Director, Information Security & Compliance

Position Title: Director, Information Security & Compliance

Company: Bayshore Healthcare

Location: Mississauga

Reports to: CIO

The purpose of this role is to create organizational awareness about cyber security and privacy, ensure that Bayshore’s IT systems and data are secure by design and are adequately protected from cyber-attacks. It is also to ensure that procedures and processes are in place to guide action should an attack take place. The Director, Information Security & Compliance is responsible for the development and maintenance of appropriate IT security and information privacy standards, procedures, corporate and departmental policies and architectures. This position serves as the single point of contact to other departments, corporation, vendors and customers for all information security and privacy requests. The Director, Information Security & Compliance will put in place processes to ensure regulatory compliance (including but not limited to PCI) and privacy of confidential data, and measures to detect and prevent intrusion. This individual will work with peers on the IT Leadership Team and be accountable for creating a Cyber Security & Privacy Program for the organization. The ideal candidate will have proven experience in implementing and assessing processes and best practices around Cyber Security. The Director, Information Security & Compliance will be able to effectively define, implement, promote, educate, assess, report, and facilitate third party audits on Information Security and IT management best practices, both internally and at third party service providers. A keen sense of balance between business and security risks is essential.

DUTIES AND RESPONSIBILITIES

• Develop an Information Security and Privacy roadmap for the next 3 years to ensure Bayshore has a robust and comprehensive information security strategy.

• Implement a framework for information security risk governance and control that integrates a consistent methodology to identify, assess information security risks and ensures a process to address those risks.

• Identify the total Information Security needs and oversee the security posture across a large Enterprise by managing the full life cycle of Cybersecurity.

• Establish, implement, enforce and monitor information security standards enterprise-wide.

• Supports the CIO in educating the Executive Leadership Team and Board of Directors on current and evolving Cyber security technologies, best practices and threats.

• Provide support to the procurement and legal teams regarding information security and privacy with respect to agreements and contracts.

• Leads the ongoing security, privacy and threat risk assessments and security evaluations to verify operational compliance, identify and evaluate gaps and manage exceptions to policy.

• Track security related risks and correlating action plans to ensure issues are resolved.

• Responsible to work with third party teams and internal development groups to interpret and review results from penetration tests, vulnerability scans, and code reviews as required.

• Maintain organizations Security Risk Register for effective risk management and operational compliance functions.

• Proficient with security frameworks including ISO 27001 and NIST

• Provide governance oversight and assurance for continued compliance and ongoing certification for PCI DSS

• Ensure ongoing compliance of SOC 2, Type 2

• Provide support for compliance and audit activities liaising with internal staff and external auditors.

• Conduct Information Security gap assessments against internal and external standards.

• Develops and implements metrics and reporting process to ensure risks are effectively managed.

• Leads Information Security Incident & Breach Response along with key stakeholders in the event of a breach

• Provide leadership in the development of managed security services to ensure strong security posture of Bayshore about SIEM, Vulnerability Management, IAM, Endpoint Protection, etc.

• Responsible to ensure the appropriate technology, processes and governance are in place to monitor, detect, prevent, and react to security threats against Bayshore’s organization.

• Responsible for ensuring a culture of privacy and information security within Bayshore Healthcare through the implementation of a robust Security and Privacy awareness training program.

• Work closely with all business units to ensure projects reflect appropriate privacy, information security, and contract management considerations.

• Work with internal and external staff on new initiatives to set up and operate the appropriate security services to protect Bayshore’s assets and computing environment.

• Manage and assess external vendors who contribute to the overall security posture of Bayshore.

• Maintain current understanding security standards and regulations and ensure with the changing laws and applicable regulations.

• Liaise with project stakeholders on an ongoing basis.

• Set and continually manage project expectations with team members and other stakeholders

• Plan and schedule project timelines and milestones using appropriate tools

GOVERNANCE

• Manage the Security Portfolio

• Develop security policies and procedures with regular reviews and updates, minimum annually

• Monitor compliance with policies and standards

• Ensure all identified threats are fixed or the risk is mitigated.

