Chief Information Security Officer (CISO)

About The Position

Requirements

• 10+ years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
• Demonstrated experience operating in a regulated healthcare environment.
• Clear ability to engage in practical counsel rooted in relevant business terms, situational risk, supported by data and in language for technical and non-technical audiences.
• Strong understanding of healthcare technologies, privacy obligations, and patient safety considerations.
• Strong technical background and experience working in environments supporting Microsoft and Amazon PaaS and IaaS multi cloud models and the Microsoft ecosystem of cybersecurity and compliance solutions across the IT landscape.
• Familiar with working environments supporting Workday HCM and Finance, Service Now ITSM, Point Click Care and AlayaCare EMR as well as the Okta Identity lifecycle and governed solutions.

Nice To Haves

• Executive experience as a CISO, Deputy CISO, or equivalent senior leadership role.
• Professional certifications such as CISSP, CISM, CRISC, or equivalent.
• Experience supporting healthcare accreditation, or regulatory examinations.
• Familiar with emerging AI capabilities, relevant AI business risk, risk mitigation concepts and experience with AI models including Microsoft and Anthropic.
• Experience in health sector is beneficial

Responsibilities

• Establish and maintain a comprehensive, enterprise‑wide IT Security and risk management program covering people, processes, and technology.
• Provide guidance to internal leadership stakeholders regarding risks, controls, incidents, and emerging threats, including regular reporting and briefings.
• Define and maintain information security policies, standards, and governance aligned with healthcare best practices and regulatory expectations.
• Establish and report on security key risk metrics (KRM) suitable for consumption by technical and nontechnical stakeholders
• Lead cybersecurity risk assessments, threat modeling, and control effectiveness reviews across clinical, operational, and IT corporate systems.
• Ensure compliance with healthcare and privacy regulations (e.g., PHIPA, PIPEDA,) and alignment to NIST, SOC 2 and Zero Trust frameworks.
• Partner with IT Audit and IT leadership to ensure internal IT Audit controls (ICFR/ITGC) are operating effectively
• Establish and oversee a third‑party risk management (TPRM) program to assess vendors, cloud providers, and partners for security, privacy, and resiliency risks.
• Oversee the organization’s security operations, including detection, response, recovery, and continuous improvement.
• Act as executive sponsor for the Cybersecurity Incident Response Program, ensuring readiness, testing, and effective execution during cyber incidents.
• Collaborate across the organizational to embed modern security‑by‑design into infrastructure, applications, cloud services, and medical technologies.
• Define and provide oversight for the security program including identity and access management, data protection, endpoint security, infrastructure security, email security, people protection and third‑party integrations.
• Build, lead, and mentor a high‑performing cybersecurity culture within IT.
• Promote a strong security and privacy‑aware culture across the organization through education, awareness, and leadership engagement.
• Ensure appropriate skills, tools, and training are in place to support evolving threats and business needs.
• Other duties as required

Benefits

• Continuous mentorship, support for life-long learning and growth opportunities
• Opportunities for advancement and career growth within the organization
• A rewarding and meaningful work experience where you can enrich your life and the lives of others through your work.
• Employee Family Assistance Program.
• Robust benefits package.