Job Specifications
We are hiring a Data Security Manager (Information Security)
Reporting To
Senior Manager, GRC (Information Security)
Full-Time/Part- Time
Full-time
Posting Date
October 7, 2025
Closing Date
October 21, 2025
Hours Of Work
8:30 a.m. - 5:00 p.m.
Grade
Office Location:
16.4
Toronto, ON
Great location! Steps away from the main public transit station
What We Offer
Highly competitive compensation package which includes base salary,
bonus, benefits, and career advancement opportunities!
Eligibility for benefits is dependent on the terms of employment
The Opportunity
A strategic and integral member of the Information Technology organization, responsible for the Data Security Program of First National. This role, reporting to the Senior Manager, GRC (Information Security), is responsible for ensuring the confidentiality, integrity, and availability of the organization's data throughout its lifecycle (creation, storage, usage, transmission, archiving and destruction). The role will be responsible for the management and continuous improvement of the data security program taking into consideration, its strategy, policies, processes, controls, assessments, reporting, metrics, training, and awareness.
This Role Requires a Minimum, The Following Skills
Knowledge and experience in Information Security, data protection, and security management frameworks.
Knowledge and understanding of current data security, data classification, risk standards, best practices, particularly ISO 27001 and NIST CSF.
Experience in developing, implementing, and managing security and data protection strategies.
ability to influence relevant stakeholders within and external the Information Security department.
ability to communicate effectively.
How You Will Contribute
Develop, implement, manage, and continually improve the Data Security Strategy and Program at First National.
Educate and advise other teams within First National in the design and implementation of effective security controls to protect its data.
Build strong cross-organizational relationships and work effectively across within and across department boundaries.
Governance
Develop, formalize, institutionalize, and maintain data security policies and procedures related to the data security program.
Document, maintain, enforce and maintain currency of the data classification policy and standards.
Analyze the data flows across the enterprise and institutionalize the data security controls throughout the data lifecycle and evaluate conformance to data minimization.
Participate, support and/ or develop relevant and necessary impact assessments such as Privacy Impact Assessment, Transfer Impact Assessment, etc.
Support in the development of periodic reports and dashboards as necessary.
Review regulatory, legal, or compliance requirement regarding to data security.
Act as the liaison between the Privacy Office, IT, and Information Security Department to ensure that one of First National Financial's most valuable asset, its data, is secured.
Collaborate with the strategies related to Privacy and Protection of sensitive data.
Data Classification
Identify the current sources and repositories for the organization's data, for both structured and unstructured data, and map with the catalog of current controls.
Collaborate with the business units (Data Owners) and Privacy Office to review and classify the business data, and work with Data Custodians to ensure that adequate controls are implemented commensurate to the associated risk.
Review and monitor the data classification process.
Implement the necessary data security protections aligned with the data classification and security policies.
Identify, document and present data classification metrics to senior management.
Periodically review the data discovery process (interview questions, tools, reporting) to check for accuracy and currency.
Participate in training activities for data security and data classification best practices.
Controls Management
Implement a maintain an approach to effectively design and implement the data security program that considers the relevant technical and process-based controls.
Identify the set of technical controls involved in adequately securing the organization's sensitive data.
Monitor security controls and measures to protect sensitive data.
Create, implement, and review mechanisms and strategies to protect the confidentiality, integrity, and availability of data-at-rest, data-at-use, and data-at-transit.
Design Data Leakage Prevention controls, and ensure they are implemented, and perform periodic compliance checks.
Manage tools associated that assist with Data security which have been implemented within the organization.
The Experience You Need
Bachelor's degree in computer science/IT Management/MIS or the equivalent work. experience is required. Graduate degree preferred.
A minimum of 5 years of prior Information Security Management experience is required with audit or impl
About the Company
First National Financial LP is one of Canada's largest non-bank lenders, originating and servicing both residential and commercial mortgages. As the leading lender of CMHC and conventional mortgages, First National currently has more than $150 billion in mortgages under administration.
We apply ingenuity when developing financing solutions with clients and brokers, relying on our broad product lineup, expertise, network and spirit to take smart risks. We execute quickly and competitively, but we go beyond that traditional ...
Know more