Sr. Mgr, Information Security & Business Applications

Canada's Children's Hospital Foundations•Toronto, ON

2d•CA$105,000 - CA$123,000•Hybrid

About The Position

The mission of Canada’s Children’s Hospital Foundations (CCHF) is to fund the most urgent needs in children’s healthcare by uniting hospitals, donors, and partners across Canada. Established in 2017, CCHF is a non-profit organization that raises funds for a national network of children’s hospital foundations. As the largest single, non-government funder of child health in Canada, CCHF continues to receive generous support through donors within Children’s Miracle Network® as well as contributions from additional companies and partners. CCHF is looking to fill a vacancy on our team. When you join CCHF, you become part of a collaborative culture rooted in our values: compassion, ambition, partnership, and integrity. These values guide how we work with our Member Foundations, help shape our national partnerships and fundraising campaigns, and, of course, enable how we work as a team. Your success will be guided by our Leadership Competencies of Values People & Culture, Strategic, Accountable for Results, Promotes Learning & Development, Fosters Collaboration & Diversity, Leads Change and Exemplifies Integrity & Respect. At CCHF we are more than fundraisers. We are champions for the next generation—standing with families, donors, partners and communities to form a trusted alliance advancing children’s health and amplifying impact nationwide. Bold in vision. National in scale. Local at heart. Because the health of our children shapes the future of our country. And building that future starts here—with us. POSITION OVERVIEW Reporting to the Vice President, Finance, People & Operations the Senior Manager, Information Security and Business Applications is an important member of the CCHF team, The role is responsible for overseeing and coordinating security efforts across the organization, to safeguard the digital ecosystem of CCHF and its stakeholders, i.e. information, devices, users, etc. The Sr Manager Information Security and Business Applications possesses well-honed problem solving and decision-making skills, exhibiting agility, adaptability and effectively managing change. This role is a blend of strategy and tactics, influencing adoption, prioritizing results, and maintaining a strong customer service orientation. Your reputation precedes you, as you are known for raising the bar regarding information security, optimizing enabling tools, engagement, coaching, and execution. The incumbent will develop and implement comprehensive security strategies to protect the organization’s assets, customers, employees, and information. This is highly relational role requiring collaboration with various departments to ensure that security measures align with regulatory requirements and business goals. The incumbent is also responsible for Business Application Lifecycle Management activities oriented towards value creation, enabling, preserving and reporting to enable the business objectives by partnering with business functions. This incumbent manages the relationship with our primary Managed Service Provider (MSP) to ensure the stability of our cloud-first infrastructure, service level agreements are achieved as well as high user satisfaction service experience. As the primary point of contact, the incumbent will be responsible for gathering requirements from the departments and partnering with leadership to continuously evolve the application portfolio to enable the business objectives. This encompasses overseeing and optimizing the suite of applications that drive the business's core functions by ensuring that enterprise applications—which include ERP systems, CRM platform, and other specialized software—are effectively integrated and functioning smoothly to support business operations. This position entails a combination of office and work from home environments, with employees transitioning to working 2-3 days per week at our Toronto office. Occasional travel to fundraising activities and events, meetings, conferences, and training opportunities within Canada and USA will be required. Evening & weekend work may be required. The expected salary for this position is: $105,000 - $123,000 Note: based on factors such as education, experience, skills As a CCHF Employee, you will: Act as a positive contributor to the CCHF vision, mission, values, and culture Work collaboratively with CCHF staff, Member Foundations, Children’s Miracle Network Hospitals (CMNH), partners, suppliers, and other stakeholders to gain buy-in in an environment of competing priorities Act as a skilled problem solver that thrives in a fast-paced environment and manage multiple priorities and quickly respond to the needs of partners and/or stakeholders in well-thought out and workable solutions

Requirements

Completion of bachelor’s degree in Information Security, Computer Science, or a related field
CISSP and/or CISM certification is required
5-8 years’ experience with oversight responsibility of cyber security management.
Minimum 3 years’ experience in governance/management leadership position, encompassing planning, design, implementation, and successful administration of security program.
3 years’ vendor management experience required.
Expertise in file life cycle management
Experience with data management platform MS Purview required
Expertise working with CRM (Salesforce preferred)
Experience in physical security and cybersecurity (systems and data)
Strong understanding of security standards, regulations and best practices
Experience developing governance policies, procedures and standards
Knowledge of IT governance frameworks (e.g.OC2, ISO 27001, NIST, HIPAA, PCI DSS, and/or COBIT)
Proficiency in Microsoft Office applications
Leadership experience in planning, design implementation and administration
Highly analytical and structured approach with focus on understanding the driver for results
Advanced planning and coordination skills to meet time sensitive/deadline-oriented deliverables
Ability to manage multiple priorities in a dynamic environment.

