Overview At Canada Health Infoway (Infoway) we believe a more connected and collaborative system is a healthier system, and we work with governments, health care organizations, clinicians, and patients to make health care more digital. We’re working to ensure that everyone is able to access their personal health information, book appointments, get prescriptions, view lab test results and access other health services, online. We are working with our partners to transform the health system because we know that digital health can be as transformative as digital has been in other aspects of our lives. We are an independent, not-for-profit organization funded by the federal government.

Continuing to improve Canadian health care necessitates work in interoperability — connected systems are healthier systems. Connected care means a healthier Canada, and Infoway is committed to advancing interoperability. Harnessing data sharing will result in “connected care” and a modern health system for all Canadians. In support of the provinces and territories, Infoway is facilitating a national collaborative effort to advance interoperability using a collaborative development process.

Together with our jurisdictional, clinical, patient and industry partners we are committed to improving the health of Canadians by accelerating the development, adoption and effective use of innovative digital health solutions.

Why Join Us?

• Be part of a high-profile, ambitious, and exciting pan-Canadian initiative that improves the health of populations and unlocks value for the health system
• Work with a dynamic, multi-functional team of professionals dedicated and passionate about modernizing the health care system
• Demonstrate your strong organizational, technical leadership skills in a fast-paced, innovative, and supportive environment
• We take care of our employees

Position Purpose The Sr. Manager, Enterprise Security Operations plays a vital role in safeguarding the organization’s information assets, infrastructure, and personnel. This position is responsible for overseeing the day-to-day operations of the Enterprise Security Operations unit, encompassing such areas as Security incident response, Threat Intelligences, Access Management, Network Security, Vulnerability Management, as well as Physical and Personnel Security. The manager ensures the company’s security posture aligns with regulatory requirements and best practices, fostering a culture of vigilance and continuous improvement.

Major Responsibilities

• Lead, mentor, and manage the Security Operations Centre (SOC) vendor & team, including analysts and incident responders.
• Monitor security alerts, conduct threat analysis, and respond to security incidents in a timely and effective manner.
• Oversee vulnerability assessments, penetration testing, and remediation activities.
• Coordinate with IT, legal, compliance, and other departments to ensure integrated security operations.
• Prepare and present regular reports on security posture, incident trends, and risk mitigation strategies to senior leadership.
• Manage security tools and technologies, ensuring optimal configuration and performance.
• Stay current with emerging threats, technologies, and regulatory changes, and adapt security strategies accordingly.
• Lead investigations of security breaches and coordinate root cause analysis and corrective actions.
• Supports training and awareness programs for staff to promote security best practices.
• Manage vendor relationships and evaluate third-party security solutions.
• Provides ongoing monitoring of compliance to security standards, policies and procedures
• Perform security reviews and audits in the various Infoway environments
• Monitors and reviews cloud account configurations to ensure best practices and separation of duties
• Oversee SIEM (Security Information and Event Management) tools, and Privileged Access Management
• Identify gaps in security coverage and make appropriate recommendations to fill the gaps.
• Assist in the deployment of security mitigations and enhancements
• Provide expert level advice and consultation to all levels of internal stakeholders, including developers, privacy and security team, technical support and the business
• Partner with designates from the technology teams to ensure new IT systems are designed, configured and implemented in a secure manner
• Identify appropriate security metrics.
• Document security configurations, procedures, changes, use and test cases
• Assist the development teams in automating security testing and compliance monitoring in support of a continuous delivery model

Qualifications

• Bachelor’s degree in Computer Science , Information Security, or a related field (advanced degree or certifications such as CISSP, CISM, or equivalent preferred).
• 5+ years of progressive experience in information security operations, with at least 2 years in a leadership or managerial role.
• Experience with Cloud-based security and management tools (Cloud Service Provider (CSP) native tools and third-party tools)
• Hands-on experience working with cloud infrastructures such as AWS, Azure, and other CSP including IaaS, PaaS, and SaaS
• Proven expertise in incident response, threat intelligence, vulnerability management, and security monitoring.
• Strong understanding of Canadian privacy laws, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, PCI DSS).
• Experience implementing Zero-trust and devSecOps would be beneficial
• Solid understanding of security risk management and working within an Enterprise Risk Management and Compliance Framework, ability to understand security risks, threats, and vulnerabilities and the judgement to assess and articulate security risks effectively
• Experience working with business and external stakeholders
• Cloud development experience would be considered beneficial
• Solid knowledge of security industry standards and best practices such as CSA (Cloud Security Alliance), CIS (Center for Internet Security), DISA (The Defense Information Systems Agency) STIGS (Security Technical Implementation Guides), FedRAMP, ITIL, COBIT, ISO 27001 and NIST (National Institute for Standards and Technology)
• Experience implementing digital health solutions in Canada is beneficial
• Demonstrated leadership and team-building abilities.
• Excellent written communication skills

Infoway is committed to employing a diverse workforce and is proud to be an equal opportunity employer. Infoway provides reasonable accommodation for employees as well as candidates taking part in the recruitment process, upon request. We thank you for your interest in this opportunity at Infoway however, only those applicants who most closely meet the qualifications for this position will be contacted.