Chief Information Security Office
Sunnybrook Health Sciences Centre
Toronto, ON, CA.
5d ago

We currently have a Regular Full-Time position for a Chief Information Security Officer (CISO) in the Information Services at our Bayview Campus.

Summary of Duties :

  • Lead development and execution of an effective and sustainable cyber security program and related controls across Sunnybrook.
  • Lead planning and implementation of Sunnybrook’s cybersecurity architecture and related requirements in context of Sunnybrook’s evolving risk posture and industry best practices and standards.
  • Lead and facilitate the overarching cybersecurity governance structure for the organization, including reporting of KPIs, events, risks, and mitigations to Sunnybrook’s Information Security Council and other governance tables as required.
  • Lead Sunnybrook’s incident response for all cybersecurity-related incidents.
  • Establish and implement monitoring framework for internal digital operations to ensure compliance to cybersecurity standards and policy, including leading internal audits of performance / compliance.
  • Establish effective reporting processes that support management discussion and leadership decision making about Information Security plans and objectives.
  • Lead procurement for cybersecurity-related purchases.
  • Liaise with Sunnybrook’s Technical Services leadership to build alignment between the security and enterprise architectures, and ensure that information security requirements are implicit in network architectures.
  • Cultivate effective relationships across Sunnybrook’s program and department leaders to facilitate Cybersecurity Program compliance.
  • Continuously monitor the external ecosystem for emerging risks and mitigating solutions.
  • Liaise with other healthcare organizations and external agencies, such as law enforcement and other advisory bodies, to ensure that the organization maintains a strong security posture and is kept abreast of the threats identified by these agencies.
  • Ensure that effective disaster recovery policies and standards are in place and maintained.
  • Develop, deploy, and maintain the cybersecurity response procedures for organizational response to cyber incidents.
  • Manage all aspect of human resources including hiring, promoting, disciplining and terminating staff within the cybersecurity team.
  • Manage the unit / department financial resources
  • Qualifications / Skills

  • At a minimum, completion of a Master’s Degree in Computer Science, Computer Engineering or recognized equivalent
  • At a minimum over 10 years and up to and including 15 years practical and related experience
  • 10+ years of progressive IT solutions, compliance, regulatory experience and roles of increasing responsibility with a minimum of 5 years in Senior Leadership roles
  • Practical experience and working knowledge of common information security and IT management frameworks (i.e., IEC 27001, ITIL, COBIT, NIST, including 800-53)
  • Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.
  • Deep understanding of cyber security and the relationship between threat, vulnerability and information value in the context of risk management.
  • Strong proficiency with common cyber security management frameworks, regulatory requirements and industry leading practices such as GDPR, PIPEDA, PHIPA.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
  • Mandatory Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA
  • Recognized Certifications

  • Microsoft Certified Technology Specialist (MCTS)
  • ITIL Practitioner Certificate (ITIL Practitioner)
  • ITIL Service Manager Certificate (ITIL Service Manager)
  • Working knowledge and practical experience of common information security and IT management frameworks, ISO.IEC 27001, ITIL, COBIT, NIST, including 800-53 and Cyber security Framework
  • Qualified candidates are invited to submit their cover letter and resume (in one document) quoting 201312 to :

    Human Resources

    Sunnybrook Health Sciences Centre

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form