Nice To Haves

PMP and/or ITSM Certification is an asset

Responsibilities

Provide innovative, insights-based recommendations to advance the priorities of the business objectives
Serve as a role model for Values and Leadership Competencies
Provide support and advice to the Vice President, Finance, People & Operations (VP FPO) on areas of organizational development, resource allocation, risk assessment and management.
Foster a culture of security awareness throughout the organization.
Manage and maintain best-in-class internal controls and procedures to safeguard the assets of CCHF and ensure the integrity of organization data and reporting.
Provide regular reports to the executive team on security, status, risks, and initiatives.
Participate in cross functional teams to support high quality services to Member Foundations and other stakeholders.
Provide information and support to Member Foundations related to areas of accountability.
Develop plans to educate all levels of the organization on security, privacy, policy, processes, guidelines, controls and ensure adherence to enhance operational excellence.
Design, develop, implement and maintain continuous improvement frameworks to enhance operations.
Develop relevant metrics, measures and share information across the organization for continuous improvement of operations
Assist with the preparation of department budget.
Strategic planning: Collaborate with VP FPO in developing and implementing the organization’s overall security strategy.
Establish security goals, objectives, and key performance indicators (KPIs).
Conduct regular risk assessments and update security protocols accordingly.
Information security: Oversee the protection of the organization’s digital assets, including data, networks, and systems.
Implement and maintain current cybersecurity measures and protocols to mitigate data breaches and cyberattacks.
Physical security: Manage the physical security of the organization’s facility(ies) and assets.
Develop and enforce policies for access control, surveillance, and incident response.
Coordinate technology security measures for organization events and travel.
Vendor and Third-Party security: Evaluate and manage security risks associated with third-party vendors and partners.
Develop and enforces security requirements and compliance for third-party contractors.
Conduct regular security assessments of third-party services and products.
Work closely with cyber insurance providers to establish and maintain sufficient coverage for the organization.
Data Privacy and Protection: Work closely with the VP, FPO to proactively ensure compliance with data privacy laws and regulations, such as the Personal Information Protection and Electronic Documents Act (PIPEDA). Prepare the organization for impending changes and/or best practices.
Develop and implement policies for secure data handling, storage, and sharing.
Work closely with VP, FPO to conduct regular privacy impact assessments IPIA’s) and audits.
Regulatory Compliance: Stay informed about changes in security and regulations and industry standards. Prepare the organization for impending changes and/or best practices.
Ensure the organization’s security practices are in compliance with all relevant laws and regulations.
Prepare for and manage security audits and assessments.
Business Continuity and Disaster Recovery: Develop and maintain business continuity and disaster recovery plans in the context of evolving contingencies.
Conduct regular tests and drills to ensure preparedness.
Coordinate recovery efforts in the event of a security incident or disaster.
Incident Response and Management: In collaboration with VP, FPO, develop and maintain an incident response plan.
Work closely with the Senior Leadership Team (SLT) on the response to security incidents and breaches, including investigation and mitigation.
Support SLT in coordination with law enforcement and regulatory bodies, as necessary.
Establish and maintain governance encompassing resource management, nurturing and system administration such as data security, user access, change tracking, review, audit, deployment control, and rollback.
Advise and support function leads who administer applications, to optimize and leverage their respective business applications.
Translate business requirements into technical solutions, demonstrating a deep understanding of business processes.
Deliver assigned projects, applying project management principles and skills.
Resolve user inquiries, applying analytical and problem-solving skills.
Partner with function leads to evaluate, select, and implement systems and procedures that support the business goals.
Ensure adherence to policies and procedures with all new and existing business application
MSP Oversight: Manage the Managed Service Provider (MSP) contract, ensuring they meet Service Level Agreements (SLAs) for helpdesk support and system uptime
User Satisfaction: Collaborate with MSP to optimize and orchestrate service experience culminating in high satisfaction score (80%).
Performance Reviews: Lead monthly and quarterly business reviews with vendors to address recurring issues.
Collaborate with function leaders to select digital technology suppliers and manage the process of sourcing and securing technology vendors, including handling of proposals, contracts, and performance reviews.
Escalation Point: Act as the internal point of contact for critical technical incidents that the vendor cannot resolve independently.
FinOps: Manage the "Cloud Spend," optimizing licenses for platforms like Microsoft 365 to prevent waste / technical debt
Manage and provide guidance and direction to the team to achieve targets and priorities, with a focus on shared values, collaboration, integrity and communication.
Coach, encourage, inspire, and motivate team members to meet their individual potential.
Ensure team members establish annual goals. Monitor and provide transparent performance feedback through the annual Performance Management processes and through regular informal meetings.
Recruit and retain top talent to increase capacity, performance and business results.
Identify opportunities for training, knowledge sharing, team learning and professional development.
Other projects and duties as assigned.