Are you passionate about helping people live their healthiest lives? Do you thrive in a dynamic, supportive environment where your contributions truly matter? If so, Medcan is the place for you!

About Us:

Founded in 1987, Medcan is a leader in transformational proactive and primary care dedicated to helping patients and team members live well, for life. We offer a comprehensive range of services including preventative health assessments, wellness programs, and specialized medical care.

Our core values of excellence, drive, respect and integrity guide everything we do. We’re committed to creating a workplace where everyone can thrive, and we’re proud to support over 1,500 businesses across Canada with our health and wellness solutions.

Medcan is seeking a seasoned and visionary Security Lead to spearhead our enterprise-wide information security program. This role is critical to ensuring the confidentiality, integrity, and availability of Medcan’s digital assets, infrastructure, and applications. The successful candidate will lead strategic initiatives, maintain key security certifications, and drive continuous improvement in our cybersecurity posture.

Key Responsibilities

Security Program Leadership

• Elevate Medcan’s security program by refining existing controls, introducing innovative practices, and advancing a dynamic security roadmap tailored to evolving threats and business needs.
• Lead the development and implementation of Medcan’s information security vision and strategy, aligned with organizational priorities and business objectives.
• Champion a culture of security across the organization, ensuring senior stakeholder buy-in and executive mandate.

Compliance & Certification Management

• Maintain Medcan’s PCI DSS and Canada CyberSecure certifications, ensuring ongoing compliance through audits, documentation, and remediation.
• Lead the initiative to achieve ISO/IEC 27001 certification, including gap analysis, policy development, and implementation of controls.
• Ensure all security controls are compliant with Medcan’s internal security policies and external regulatory requirements.

Risk, Threat & Vulnerability Management

• Oversee threat and vulnerability management activities, including risk identification, assessment, and remediation planning.
• Collaborate with cross-functional teams to ensure consistent application of security policies across infrastructure, applications, and services.

Infrastructure & Application Security

• Partner with infrastructure and development teams to embed security into the design and deployment of systems, networks, and applications.
• Ensure secure architecture and configuration of cloud and on-premises environments.
• Drive secure software development practices and DevSecOps integration.

Metrics, Reporting & Governance

• Develop and manage a metrics and reporting framework to measure the effectiveness of the security and data governance programs.
• Provide regular updates to executive leadership and the board on the status of the security program and enterprise risk posture.
• Facilitate appropriate resource allocation to improve security maturity across the organization.

Security Awareness & Training

• Design and manage a targeted information security awareness program for employees, contractors, and system users.
• Establish and track metrics to evaluate the effectiveness of training across different audiences.

Vendor & Stakeholder Engagement

• Collaborate with vendor management and procurement teams to ensure security requirements are embedded in third-party contracts.
• Engage with internal committees and external partners to align security practices with privacy, compliance, risk management, and business continuity standards.

Policy & Framework Alignment

• Document, update, and align organizational security policies and processes with the NIST Cybersecurity Framework and other relevant standards.
• Ensure consistent policy application across all technology projects and services.

Qualifications & Experience

• Proven experience leading enterprise security programs in complex environments.

• Deep understanding of security frameworks (NIST, ISO 27001, PCI DSS, etc.).

• Strong knowledge of infrastructure and application security, including cloud and hybrid environments.

• Excellent communication and leadership skills, with the ability to influence at all levels of the organization.

• Experience managing audits, certifications, and compliance programs.

  This is a full-time, hybrid position working 40 hours per week and 2 days in office. Our downtown Toronto office is conveniently located at 150 York St., which is nearby St. Andrew station or a 10-minute walk from Union Station!

Ready to Apply?

If you’re ready to make a difference and be part of a company that truly cares about its people, we’d love to hear from you! Apply today and let’s inspire wellness together.

Diversity, Equity and Accessibility:

Medcan is dedicated to employment equity, diversity and inclusion. We strive to ensure all staff have a fair opportunity to participate and success at work. If contacted for an employment opportunity, please advise your Talent Acquisition Specialist if you require accommodation.