hero

Find your next opportunity

Director of Information Security and Compliance

Bold Commerce

Bold Commerce

IT, Legal
Toronto, ON, Canada
Posted on Jul 24, 2024

Who is Bold Commerce?

Bold Commerce powers personalized checkout experiences for leading omnichannel retailers and direct-to-consumer brands.

As a leader in the composable commerce space, Bold makes checkout better, boosting profitability by enabling personalized, customer-specific checkout flows designed to increase the Checkout Power Trio of conversion, AOV, and LTV - not just conversion. Built with a composable & headless architecture, Bold Checkout fits with any commerce stack, making it easy to overcome platform limitations. Leading omnichannel retailers like Harry Rosen, and Staples Canada trust their business with Bold Checkout.

Named one of Built In Austin’s Best Places to Work, Canada’s Top Employers for Young People, and Manitoba’s Top Employers, we're a dynamic team that truly cares about building the future of ecommerce. We live by the BUILDERS Code, a shared set of practices, beliefs, and values that help shape this remote-first company.

Founded in 2012, with team members (Builders) located throughout Canada and the U.S., and backed by investors like OMERS Ventures, WhiteCap Venture Partners, and Round13 Capital, Bold is leading the way to a better, composable ecommerce future.

About the role

Bold is seeking a highly experienced and motivated Director of Information Security and Compliance to oversee the Information Security team. This critical role involves ensuring the development and implementation of the overall information security strategy, maintaining compliance, managing risk, fostering a security-first mindset, and overseeing privacy practices within the organization.

What you’ll do

  • Guide senior leadership through risk assessments, metrics tracking, and strategic oversight.
  • Develop and implement a risk-based strategy aligned with business objectives, overseeing new tooling and budget.
  • Lead security awareness programs, monthly infosec training, and act as the external subject matter expert.
  • Design, run, and review monthly KPI reports, oversee company-wide risk management, and ensure SOC2, PCI compliance, and ISO27001 implementation.
  • Conduct departmental compliance through training, audits, and third-party assessments, supporting financial audits as needed.
  • Manage privacy practices, including data protection and redaction processes, and ensure compliance with relevant regulations in collaboration with the Head of Technology
  • Serve as the security incident response escalation point, manage new security tool implementation, and provide triage for queries.
  • Lead the security team by building trusted relationships, providing feedback, supporting career development, and managing team resources.
  • Regularly communicate goals, conduct performance evaluations, identify top performers, and drive improvement.
  • Collaborate on recruitment, onboarding, and manage HR-related issues.

What we’re looking for

  • 10+ years in information security, leadership preferred, with a background in computer science, engineering management, or equivalent education.
  • Professional designations (CISSP, CISA, CISM) are highly desirable.
  • Strong grasp of people leadership, process improvements, and data-driven security execution.
  • Expertise in Linux, MacOS, Windows OS, and cloud operations, with experience in PHP, Python, and scripting languages.
  • Demonstrated ability in high-impact decision-making, effective communication, problem-solving, and providing constructive feedback.
  • Experience managing hiring, promotions, terminations, and career development.
  • Familiarity with SIEM, SCA, DLP, WAF, InfosecIQ, SOC2, PCI audits, incident response, and change management processes.