Joint Chief Information Security Officer

Position Overview

We are seeking a highly experienced and strategic Joint Chief Information Security Officer (CISO) to oversee the cybersecurity programs for two separate hospital organizations, Sinai Health (including the Lunenfeld Tanenbaum Research Institute) and Michael Garron Hospital. For more information on Sinai Health and MGH, please visit our websites:

The Joint CISO will be responsible for developing and implementing comprehensive cybersecurity strategies, policies, and procedures to protect sensitive data and ensure compliance with industry best practices and healthcare regulations. The successful candidate will work collaboratively with the cyber operations teams at each organization to maintain robust security postures.  Additionally, the CISO will work closely with the provincial regional cybersecurity Toronto Local Delivery Group (LDG) to align strategy and tooling with other hospitals within the LDG, of which both hospitals are part of.

Key Responsibilities

-  Strategic Leadership:

o    Develop, execute and maintain a unified cybersecurity strategy, framework, and governance across all three hospital organizations.

o    Provide strategic direction, multi-year roadmap, and oversight for cybersecurity initiatives, ensuring alignment with organizational goals and regulatory requirements.

o    Serve as a primary contact, along with each hospital's cyber operation leadership, for cybersecurity matters including reporting to executive leadership andthe board of directors at each hospital.

-  Policy and Compliance:

o    Establish, maintain, enforce and align cybersecurity policies, standards, and procedures to safeguard sensitive data and ensure compliance with NIST, ISO, HITECH, and other relevantframeworks and industry standards.

o    Conduct regular risk assessments (including third-party/vendor risk management) and audits to identify vulnerabilities and ensure compliance with industry standards.

o    Develop a comprehensive dashboard for reporting risk for all three hospitals, taking into account any nuances that might be required at individual sites.

-  Collaboration and Coordination:

o    Work closely with the cyber and privacy operations teams and operations leadership at each hospitalorganization to ensure consistent implementation and maintenance of security measures. 

o    Ensure that cyber security approaches are balanced so as not to degrade key areas of the hospitals ability to deliver care to patients.

o    Foster a collaborative environment to share best practices, threat intelligence, and incident response strategies among the organizations.

o    Coordinate joint cybersecurity training and awareness programs for staff across all three organizations, consistent with the provincialcybersecurity LDG model.

o    Work closely with the CISO of the LDG to ensure broader alignment of practices with the direction of the province in matters related to cyber security.

-  Incident Response and Management:

o    Lead the development and execution ofincident response plans and playbooks to effectively manage and mitigate cybersecurity incidents.

o    Establish metrics for incident response readiness, remediation, and recovery that aligns with each organization's disaster recovery and business continuity requirements.

o    Oversee the investigation of security breaches and coordinate with legal, compliance, and communication teams to manage incident response and reporting.

o    Take an active leadership role in all incidents including their immediate response, incident reviews, reporting to regulators and insurers, and technical follow-ups

-  Technology and Innovation:

o    Stay current with emerging cybersecurity threats, technologies, and best practices.

o    Evaluate and recommend new security technologies and solutions to enhance the overall security posture of the organizations.

o    Ensure the integration of advanced security measures into the organizations' IT infrastructure and systems is executed in a manageable fashion that does not significantly interfere with clinical care.

-  Team & Resource Management

o    Lead the cybersecurity teams at each organization, including analysts, engineers, and specialists.

o    Develop staffing models, successionplanning, and vendor/partner relationships to ensure effective delivery of cybersecurity services.

o    Manage the security budget, ensuring efficient allocation of resources.

o    Participate in the interviewing and hiring of new employees.

Education

-  Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field (Master's degree preferred).

Experience

-  Minimum of 10 years of experience in cybersecurity, with at least 5 years in a senior leadership role.

-  Proven experience in managing cybersecurity for healthcare organizations.

-  In-depth knowledge of industry standards and frameworks such as PHIPA, HITECH, NIST CSF/RMF, ISO 27001, and CIS Controls.

-  Excellent leadership, communication, and interpersonal skills.

-  Experience managing and mentoring cybersecurity teams. 

-  Crisis management and incident response expertise.

-  Strategic thinker with ability to balance innovation, security, and operational priorities.

-  Ability to work collaboratively with diverse teams and stakeholders, both internal and external.

-  Relevant certifications such as CCISO, CISSP, CISM, or CISA are highly desirable

- All employees of Michael Garron Hospital (MGH),a division of Toronto East Health Network (TEHN) [formerly Toronto East General Hospital (TEGH)] agree to work within the legislated practices of the Occupational Health and Safety Act of Ontario.

- All employees of MGH are responsible to contribute toa transparent culture of patient and staff safety by adhering to and abiding by patient and staff safety policies and procedures set by MGH.

-  All employees are accountable for protecting the psychological health and safety of themselves and their co-workers through adherence to MGH's policies and practices.