Security Lead

About The Position

Requirements

• Proven experience of 5-10 years, leading enterprise security programs in complex environments with the willingness to further develop their skills.
• Deep understanding of security frameworks (NIST, ISO 27001, PCI DSS, etc.).
• Strong knowledge of infrastructure and application security, including cloud and hybrid environments.
• Excellent communication and leadership skills, with the ability to influence at all levels of the organization.
• Experience managing audits, certifications, and compliance programs.

Responsibilities

• Elevate Medcan’s security program by refining existing controls, introducing innovative practices, and advancing a dynamic security roadmap tailored to evolving threats and business needs.
• Lead the development and implementation of Medcan’s information security vision and strategy, aligned with organizational priorities and business objectives.
• Champion a culture of security across the organization, ensuring senior stakeholder buy-in and executive mandate.
• Maintain Medcan’s PCI DSS and Canada CyberSecure certifications, ensuring ongoing compliance through audits, documentation, and remediation.
• Lead the initiative to achieve ISO/IEC 27001 certification, including gap analysis, policy development, and implementation of controls.
• Ensure all security controls are compliant with Medcan’s internal security policies and external regulatory requirements.
• Oversee threat and vulnerability management activities, including risk identification, assessment, and remediation planning.
• Collaborate with cross-functional teams to ensure consistent application of security policies across infrastructure, applications, and services.
• Partner with infrastructure and development teams to embed security into the design and deployment of systems, networks, and applications.
• Ensure secure architecture and configuration of cloud and on-premises environments.
• Drive secure software development practices and DevSecOps integration.
• Develop and manage a metrics and reporting framework to measure the effectiveness of the security and data governance programs.
• Provide regular updates to executive leadership and the board on the status of the security program and enterprise risk posture.
• Facilitate appropriate resource allocation to improve security maturity across the organization.
• Design and manage a targeted information security awareness program for employees, contractors, and system users.
• Establish and track metrics to evaluate the effectiveness of training across different audiences.
• Collaborate with vendor management and procurement teams to ensure security requirements are embedded in third-party contracts.
• Engage with internal committees and external partners to align security practices with privacy, compliance, risk management, and business continuity standards.
• Document, update, and align organizational security policies and processes with the NIST Cybersecurity Framework and other relevant standards.
• Ensure consistent policy application across all technology projects and services.

Benefits

• The above range pertains solely to the base compensation and is not inclusive of additional compensation details such as perks, benefits, and potential bonuses or incentives.