Director, Security at Inforoute Sante du Canada Inc – Toronto, Ontario
Explore Related Opportunities
About This Position
Overview
At Canada Health Infoway (Infoway), we believe a more connected health system is a healthier, more sustainable one. As Canada’s digital health agency, Infoway works in partnership with governments, Indigenous partners and communities, healthcare organizations, clinicians, industry, and patients to advance Connected Care and improve health outcomes and experiences for people across Canada. By strengthening health data exchange, advancing national standards, and supporting the responsible adoption of digital health innovations, we are helping ensure that the right information is available to the right people at the right time. This enables better care coordination, reduces administrative burden for clinicians, empowers patients with access to their health information, and supports a more modern, efficient, and patient-centred health system.
Infoway is an independent, not-for-profit organization funded by the Government of Canada and accountable to its Board of Directors and Members of the Corporation, Canada’s 14 federal, provincial and territorial deputy ministers of health. Working collaboratively across jurisdictions and with health system partners, Infoway acts as a national convener and catalyst to accelerate the adoption of shared standards, trusted digital infrastructure, and innovative solutions that strengthen care delivery and system performance across the country.
Infoway is on a learning journey guided by Indigenous voices and perspectives. We are committed to advancing reconciliation by respecting Indigenous data sovereignty, promoting culturally safe and inclusive approaches to digital health, and supporting the health and data priorities of First Nations, Inuit and Métis Peoples. This work is grounded in building respectful, distinction-based relationships with Indigenous partners, communities, organizations and Northern governments, whose guidance informs our approach to advancing digital health in ways that are meaningful, appropriate and responsive to community priorities.
Why Join Us?
- Be part of a national effort to advance Connected Care and help shape the future of healthcare in Canada while improving health outcomes for people across the country.
- Work alongside a dynamic and multidisciplinary team of experts who are passionate about digital health innovation and committed to strengthening Canada’s health system.
- Thrive in a fast paced, agile and collaborative environment where you will work on cutting edge digital health initiatives while continuously expanding your skills and expertise.
- Grow your career through meaningful learning opportunities, exposure to complex national initiatives and the chance to contribute to transformative work across Canada’s health system.
- Join an organization that values its people and supports employee wellbeing, growth and professional development.
Summary
We are seeking a Director Security to provide both hands-on expertise in enterprise security operations as well as strategic leadership in securing healthcare data exchange and interoperability leveraging International Standards such as HL7® FHIR® and other Interoperability and terminology standards.
In this role, working with the Security Architect and the broader Architecture, Delivery, and Conformance team, you will lead Security aspects of Connected Care initiatives, with the goal of securing healthcare data exchange and interoperability.
In addition, the Director Security is responsible for enterprise security, including short and long-term planning, strategic alignment, leadership, subject matter expertise, project management, operational oversight, monitoring, and risk management to ensure success throughout all phases of initiatives related to engaging, integrating, implementing and deploying Infoway’s Security plans.
The Director Security has a combination of strong technical security skills, a passion for remaining current in the Healthcare critical infrastructure sector, experience in working in security operations independently and with a Managed Service Provider.
Major Responsibilities
- Secure Connected Care
- Provides expert level security advice and consultation to all levels of internal and external stakeholders
- Acts as a security subject matter expert (SME) for programs and projects to appropriately manage security risk and enable interoperability
- Participates in security aspects of procurement: vendor assessment, scores RFPs, reviews security T&C with legal counsel
- Secure patient access to health data by analyzing, documenting threats and risks, consulting on mitigation options, review with internal and external stakeholders and reflect feedback in updated risk management documentation
- Solicit, propose and draft security requirements, implementation guidance and standard operating procedures and specifications for secure Individual (Patient) Access to participating pan-Canadian trusted healthcare ecosystem
- Leads the pan-Canadian security forum. Host, lead and participate in security related panel discussions, make connections/introductions with relevant stakeholders and PTJ security representatives
- Writes papers / blogs, lead training, identify speakers, identify and lead working groups, lead and host panel discussions, make connections/introductions
- Enterprise Security Operations
- Draft and present briefing materials for working/advisory groups, senior leadership, committees, and the Board
- Mentoring others on security and data protection
- Research software applications to determine if they are secure for use at Infoway
- Implements data classification and data protection procedures
- Provide leadership and drive the work programs of the planning committee(s)
- Identify gaps in security coverage and make appropriate recommendations to fill the gaps. Assist in the deployment of security mitigations and enhancements when needed
- Maintain the Vulnerability Management program
- Working with IT and MSS, provide ongoing monitoring of compliance to security standards, policies and procedures
- Plan for, procure and perform security reviews and audits
- Maintains currency and a deep understanding of the cyber threat landscape
- Provide security leadership for the Incident Response Program
- As applicable, evaluate, engage and liaise with Managed Security Service provider, on an ongoing basis
- Oversee SIEM (Security Information and Event Management) tools
- Identify and establish appropriate security metrics that reflect information security program outcomes.
- Accountable for Cybersecurity awareness training, and delivery
- Procure and coordinate external Threat Risk Assessments and other key security assessment functions including overseeing required follow-up and remediation of security risks.
Education
- Undergraduate Degree in related field. MBA, or other related graduate level education, preferred.
Qualifications
Experience
- 5+ years in a security leadership, consulting or advisory role
- Relevant industry certifications including CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
- Experience in developing, and implementation of security policy, and providing security training programs, including phishing simulation
- Experience working in collaboration with external stakeholders, including government
- Experience responding to security and/or privacy incidents, and working with an incident response team
Domain Expertise
- Solid understanding of security risk management and, ability to understand security risks, threats, and vulnerabilities and the judgement to assess and articulate security risks effectively
- Solid knowledge of security industry standards and best practices such as NIST (National Institute for Standards and Technology), ITIL, COBIT, and ISO 27001
- Knowledge of privacy and security standards (OAuth2, OIDC, SAML).
Technical Skills
- Hands-on experience with vulnerability scanning, Endpoint Detection and Response (EDR) and Security Information Event Management (SIEM) technologies
- Solid understanding of Linux and Windows operating system security
- Experience implementing digital health solutions in Canada is beneficial
- Excellent written and spoken communication skills
- Ability to travel up to 10% of time (when public health conditions allow)
- Bilingual French and English preferred
Infoway is committed to employing a diverse workforce and is proud to be an equal opportunity employer.
Infoway is committed to advancing Reconciliation and renewing relationships with Indigenous Peoples, based on recognition of rights, respect, cooperation and partnership.
Infoway provides reasonable accommodations to employees as well as candidates taking part in the recruitment process, upon request.
We thank you for your interest in this opportunity at Infoway however, only those applicants who most closely meet the qualifications for this position will be contacted.
Scan to Apply
Job Location
Job Location
This job is located in the Toronto, Ontario, M5H 1J9, Canada region.