’s security program.
  • Conduct regular risk and vulnerability assessments to identify potential system threats and vulnerabilities. Develop and apply risk mitigation strategies.
  • Lead incident response efforts to promptly detect, respond to, and recover from security incidents, breaches, and data leaks.
  • Promote a security-oriented culture by organizing security training and awareness programs for employees and contractors.
  • Guide, mentor, and manage a team of security professionals, establishing priorities and fostering individual growth.
  • Manage the security budget, allocate resources effectively, and make cost-effective decisions regarding security investments.
  • Undertake the requirements necessary for administering (requesting, reactivating, transferring, renewing, upgrading) personal and organizational (facility) security clearances at the level necessary (i.e., PROTECTED B).
  • Design and coordinate the implementation of secure cloud architectures including access controls, firewalls, intrusion detection systems, and encryption protocols.
  • Consult stakeholders and other teams on security matters.
  • Monitor and review overall risk exposure, including third-party vendors and risks related to systems, networks and data.
  • Conduct risk assessments and security assessments and authorizations (SA&A).
  • Ensure that mitigation actions are taken to reduce residual risk to an acceptable level.
  • Configure, optimize, and use security technologies (SIEM, XDR, IDS/IPS, VA scanner) to manage and mitigate risk exposure.

The Requirements

  • Bachelor’s degree in computer science, information security, or equivalent expertise.
  • CISSP (Certified Information Systems Security Professional) certification
  • 10 years of professional experience, with experience in leading technical teams.
  • Excellent leadership, communication, and interpersonal skills.
  • Ability to think strategically, analytically, and creatively.
  • Recent experience in conducting risk management activities related to the security assessment and authorization (SA&A) process, in accordance with the ITSG-33 risk management framework.
  • Recent experience in providing risk-based recommendations and responding to risk-related inquiries in the context of daily operations.
  • Proven track record of creating an overall “master plan” that includes identification and resolution of risks associated with corporate security
  • Experience gained in the context of the Government of Canada (GC), including direct employment within a GC department, agency, or Crown corporation, or roles in the private or consulting sector where services were provided directly to a GC organization. (important asset)
  • Recent experience in configuring, optimizing, and using security technologies (SIEM, XDR, IDS/IPS, VA scanner) to manage and mitigate risk exposure as well as specific technologies (e.g., Microsoft Sentinel, Microsoft Defender, Tenable Security Center).

Key Competencies

  • Knowledge of cloud environment security, particularly Azure.
  • Knowledge of network security best practices (e.g., CSE Top 10, SANS).
  • Knowledge of risk management and vulnerability management.
  • Knowledge of the following CSE publications: ITSG-33.
  • Knowledge of Federal Government and CCCS standards, policies, and guidelines.
  • Skills: Critical thinking, Judgment, Teamwork (collaboration and relationship management), Initiative, Communication (oral and written).

Employment Condition

  • Security level: Secret

Why join our innovative team?