Security Program Lead


Posting Date: June 24, 2022

Position Title: Security Program Lead

Department:  Privacy & Security, Risk Management Compliance and Procurement

Report to:  Senior Director, Security

Location: Toronto 


Infoway helps to improve the health of Canadians by working with partners to accelerate the development, adoption and effective use of digital health across Canada. Through our investments, we help deliver improved quality and access to care, and more efficient delivery of health services for patients and clinicians. Infoway is an independent, not-for-profit organization funded by the federal government.

Position Purpose

The Security Program Lead serves as a leader for the growth and continuous improvement of the Canada Health Infoway internal security program and outward-reaching program. The position will provide short and long-term planning, strategic alignment, leadership, subject matter expertise, project management, operational oversight, monitoring, and risk management to ensure success throughout all phases of projects related to engaging, integrating, and implementing and deploying Infoway’s Security programs.  The Security Program Lead has a combination of strong technical security skills and experience, as well as good communication and soft-skills.

Major Responsibilities

  • Responsible for working with external stakeholders, internal teams and solution vendors for the quality delivery of the security program
  • Manage the cybersecurity policy portfolio, including designing, developing, and maintaining external resources and knowledge artifacts
  • Draft and present briefing materials for working/advisory groups, senior leadership, committees, and the Board.
  • Providing input, analysis, strategic direction, policy and decision making on issues that impact Healthcare in Canada
  • Mentoring others on security and data protection
  • Defining and implementing Data Protection procedures for internal initiatives
  • Team oriented, the successful candidate will forge new and build on existing relationships with external stakeholders in Healthcare security, and support the development of new security programs
  • Provide leadership and drive the work programs of the planning committee(s)
  • Identify gaps in security coverage and make appropriate recommendations to fill the gaps. Assist in the deployment of security mitigations and enhancements
  • Design and execute the Vulnerability Management program
  • Provides ongoing monitoring of compliance to security standards, policies and procedures
  • Perform security reviews and audits in the various Infoway environments
  • Manage the daily operations, health and maintenance of Canada Health Infoway’s cybersecurity technology portfolio
  • Maintains a deep understanding of the cyber threat landscape and ensures cybersecurity technology is effectively configured to detect threats
  • Provide security technical leadership for the Security Incident Response Program when needed and provides backup to the Sr Director of Security
  • As applicable, evaluate, engage and liaise with Managed Security Service providers, on an ongoing basis
  • Oversee SIEM (Security Information and Event Management) tools, and Privileged Access Management
  • Provide expert level advice and consultation to all levels of internal and external stakeholders, including developers, privacy and security team, technical support and the business
  • Understand and evaluate business goals, strategies, requirements and initiatives and derive appropriate security requirements
  • Utilize evidence and analysis of data and research to support decision making and development of policy and work programs
  • Identify and establish appropriate security metrics that reflect information security program outcomes. Prepare system security reports by collecting, analyzing, and summarizing data and trends
  • Accountable for Cybersecurity awareness training, and delivery
  • Coordinate external Threat Risk Assessments and other key security assessment functions including overseeing required follow-up and remediation of security risks.


  • Undergraduate Degree in related field. MBA, or other related graduate level education, preferred.

Qualifications & Skills

  • 3 - 5 years in a security consulting or advisory role
  • Relevant industry certifications including CISSP (Certified Information Systems Security Professional);
  • Experience developing and leading Security Policy implementation training
  • Experience in developing, and implementation of security policy, and providing security training programs, including phishing simulation
  • Experience working with external stakeholders, including government
  • Solid understanding of security risk management and working within an Enterprise Risk Management and Compliance Framework, ability to understand security risks, threats, and vulnerabilities and the judgement to assess and articulate security risks effectively
  • Solid knowledge of security industry standards and best practices such as NIST (National Institute for Standards and Technology), ITIL, COBIT, and ISO 27001
  • Hands-on experience with vulnerability scanning, EDR and SIEM technologies preferred
  • Solid understanding of Linux and Windows operating system security
  • Experience implementing digital health solutions in Canada is beneficial
  • Excellent written and spoken communication skills
  • Ability to travel up to 10% of time (when public health conditions allow)
  • Bilingual French and English preferred

Our commitment

If you are interested in the position, please submit your resume.

We thank you for your interest in this opportunity at Infoway however, only those applicants who most closely meet the qualifications for this position will be contacted.

Infoway is committed to employing a diverse workforce and is proud to be an equal opportunity employer. Infoway provides reasonable accommodations to employees as well as candidates taking part in the recruitment process, upon request.

View other Infoway websites

View the site
View the site
View the site