TEAM LEADERSHIP

• Manage the Security organization, hiring, managing and staffing requirements in line with project objectives

• Oversee the delegation of work to Analysts and 3rd party partners.

• Set annual performance targets for individuals and the team and conduct performance reviews

• Provide ongoing motivation, coaching, guidance, feedback and mentoring support to the team.

• Manage the workload of team members on the program and help to remove obstacles to their success

• Manage third-party vendors and agreements

• Coordinate and conduct post-implementation reviews of projects with Analysts and our business stakeholders

BACKGROUND AND EDUCATION

• Graduate Degree in Computer Science, Security and/or Technology

• More than 10+ years of experience in IT Security roles

• Effectively communicate project expectations to team members and stakeholders in a timely and clear fashion

• Experience in Health Care is preferred.

SOFT-SKILLS

• Excellent communications are a must, within IT and across the business at all levels.

• Strong business acumen

• A long-term strategic perspective

• Ability to mentor, coach and effectively transfer expertise to others

• Ability to juggle multiple goals and deadlines

• Ability to work collaboratively with other organizational leaders.

• Ability to build a strong network and relationships at all levels, and departments.

• Strong leadership, negotiation, and conflict management skills

• Consistent flexibility, resilience, and resourcefulness

• Expert ability to impact and influence project outcomes

TECHNICAL-SKILLS

• Proficient with compliance standards including PIPEDA, PHIPA, PCI, etc.

• Superior knowledge of security technologies and processes including:

o Next Generation Firewalls

o Incoming and Outgoing email filtering

o Endpoint protection

o Security Incident and Event Management (SIEM)

o Privileged Access Management (PAM)

o Vendor Management

o Security Operations Centre (SOC)

o Penetration Testing

o Vulnerability Management

CERTIFICATIONS, LICENSES, REGISTRATIONS, SPECIAL SKILLS

• Certified Information System Security Professional (CISSP)

• Certified Information Security Manager (CISM)

ABOUT BAYSHORE

“ A proudly Canadian company, our mission to deliver passionate caring services to all Canadians”

BAYSHORE HEALTHCARE

Bayshore HealthCare (‘Bayshore’) is one of the country’s leading providers of home and community health care services and is a Canadian-owned private company. As a leading provider of home and community health Bayshore HealthCare has been a recipient of Canada’s Best Managed Companies award since 2006.

With over 100 locations across the country, including home care offices, pharmacies, and infusion clinics, Bayshore has more than 17,000 staff members and provides care to over 350,000 clients. They are dedicated to enhancing the quality of life, dignity, and independence of all Canadians, by providing customized care plans and solutions that allow clients to remain in the comfort of their own home. They deliver the unique Bayshore experience built on the principles of Compassion, Respect, Reliability, Patience, Professionalism and Ethics.

Corporate Mission, Vision & Values

Bayshore Mission: Passionate and Caring

Bayshore HealthCare is passionate and caring about everything it does. About the time with clients, how each other is treated and the quality of their work.

Bayshore Vision: Imagine Being the Difference

Each Bayshore employee has the ability to create special moments, both big and small. They constantly look for ways to make things better and be the difference in the lives of people being cared for or work with and communities serviced.

Bayshore Values: Compassion, Respect, and Dignity, Reliability, Teamwork, Diversity, Innovation, Leadership and Growth

Location: Mississauga

Bayshore Services

The Bayshore brand extends across four business divisions:

Bayshore Home Health (medical and non-medical home care and staffing services, therapy and rehab services and virtual health care navigation services)

Bayshore Home Care Solutions (home care services for government care programs)

Bayshore Integrated Care Services (partnering with governments and hospitals to implement bundled care models and provide home care services to patients transitioning from hospital to home)

Bayshore Specialty Rx (specialty pharmacy, infusion, and pharmaceutical patient support services)

CAREPath (healthcare navigation program, focus on oncology and chronic disease management