Senior Manager, Cybersecurity

Senior Manager, Cybersecurity & Information Security In this role, you will serve as the Senior Manager, Cybersecurity & Information Security, an individual‑contributor‑oriented program leader who partners closely with the SVP, Technology. You’ll lead the cybersecurity program (strategy through execution), collaborate deeply across IT operations, infrastructure, product development, software/dev teams, data analytics and clinic‑IT operations, and also support the privacy program (in collaboration with Legal/Compliance). You’ll remain hands‑on with technical controls, incident response and vendor/third‑party security operations, while also aligning with broader business and regulatory risk imperatives. This role reports to the SVP, Technology, and is a core partner to them in defining and delivering our security and privacy goals. Duties/Responsibilities Develop, own and execute the cybersecurity/information‑security program strategy — aligned with business objectives, risk appetite and regulatory/privacy landscape. Identify, assess and prioritize cybersecurity and privacy risks (technical, process, third‑party/supply‑chain, analytics, clinic IT) and drive mitigation/remediation plans. Perform or oversee vulnerability assessments, penetration testing, threat‑hunting, monitoring (SIEM/EDR), incident detection & response, forensics as required. Work closely with IT operations/infrastructure to ensure secure configuration, patching, network segmentation, identity & access management (IAM), endpoint protection, cloud security controls, logging/monitoring, business continuity/disaster recovery. Collaborate with product, software development and data analytics teams to embed security and privacy controls: code reviews, secure APIs, data protection/encryption, access controls, analytics platform security. Partner with clinic IT operations (medical systems, EHR/EMR, medical devices, remote/clinic networks) to ensure cybersecurity controls in a clinical/health‑care environment: endpoint protection, identity management, network security, data protection, regulatory compliance with patient‑data implications. Support the privacy program in collaboration with Legal/Compliance: implement data‑privacy policies & procedures, perform privacy impact assessments (PIAs)/data protection impact assessments (DPIAs), manage data‑subject rights, cross‑border data flows, privacy‑by‑design integration in technology/business processes. Establish, maintain and train on incident response and crisis‑communications plans (including those involving privacy incidents); lead incident response when needed; drive post‑incident review/lessons learned. Develop and maintain security and privacy policies, standards and procedures (e.g., aligned with frameworks such as NIST CSF, ISO 27001/2) and foster a culture of security & privacy awareness across the organization. Provide regular reporting to senior leadership (including the SVP, Technology) on security/privacy metrics, risk posture, incident status, vendor/third‑party security performance and program maturity. Stay current on cybersecurity threats, vendor/supply‑chain risk trends, privacy/regulatory changes and emerging technologies; propose improvements, tools or architectural enhancements. Mentor and guide junior security analysts/engineers or vendor teams (especially if role grows) and contribute to building our security/privacy capability and maturity. Required Skills/Abilities Demonstrated experience implementing security controls, managing risk, incident response and working across infrastructure, application and data domains. Technical proficiency with security tools/technologies: firewalls, IDS/IPS, endpoint detection & response (EDR), SIEM, vulnerability scanning/penetration testing, cloud security (AWS/Azure/GCP), IAM, encryption/data protection, network segmentation, secure SDLC practices. Strong understanding of regulatory/compliance requirements applicable to healthcare/clinical settings (patient data protection, medical device networks, clinic IT environment) and privacy regulations (e.g., PIPEDA, GDPR, CCPA) in a Canadian/Global context. Strategic mindset: ability to engage senior leadership, articulate cybersecurity, privacy and vendor/third‑party risk in business terms; influence across functional teams; treat security & privacy as enablers not blockers. Excellent communication skills (technical and non‑technical audiences), ability to operate in a collaborative, fast‑paced environment and influence without direct authority. Self‑starter mindset: comfortable being an individual contributor, leading by example, working hands‑on and strategic concurrently. Education and Experience Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Assurance or related field (Master’s preferred but not required). Approximately 5‑8+ years of experience in cybersecurity/information security — including hands‑on technical work. Certifications such as CISSP, CISM, CEH (or equivalent) are strongly preferred. Privacy‑certifications (CIPM, CIPP) are a plus. Experience in healthcare or a regulated environment, product/SaaS development, data/analytics‑driven business and clinic/health‑IT operations strongly preferred. Seniority level Mid‑Senior level Employment type Full‑time Job function Engineering and Information Technology Industries Hospitals and Health Care #J-18808-Ljbffr