Chief Information Security Officer

The Alberta Securities Commission (ASC) is the industry-funded regulator responsible for administering the province's securities laws. It is entrusted with fostering a fair and efficient capital market in Alberta and with protecting investors. As a member of the Canadian Securities Administrators (CSA), the ASC works to improve, coordinate, and harmonize the regulation of Canada's capital markets.

The Information Technology (IT) division is responsible for the operational and strategic management of technology services that enable the ASC to fulfill its mandate. The division ensures the ASC has the appropriate resources necessary to ensure the consistent, reliable, and secure delivery of services, and understanding and anticipating the organization’s unique technology requirements.

Reporting to the Chief Information Officer (CIO), this position will oversee a multi-disciplinary team responsible for cybersecurity, infrastructure, and IT operations, including the service desk. The role will lead the design, delivery, and management of a secure, resilient, and high-performing technology environment, providing strategic direction across cybersecurity, infrastructure architecture, and operational services. It will ensure the protection of ASC’s information assets, the integrity of its digital ecosystem, and the ongoing operational resilience of the organization.

• Developing and executing a multi-year security, infrastructure, and operations strategy aligned with ASC’s strategic plan and business objectives, while proactively identifying opportunities for innovation, improvement, and growth.
• Serving as the primary advisor to the CIO and senior leadership on cyber risk, operational resilience, and enterprise security governance.
• Building and sustaining a culture of security awareness, accountability, and shared responsibility across the organization.
• Leading the organization through change, including the implementation of process improvements and further adoption of security best practices
• Designing and leading organization-wide cybersecurity and awareness programs that promote engagement, adoption, and lasting behavioural change.
• Leading, mentoring, and building high-performing security, infrastructure, and operations teams committed to collaboration, innovation, and service excellence.
• Developing and directing ASC’s enterprise cybersecurity roadmap and program, encompassing risk management, threat detection, incident response, and recovery.
• Leading the development and overseeing the annual testing/updating of a cyber incident response and disaster recovery plan.
• Overseeing the Security Operations Center (SOC), including intrusion detection and prevention, vulnerability management, and endpoint protection systems.
• Managing vendor and third-party risk across the procurement and contract lifecycle, embedding security into business and technology processes.
• Ensuring compliance with relevant legislation (e.g., POPA, ATIA) and adherence to industry best practices.
• Owning and evolving the enterprise architecture blueprint for infrastructure and security, embedding secure-by-design principles across technology projects and vendor solutions.
• Defining and maintaining enterprise architecture principles that drive automation, standardization, and cloud-first capabilities, while evaluating emerging technologies for strategic fit and risk implications.
• Directing and optimizing infrastructure operations across the network, servers, storage, cloud platforms, and IT service management (ITSM) to ensure high availability and operational resilience.
• Leading the modernization and migration of legacy infrastructure to secure cloud or hybrid environments.
• Developing and implementing service desk strategies that are SLA-driven, cost-effective, and measured through defined KPIs.
• Advancing, tracking and measuring applicable security metrics to ensure ongoing effectiveness.

• A university degree in Computer Science, Information Systems, Engineering, or a related field.
• A master’s degree, or equivalent, is an asset.
• Relevant professional certifications such as CISSP, CISM, CRISC, CCSP, or equivalent, are strongly preferred.
• 10+ years of progressive experience in information security, infrastructure, risk management, or IT operations, with at least 5 years in a leadership role in a complex organization.
• Proven experience maturing an organization’s security posture using leading frameworks (NIST CSF, ISO 27001, CIS 18, etc.)
• Deep knowledge in cybersecurity architecture, infrastructure operations, and risk management.
• Demonstrated expertise in cyber risk management, incident response, threat intelligence, security architecture, and compliance frameworks
• Proven track record developing and executing enterprise-wide cybersecurity and risk management strategies aligned with organizational goals.
• Experience with DevSecOps, perimeter, and identity-based security.
• Experience reporting to executive committees and boards on cyber risk and security posture.
• Familiarity with POPA and ATIA concerns related to Alberta public service organizations is an asset
• Demonstrated leadership of a team of diverse professionals and administrative staff, with a track record of attracting, developing, and retaining top talent.
• Excellent strategic, analytical, and problem-solving skills in balancing security maturity with business enablement.
• Exceptional communication and presentation skills to translate technical risk into business language.
• Skilled negotiator and collaborator with the ability to build and maintain relationships with executive stakeholders, vendors, and external partners.

Click the Apply For This Job Online button to submit your resume, cover letter and salary expectations by November 26, 2025. This position will work out of the ASC office located in Calgary, Alberta. You will be contacted if you are selected for an interview. More information about working at the ASC including our comprehensive Total Rewards package can be found on our website at www.asc.ca.

We offer a hybrid work environment and flexibility, a competitive total rewards package consisting of 100 per cent employer-paid benefits, comprehensive health and dental, employee life insurance, short-term and long-term disability; retirement benefits; travel insurance; paid vacation time, flex and sick days; an employee family assistance program; transportation allowance, generous flexible spending account and professional development through subsidized courses, conference, workshops, seminars and in-house training. We also encourage fun and giving back to the community with initiatives offered through our ASC Social Club and annual United Way Campaign. 

The ASC is an equal opportunity employer and encourages applications from all qualified individuals. We celebrate diversity and are committed to providing an inclusive work environment where every employee feels valued and respected.