Manager Corporate Security

Medavie is a national health solutions partner that integrates benefits management, health management and health care delivery. Together, with our team of more than 7,700 professionals, we are committed to improving the wellbeing of Canadians.
As a not-for-profit organization, Medavie oversees Medavie Blue Cross, a premier all-in-one benefits carrier and public health program administrator, and Medavie Health Services, a national primary health care solutions organization and the largest contracted provider of emergency management services in Canada.
We are one of Canada's Most Admired Corporate Cultures, one of Canada’s Top 100 Employers and an Imagine Canada Caring Company.
We don’t have shareholders. Instead, we proudly invest in communities to help address some of Canada’s most pressing health care challenges.
Job Title:
Manager Corporate Security
Department:
Finance and Treasurer
Competition:
86850
Internal/External:
Both
Employment Type:
Full Time Permanent
Location:Remote in Ontario or Atlantic Canada
Salary:Competitive Compensation Package
Reports To:Director
    
The Role
As the Manager of Corporate Security, you will help lead and oversee our organization's efforts to protect sensitive information, systems, and networks from cyber threats. This critical role requires a strategic mindset, technical expertise, and the ability to navigate evolving cybersecurity landscapes.
Responsibilities
-Strategic Planning: Develop and implement a comprehensive cybersecurity strategy aligned with business goals, addressing emerging threats and vulnerabilities. Help to establish a Corporate Security Vision and Road map and spearheading IT security related initiatives in accordance with the vision  
-Team Leadership: Manage and lead a team of cybersecurity professionals, fostering a culture of collaboration, innovation, and continuous learning. 
-Compliance: Defining and maintaining Corporate Security policies and standards in cooperation with the Director of Corporate Security and other stakeholders. Ensure compliance with relevant cybersecurity regulations, standards, and industry best practices. Coordinating IT related efforts required for internal and external audits and follow-up mitigation of identified risks.
-Risk Management: Identify and assess cybersecurity risks, implementing measures to mitigate risks and enhance overall security posture. Coordinate the activities related to Threat Risk Assessments. Provide guidance on safeguards, providing advice on potential impacts of new and existing threats, and advise on the residual risk of a program or service.
-Incident Response: Develop and execute incident response plans, ensuring swift and effective responses to cyber incidents, and conduct post-incident reviews for continuous improvement.
-Security Architecture: Oversee the design and implementation of security architectures, ensuring the integration of robust security measures into systems and networks.
-Vendor Management: Collaborate with third-party vendors to assess and enhance the cybersecurity posture of external services and products. Work with the Director of Corporate Security to assess the security posture of potential business partners and review and recommend approval of all contracts for external providers of IT services and systems
-Training and Awareness: Conduct cybersecurity awareness programs and training for employees to promote a security-conscious culture.
 
Requirements
-Bachelor’s in Cybersecurity or Computer Science.
-Certification such as CISSP, CISM or similar.
-7-10 years experience in security, as well as experience leading a team of security professionals.
-Proven experience in cybersecurity management, with a strong understanding of current threats and countermeasures.
-Detailed knowledge of a broad range of standards and frameworks — for example, NIST CSF, International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Payment Card Industry - Data Security Standard (PCI DSS), Bill-198, Personal Information Protection and Electronics Documents Act (PIPEDA).
-Expert knowledge necessary to propose relevant responses to changing business risks and regulatory changes.
-Expert knowledge and use of user and entity behavior analytics
-Expert experience with social engineering, penetration testing, vulnerability risk assessments, cloud computing.
-Expert experience with endpoint protection technologies and techniques, web application firewalls and intrusion prevention, and encryption methodologies, and cyber security techniques.
-Experience with identity and access management solutions.
-Expert knowledge of access control methodologies.
-Experience with onboarding security requirements for new projects.
-Self-motivated, possessing a high sense of urgency and personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment, confidentiality, and maturity.
-Strong problem-solving and trouble-shooting skills with an ability to react quickly, decisively, and deliberately in high-stress, high-impact situations.
-Good judgment with demonstrated commitment to high standards of ethics and values, regulatory compliance, customer service and business integrity.
-Outstanding organizational and leadership skills.
-High degree of instinctive and creative initiative, commitment, dependability, and ability to work with little supervision.
-Solid multi-tasking skills with the ability to manage and balance large volumes of work.
-Excellent written and verbal communication skills — including the ability to concisely communicate security and risk-related concepts to technical and nontechnical audiences, including C-suite to ensure they have the information they need to make informed decisions.
-Willingness to take full ownership and skillfully manage competing priorities, anticipate issues, and proactively drive resolution. 
-Ability to establish and maintain harmonious working relationships with co-workers, staff, and external contacts in all geo locations, and to work effectively in a professional team environment.
We are an Equal Opportunity Employer. 
 
Medavie strives to foster a culture where everyone is enabled to achieve their full potential - a culture of diversity, equity and inclusion (DEI) where we live our values every day in the way we treat each other, our members and the communities we serve. Accessibility is a top priority.
 
For applicants with disabilities, we provide accommodations throughout the recruitment, selection and/or assessment process. If selected to participate in the recruitment, selection and/or assessment process, please inform Medavie Human Resources staff of the nature of any accommodation(s) that you may require in respect of any materials or processes used to ensure your equal participation. All personal information is collected under the authority of the Municipal Freedom of Information and Protection of Privacy Act.
 
We would like to thank all candidates for expressing interest. Please note only those selected for interviews will be contacted.