Senior Manager, Infosec, IT & Compliance

Practice Better
CA$165,000 - CA$180,000Remote

About The Position

Practice Better is seeking a Senior Manager, Information Security, IT, and Compliance to join their team. This role is crucial for managing the company's responsibilities as a Business Associate to thousands of healthcare practitioners globally, operating within a complex regulatory environment including HIPAA, GDPR/UK GDPR, PIPEDA, Quebec Law 25, PHIPA, and emerging US state privacy laws. The position involves managing three key areas: Information Security, IT Operations, and Compliance. The successful candidate will drive the execution of the compliance program, support vendor BAA/DPA negotiations, implement multi-jurisdictional privacy frameworks, mature the security posture, and close regulatory gaps. Additionally, they will manage IT operations such as user provisioning/deprovisioning, device management, SaaS vendor rationalization, and identity & access management. This role requires close collaboration with Engineering, Product, Legal, and Customer Success to integrate privacy-by-design principles, enhance operational security, and stay ahead of compliance requirements during the company's growth. The ideal candidate possesses strong knowledge of healthcare compliance (HIPAA/HITECH), European data protection (GDPR), SaaS security frameworks (SOC 2, ISO 27001), and has hands-on experience managing IT operations in a remote-first, high-growth setting. They should be adept at maturing compliance and IT programs, translating regulatory requirements into practical workflows, and navigating privacy and security decisions with sound judgment, understanding that compliance is a business enabler that builds customer trust.

Requirements

  • 6+ years of relevant experience in information security, IT operations, privacy, and compliance roles, with at least 2+ years in healthcare SaaS or regulated industry
  • Deep expertise in HIPAA/HITECH compliance, including Business Associate obligations, breach notification requirements, and Covered Entity vs. Business Associate determination frameworks
  • Strong working knowledge of GDPR/UK GDPR and cross-border data transfer mechanisms
  • Proven ability to negotiate and finalize vendor BAAs and DPAs, with a strong understanding of must-have vs. nice-to-have contractual terms
  • Experience implementing security frameworks (SOC 2, ISO 27001, or equivalent) and managing third-party audits or certifications
  • Hands-on experience leading IT operations for remote-first organizations, including identity & access management, device provisioning, and SaaS vendor management
  • Prior experience building or scaling InfoSec, IT, and compliance functions from scratch in high-growth SaaS companies
  • Technical grounding in SaaS architecture, APIs, data flows, infrastructure (cloud environments like AWS), and identity providers (Google Workspace, Okta, Microsoft 365)
  • Exceptional communication skills - you can translate legal jargon into plain language for practitioners, write concise vendor negotiation emails, and present compliance strategies to executive leadership with clarity and confidence
  • Bias for action and pragmatic risk management - you know when to escalate to legal counsel and when to make judgment calls independently
  • Comfortable operating in a fast-moving, high-growth environment where priorities shift and ambiguity is the norm
  • Candidates must be legally entitled to work for any employer in Canada.
  • This particular role is currently open to Canadian-based candidates only.

Nice To Haves

  • Professional certifications (CIPP/US, CIPP/E, CIPM, CISSP, CISM, or equivalent)
  • Experience with Canadian provincial privacy laws (PIPEDA, Quebec Law 25, PHIPA) and emerging US state privacy frameworks
  • Hands-on experience with compliance automation tooling (Vanta, Drata, Secureframe, etc.) and IT service management platforms
  • Background in fraud prevention, identity verification workflows

Responsibilities

  • Manage multi-jurisdictional compliance execution - Support implementation of HIPAA/HITECH, GDPR/UK GDPR, PIPEDA, Quebec Law 25, PHIPA, and emerging privacy laws and coordinate with legal counsel on complex regulatory matters.
  • Drive vendor risk management and BAA/DPA lifecycle - Negotiate and finalize Business Associate Agreements and Data Processing Agreements with subprocessors, ensuring breach notification timelines meet calendar-day standards, data deletion commitments are defined, and subprocessor transparency obligations are satisfied.
  • Mature security posture and operational resilience - Partner with Engineering to implement security controls that support SOC 2 Type II and ISO 27001 readiness, lead incident response planning and breach notification workflows, and establish monitoring/alerting.
  • Embed privacy-by-design across product and engineering - Collaborate with Product and Engineering leadership to assess PHI exposure in new features, define data minimization strategies, and guide architecture decisions that reduce compliance risk.
  • Lead IT operations and service delivery - Own user onboarding / offboarding workflows, device provisioning and management, and IT service delivery for a remote-first team, partnering with HR on seamless employee lifecycle management.
  • Drive Identity & Access Management (IAM) strategy - Own identity provider configuration and access control policies, implementing least-privilege access principles, periodic access reviews, and role-based access control (RBAC) frameworks.
  • Manage endpoint security and device management - Define and enforce endpoint security standards (MDM, disk encryption, antivirus, patching). Establish laptop procurement standards and remote device management policies. Coordinate with Engineering on developer tooling and access requirements.
  • Own SaaS vendor rationalization and procurement hygiene - Conduct regular vendor intelligence audits to identify tool overlaps, license waste and procurement gaps. Partner with Finance on SaaS spend optimization.
  • Strengthen the InfoSec, IT & Compliance function - Develop and refine processes, tooling, and documentation to support organizational growth.
  • Manage and mentor the IT Operations team.
  • Partner with third-party compliance advisors to accelerate maturity.
  • Act as the bridge between Legal, Engineering, IT, and the business — Translate complex legal language into actionable engineering requirements. Partner with Customer Success on practitioner-facing compliance communications. Coordinate cross-functional responses to regulatory inquiries, audits, and customer due diligence requests.

Benefits

  • Comprehensive benefits package for full-time, permanent employees
  • Health, dental, and vision coverage from day 1
  • RRSP matching
  • Generous paid parental leave
  • Annual learning stipends
  • Unlimited vacation
  • Company RRSP program with employer-matched contributions
  • $750 annual Health & Wellness Allowance
  • $1,000 annual Learning & Development Allowance
  • $500 annual Home Office Allowance
  • Sprout Family: personalized support for family-building and fertility journeys
  • Inkblot: confidential, digital mental health support from licensed professionals
  • Company-wide holiday closure in December
  • Regular virtual company-wide events, lunches, and team socials
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service