Head of Privacy and Information Security
To see similar active jobs please follow this link: Remote System Administration jobs
Athennian increases trust in business. Our products help legal, finance, and tax teams be transaction and audit-ready by organizing business entity and corporate structure information. Over 370,000 business entities in almost every country are managed on Athennian to automate workflows for ownership, company secretarial, governance, tax, and compliance.
We are seeking a Head of Privacy and Information Security to join our Engineering Technology team in a full-time, permanent capacity. Reporting to the Engineering Manager, DevOps, and Infrastructure, the Head of Privacy and Information Security will play a key role in shaping a culture of privacy-first principles and data security, ensuring Athennian complies with evolving privacy regulations while strengthening its overall security posture through robust policies, technical controls, and educational initiatives.
Key Responsibilites:
RFP/RFI Management - Oversee the end-to-end process of responding to security-related RFPs, RFIs, and questionnaires. This includes analyzing requirements, collaborating with internal teams to create thorough responses, and ensuring timely, accurate submissions. Maintain detailed records and facilitate clear communication with clients, vendors, and internal stakeholders.
Privacy and Security Strategy & Oversight: Develop and implement an organization-wide privacy and information security strategy that aligns with regulatory requirements and best practices. As the Company’s Head of Privacy, serve as the primary point of contact for data privacy matters, ensuring compliance with privacy laws, overseeing data protection practices, and advising on privacy implications across all company operations and new initiatives.
Compliance and Data Protection Standards: Ensure compliance with industry regulations (e.g., GDPR, SOC2, ISO 27001) by establishing and maintaining robust data protection policies and information security standards. Assist with audits and evidence gathering related to SOC2 compliance and other privacy frameworks, providing oversight for security controls and data protection measures.
Data Governance and Risk Management: Conduct and document security and data privacy risk assessments, compliance reviews, and communicate risk mitigation strategies to senior leadership, engineering, and relevant stakeholders.
Security Infrastructure and Vulnerability Management: Monitor both on-prem and cloud infrastructure for vulnerabilities, assess risk factors, and implement solutions to improve security and data protection.
Privacy by Design: Partner with product and engineering teams to embed privacy and data protection principles in the product lifecycle, from initial design to deployment.
Security and Privacy Awareness: Lead employee security and privacy training initiatives focused on email threats, data handling, and best practices in protecting sensitive information.
Incident Response and Recovery: Manage incident response for security and data privacy breaches, conduct root cause analyses, and oversee remediation efforts.
Third-Party Vendor Management: Coordinate with third parties on security and privacy audits, assessments, and remediation efforts (e.g., penetration testing, bug bounty programs).
Policy Development and Access Management: Oversee development of information security and privacy policies, conduct regular access management reviews, and implement technical controls for data protection.
Privacy Impact Assessments (PIAs): Conduct and review PIAs to evaluate privacy risks associated with new projects, technologies, and data processing activities.
Security Metrics and Reporting: Gather, document, and report security and privacy metrics, analyzing trends to guide continuous improvement.
Qualifications:
Experience: 7+ years in information security, data protection, and privacy roles.
Technical Skills: Proficiency in cloud technologies (e.g., AWS) and experience securing hybrid environments (on-premises and cloud).
Security Solutions: Hands-on experience managing security solutions such as SIEM, EDR, firewalls, IPS/IDS, and encryption.
Privacy Frameworks: In-depth knowledge of data protection regulations and standards (GDPR, SOC2, ISO 27001, NIST 800-171).
Certifications: Industry-recognized certifications (CISSP, CIPP, CISA, Certified Ethical Hacker, CompTIA Security+) are preferred.
Incident Management: Proven experience in incident response, management, and root cause analysis.
Analytical Skills: Ability to conduct privacy and security risk assessments and analyze network traffic, system alerts, and data logs for trends.
Communication and Collaboration: Excellent ability to convey complex privacy and security concepts to technical and non-technical audiences.
Autonomy and Organization: Ability to work independently, prioritize tasks effectively, and manage multiple projects concurrently.
Location
We have embraced a distributed model of working to reach the best talent in Canada. While some roles may require proximity to our Toronto, Calgary and Vancouver offices, roles based outside our office locations can be remote in Canada.
Our Culture
We believe incredible teams can solve any problem and we strive to be an inclusive workplace where ideas thrive. We are first and foremost an organization of people who are passionate about learning, building, and sharing software to transform the legal industry. Our team members thrive when they’re passionate about what they do. We strive to create an engaging environment with challenging tasks, foster meaningful relationships with colleagues, and encourage each other to become the best we can be. Whether you want to customize your workspace, share your latest hobby with the team, or broaden your horizons with a specific project, we have a wealth of opportunities to keep you growing and learning. We’re here to help you become the best version of yourself, all while having fun and connecting with coworkers.
Diligent Builder: Ability to design and build scalable systems
Focused Creative: Strategic mind with a solution first attitude and uses data to navigate the next steps
Ambitious Learner: Eager to take on new challenges and present innovative solutions
Champion Mindset: We set ambitious goals and hustle to make them happen
Benefits at Athennian
We offer competitive benefits and perks because we believe that happy people produce great results. We are always adding to this list based on employee feedback: generous vacation/sick/flex days, remote work options, flexible working hours, health/dental/vision/group life/gRRSP/LTD/AD&D/EFAP benefits, high growth environment, team-building, day-to-day variety (never a dull moment), MacBook for all employees, stock options, and a culture of transparency.
