Jobs.ca
Jobs.ca
Language
McGill University logo

Director of Information Security

Hybrid
Montréal, QC
CA$126,670 - CA$195,000/annual
Senior Level
full_time

Top Benefits

Health, dental, and life insurance
Pension plan with employer contribution up to 10%
Competitive vacation policy

About the role

Please refer to the

How to Apply for a Job (for External Candidates)

job aid for instructions on how to apply.

If you are an active McGill employee (ie: currently in an active contract or position at McGill University), do not apply through this Career Site. Login to your McGill Workday account and apply to this posting using the Find Jobs report (type Find Jobs in the search bar).

Position Summary: The Director of Information Security is responsible for the strategic leadership, development, and implementation of McGill University's information security program. This role oversees the protection of institutional data, ensures compliance with regulatory requirements, and manages risk across the University's digital infrastructure. They provide vision and direction for security architecture, governance, incident response, and awareness initiatives, while fostering a culture of security throughout the institution.

Duties and Responsibilities:

  • Develop and lead the University-wide information security strategy aligned with institutional goals and regulatory requirements. Hold quarterly or bi-annual security governance meetings with Deans, unit heads, and research leaders to align local practices with McGill’s security strategy.
  • Define departmental objectives and key performance indicators in collaboration with the CIO and IT leadership. Maintain and update an institutional risk register, with quarterly updates to executive leadership.
  • Establish and enforce information security policies, standards, and procedures. Lead recurring compliance audits (e.g., PCI, research data protection, privacy impact assessments).
  • Oversee the development and execution of information risk management and threat mitigation strategies. Conduct quarterly reviews of technical and administrative controls to ensure alignment with evolving threats and regulatory requirements.
  • Oversee the design and implementation of security architecture across applications, networks, and systems.
  • Review and disseminate threat intelligence updates regularly (e.g., monthly briefings) to IT leads across faculties. Oversee an ongoing vulnerability management cycle, including monthly/quarterly vulnerability scans, penetration tests, and patching reviews. Ensure results are tracked, prioritized, and remediated in collaboration with units.
  • Direct incident response planning and execution, including coordination with internal and external stakeholders. Run bi-annual incident response simulations with faculties/units to test preparedness and response coordination.
  • Partner with IT leadership and other units/departments to ensure secure deployment of technologies and services. Represent McGill in external security forums and maintain relationships with regulatory bodies and peer institutions.
  • Promote cybersecurity literacy across the University community through targeted training programs. Deliver annual or semi-annual awareness campaigns (e.g., phishing simulations, research data protection, cloud usage).
  • Manage the Information Security team, including hiring, performance management, coaching, and professional development.
  • Oversee budget planning and resource allocation for the Information Security unit.
  • Provide expert guidance to senior leadership on emerging threats, compliance issues, and strategic investments in security.

Minimum Education & Experience:

  • Education: Undergraduate Degree in Computer Science, Information Technology, Cybersecurity, or a related field.
  • Experience: Minimum of eight (8) years of progressive experience in IT Security, including five (5) years in a leadership role.

Other Qualifying Skills and/or Abilities:

  • Proven experience developing and implementing enterprise-wide security programs.
  • Strong leadership and team management skills, with the ability to influence cross-functional teams.
  • Deep understanding of security frameworks and standards (e.g., ISO 27001, NIST, PCI-DSS, Cobit).
  • Expertise in risk management, incident response, and compliance enforcement.
  • Familiarity with cloud security, virtualized environments, and modern infrastructure services.
  • Excellent communication, strategic planning, and stakeholder engagement skills.
  • Certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.
  • Bilingual: English (spoken and written), French (spoken and read).

As one of Montreal's Top Employers, here is what we offer:

  • Competitive benefits package (Health, Dental, Life Insurance) (if eligible)
  • Defined contribution pension plan (with employer contribution up to 10%) (if eligible)
  • Group Registered Retirement Savings Plan (RRSP) and Tax Free Savings Account (TFSA)
  • Competitive vacation policy
  • Two (2) personal days
  • Two (2) floating holidays
  • Nine (9) "Summer Fridays" - paid days off between the St-Jean Baptiste holiday and Labour Day
  • Paid time off over the December holiday period
  • Tuition waiver for regular employees and their dependents
  • Up to two (2) days of remote work per week where the position permits

Before applying, please note that to work at McGill University, you must be both authorized to work in Canada and willing to work in the province of Quebec at the campus where the position is based / located.

Knowledge of English: McGill University is an English-language university where day to day duties may require English communication both verbally and in writing. The level of English required for this position has been assessed at a level # 3 on a scale of 0-4*.*

For a definition of our language proficiency levels, please click

here

.

Minimum Education and Experience:

Bachelor's Degree 8 Years Related Experience /

Annual Salary:

(MPEX Grade 10) $126,670.00 - $158,340.00 - $195,000.00

Job Profile:

MPEX-IST4I - IT Security - Director or equivalent

Hours per Week:

33.75 (Full time)

Supervisor:

Director Infrastructure and Information Security

Position End Date (If applicable):

Deadline to Apply:

McGill University hires on the basis of merit and is strongly committed to equity and diversity within its community. We welcome applications from racialized persons/visible minorities, women, Indigenous persons, persons with disabilities, ethnic minorities, and persons of minority sexual orientations and gender identities, as well as from all qualified candidates with the skills and knowledge to productively engage with diverse communities. McGill implements an employment equity program and encourages members of designated groups to self-identify. Persons with disabilities who anticipate needing accommodations for any part of the application process may contact, in confidence,

accessibilityrequest.hr@mcgill.ca

.

About McGill University

Higher Education
10,000+

McGill University is one of Canada's best-known institutions of higher learning and one of the leading universities in the world. With students coming to McGill from some 150 countries, our student body is the most internationally diverse of any research-intensive university in the country. McGill was founded in 1821 thanks to a generous bequest by James McGill, and since then, we've grown from a small college to a bustling university with three campuses, 11 faculties, some 300 programs of study, and more than 37,500 students. The University also partners with four affiliated teaching hospitals to graduate over 1,000 health care professionals each year.

The goal of McGill University's social media platforms is to strengthen our community, which includes students, faculty, and alumni. The aim is to provide information on events, campus news and promote networking.

McGill University fosters freedom of expression, while valuing respect and collegiality. We encourage respectful dialogue and reserve the right to remove the following: Comments deemed offensive, vulgar or profane; comments off-topic and/or unrelated to posted content; content that infringes on an individual's privacy or copyright.