Director of IT Operations and Cybersecurity

Alteo is looking for a Director of IT Operations and Cybersecurity for a permanent position based in Montreal.

Within a well established and fast growing company, you will play a key role leading the IT Operations and Cybersecurity. Reporting to the CFO, you will lead a small dedicated team responsible for maintaining the IT infrastructure, computer equipment, Help Desk support, and all data processing functions across multiple sites. You will also be instilling a security mindset implementing robust security measures and champion technology initiatives that empower the company continued growth and success.

Responsibilities

> Infrastructure & Operations

• IT Infrastructure: Oversee all aspects of corporate IT operations infrastructure, including networks, firewalls, servers, workstations, cloud environments, and telecommunications.
• Reliability: Ensure the high availability, performance, reliability and redundancy of all IT systems and services and Lead the proactive maintenance, patching, and updating of all corporate hardware, software, and systems.
• Help Desk: Manage the IT Help Desk, prioritizing employee experience and secure identity management.

> Cybersecurity Strategy & Governance:

• Cybersecurity roadmap: Build, iterate and deliver enterprise-wide cybersecurity roadmap aligned with industry best practices such as ISO 27001, the NIST Cybersecurity Framework, SOC 2 Type 2 and present the roadmap, together with key risk indicators and progress status, to management and the Cybersecurity committee of the Board of Directors.
• Data Protection: Protect data and information systems by defining and enforcing appropriate access privileges, implementing the appropriate controls, proactively identifying and resolving security issues, and carrying out regular security controls, risk assessments, and audits.
• Application Security: Ensure the security and integration of the existing applications and of all new applications and software.
• Resiliency Planning: Develop, implement, test and continuously adjust the incident response plan and business continuity/Disaster Recovery plan for all sites.
• Policies: Develop, implement, and regularly review enterprise-wide information management and cybersecurity policies, standards, and procedures.
• Regulatory compliance: Collaborate closely with specialists to ensure compliance with applicable Canadian and US legislative provisions on the protection of personal information (PHIPA, PIPEDA, HIPAA, CCPA/CPRA, etc.) and other relevant standards.

> Team Leadership, Vendor & Budget Management:

• Global Team Leadership: Manage, mentor, and evaluate a distributed IT team, fostering a culture of high performance and secure practices.
• Acquisition support: lead the IT due diligence of potential acquisitions and play a leading role in the integrations of the acquired companies, including promptly deploying enabling systems to foster collaboration with the acquired company
• Financial Stewardship: Prepare and manage the global IT budget, focusing on cost-effective investments and ROI.
• Vendor Relations: Manage contracts and SLAs with external vendors and advisors to ensure service consistency

> AI Governance:

• AI Governance & Data Integrity: Establish and enforce global policies for AI usage to ensure proprietary data is protected and that all AI deployments comply with medical regulatory standards (ISO/SOC2).
• Efficiency Benchmarking: Define and track KPIs to measure the impact of AI initiatives on the company’s bottom line, ensuring technology investments translate into reduced operational costs.

> Facility Management:

• Site Operations and Security: Serve as the primary point of contact for the landlord and third-party vendors, such as security, janitorial, and maintenance. This role ensures that all suite-specific systems, access controls, and alarms are fully operational while minimizing business disruptions.

Profile:

• Bachelor’s degree in IT or a related field.
• Certifications: CISSP is required. CISM, CISA, or ITIL certifications are significant assets
• 10+ years in IT operations with at least 3 years in a leadership role managing distributed teams.
• Technical Proficiency:
• Deep experience with Hybrid environments: Cloud (Azure/AWS) and On-Premise (Linux and Windows servers).
• Expertise in Microsoft Technologies (Active Directory, Azure AD, M365) and Google Suite administration.
• Strong understanding of network security, application security, data security, and identity and access management principles.
• Regulatory Knowledge:
• In-depth knowledge of SOC 2 Type 2, NIST Cybersecurity Framework, ISO 27001 and ISO 13485:2016, and knowledge of ISO 42001 and ISO 14971 compliance are an asset.
• Familiarity with Canadian and US cybersecurity and data privacy laws and regulations (e.g., PIPEDA, CCPA/CPRA, GDPR principles).
• Excellent communicator with natural leadership skills.
• Dedicated professional focussed on solutions and results.