About the job
Head of Privacy and Information Security
To see similar active jobs please follow this link: Remote System Administration jobs
Athennian increases trust in business. Our products help legal, finance, and tax teams be transaction and audit-ready by organizing business entity and corporate structure information. Over 370,000 business entities in almost every country are managed on Athennian to automate workflows for ownership, company secretarial, governance, tax, and compliance.
We are seeking a Head of Privacy and Information Security to join our Engineering Technology team in a full-time, permanent capacity. Reporting to the Engineering Manager, DevOps, and Infrastructure, the Head of Privacy and Information Security will play a key role in shaping a culture of privacy-first principles and data security, ensuring Athennian complies with evolving privacy regulations while strengthening its overall security posture through robust policies, technical controls, and educational initiatives.
Key Responsibilites:
RFP/RFI Management - Oversee the end-to-end process of responding to security-related RFPs, RFIs, and questionnaires. This includes analyzing requirements, collaborating with internal teams to create thorough responses, and ensuring timely, accurate submissions. Maintain detailed records and facilitate clear communication with clients, vendors, and internal stakeholders.
Privacy and Security Strategy & Oversight: Develop and implement an organization-wide privacy and information security strategy that aligns with regulatory requirements and best practices. As the Company’s Head of Privacy, serve as the primary point of contact for data privacy matters, ensuring compliance with privacy laws, overseeing data protection practices, and advising on privacy implications across all company operations and new initiatives.
Compliance and Data Protection Standards: Ensure compliance with industry regulations (e.g., GDPR, SOC2, ISO 27001) by establishing and maintaining robust data protection policies and information security standards. Assist with audits and evidence gathering related to SOC2 compliance and other privacy frameworks, providing oversight for security controls and data protection measures.
Data Governance and Risk Management: Conduct and document security and data privacy risk assessments, compliance reviews, and communicate risk mitigation strategies to senior leadership, engineering, and relevant stakeholders.
Security Infrastructure and Vulnerability Management: Monitor both on-prem and cloud infrastructure for vulnerabilities, assess risk factors, and implement solutions to improve security and data protection.
Privacy by Design: Partner with product and engineering teams to embed privacy and data protection principles in the product lifecycle, from initial design to deployment.
Security and Privacy Awareness: Lead employee security and privacy training initiatives focused on email threats, data handling, and best practices in protecting sensitive information.
Incident Response and Recovery: Manage incident response for security and data privacy breaches, conduct root cause analyses, and oversee remediation efforts.
Third-Party Vendor Management: Coordinate with third parties on security and privacy audits, assessments, and remediation efforts (e.g., penetration testing, bug bounty programs).
Policy Development and Access Management: Oversee development of information security and privacy policies, conduct regular access management reviews, and implement technical controls for data protection.
Privacy Impact Assessments (PIAs): Conduct and review PIAs to evaluate privacy risks associated with new projects, technologies, and data processing activities.
Security Metrics and Reporting: Gather, document, and report security and privacy metrics, analyzing trends to guide continuous improvement.
Qualifications:
Experience: 7+ years in information security, data protection, and privacy roles.
Technical Skills: Proficiency in cloud technologies (e.g., AWS) and experience securing hybrid environments (on-premises and cloud).
Security Solutions: Hands-on experience managing security solutions such as SIEM, EDR, firewalls, IPS/IDS, and encryption.
Privacy Frameworks: In-depth knowledge of data protection regulations and standards (GDPR, SOC2, ISO 27001, NIST 800-171).
Certifications: Industry-recognized certifications (CISSP, CIPP, CISA, Certified Ethical Hacker, CompTIA Security+) are preferred.
Incident Management: Proven experience in incident response, management, and root cause analysis.
Analytical Skills: Ability to conduct privacy and security risk assessments and analyze network traffic, system alerts, and data logs for trends.
Communication and Collaboration: Excellent ability to convey complex privacy and security concepts to technical and non-technical audiences.
Autonomy and Organization: Ability to work independently, prioritize tasks effectively, and manage multiple projects concurrently.
Location
We have embraced a distributed model of working to reach the best talent in Canada. While some roles may require proximity to our Toronto, Calgary and Vancouver offices, roles based outside our office locations can be remote in Canada.
Our Culture
We believe incredible teams can solve any problem and we strive to be an inclusive workplace where ideas thrive. We are first and foremost an organization of people who are passionate about learning, building, and sharing software to transform the legal industry. Our team members thrive when they’re passionate about what they do. We strive to create an engaging environment with challenging tasks, foster meaningful relationships with colleagues, and encourage each other to become the best we can be. Whether you want to customize your workspace, share your latest hobby with the team, or broaden your horizons with a specific project, we have a wealth of opportunities to keep you growing and learning. We’re here to help you become the best version of yourself, all while having fun and connecting with coworkers.
Diligent Builder: Ability to design and build scalable systems
Focused Creative: Strategic mind with a solution first attitude and uses data to navigate the next steps
Ambitious Learner: Eager to take on new challenges and present innovative solutions
Champion Mindset: We set ambitious goals and hustle to make them happen
Benefits at Athennian
We offer competitive benefits and perks because we believe that happy people produce great results. We are always adding to this list based on employee feedback: generous vacation/sick/flex days, remote work options, flexible working hours, health/dental/vision/group life/gRRSP/LTD/AD&D/EFAP benefits, high growth environment, team-building, day-to-day variety (never a dull moment), MacBook for all employees, stock options, and a culture of transparency.