Director, Security

About The Position

Requirements

• Undergraduate degree in a related field required.
• 5+ years in a security leadership, consulting, or advisory role with demonstrated strategic influence.
• Experience presenting to executives, Boards, and senior government stakeholders.
• Experience developing and implementing security policies, governance frameworks, and training programs.
• Experience responding to security and/or privacy incidents and leading incident response teams.
• Experience collaborating with government and external partners.
• Strong understanding of security risk management, threat modeling, and enterprise risk governance.
• Knowledge of industry standards such as NIST, ITIL, COBIT, ISO 27001.
• Familiarity with privacy and security standards (OAuth2, OIDC, SAML).
• Hands‑on experience with vulnerability scanning, EDR, and SIEM technologies.
• Solid understanding of Linux and Windows security.
• Excellent written and verbal communication skills, including executive‑level communication.
• Ability to travel up to 10% of the time.

Nice To Haves

• MBA or other relevant graduate‑level education preferred.
• Experience with digital health solutions in Canada is an asset.
• Bilingual French/English preferred.

Responsibilities

• Develop and maintain Infoway’s multi‑year cybersecurity strategy, ensuring alignment with organizational goals, national priorities, and evolving threat landscapes.
• Serve as the primary security advisor to senior leadership and the Board, preparing and presenting strategic briefings, risk updates, and program performance metrics.
• Establish and oversee cybersecurity governance frameworks, policies, and decision‑making structures across the organization and Connected Care initiatives.
• Lead enterprise‑wide security planning, prioritization, and investment recommendations.
• Champion a culture of security, risk awareness, and accountability across all levels of the organization.
• Act as a national thought leader on cybersecurity in digital health, representing Infoway in pan‑Canadian forums, conferences, and strategic discussions.
• Lead the pan‑Canadian security forum, fostering collaboration among provincial/territorial jurisdictions, health system partners, and industry stakeholders.
• Produce thought leadership materials including white papers, blogs, guidance documents, and training content.
• Identify emerging trends, technologies, and standards, advising on their strategic implications for Canada’s digital health ecosystem.
• Provide expert security guidance to programs and projects to enable secure interoperability and patient access to health data.
• Lead threat and risk assessments for Connected Care initiatives, ensuring risks are clearly articulated and mitigation strategies are aligned with organizational risk appetite.
• Define and maintain security requirements, security architecture, implementation guidance, and operational procedures for secure participation in the pan‑Canadian trusted healthcare ecosystem.
• Support procurement processes, including vendor security assessments and review of security terms and conditions.
• Oversee enterprise security operations, ensuring effective monitoring, incident response, vulnerability management, and compliance with security standards.
• Provide governance oversight of Managed Security Service Providers (MSSPs) and internal IT teams to ensure consistent execution of security controls.
• Maintain a deep understanding of the cyber threat landscape and ensure Infoway’s defenses evolve accordingly.
• Lead the enterprise Incident Response Program, including executive‑level communication and post‑incident reporting.
• Establish and track meaningful security metrics and KPIs that demonstrate program maturity and outcomes.
• Ensure ongoing security assessments, audits, and remediation activities are completed and reported to leadership.

Benefits

• Infoway is committed to employing a diverse workforce and is proud to be an equal opportunity employer.
• Infoway is committed to advancing Reconciliation and renewing relationships with Indigenous Peoples, based on recognition of rights, respect, cooperation and partnership.
• Infoway provides reasonable accommodations to employees as well as candidates taking part in the recruitment process, upon request.