Manager IT Security Atlantic Canada
Manager IT Security Atlantic Canada
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The Manager IT Security will identify manage and report on the companys compliance as well as regulatory legislative and contractual requirements for IT systems and products. Responsibilities will include developing and managing all aspects of IT security including strategy monitoring and reporting on IT security performance and tracking performance vs. KPIs to the business. The Manager IT Security will monitor coordinate and implement policies standards procedures controls and guidelines to support IT security compliance and audit requirements. This role will also perform and support reviews assessments and audits.
What we offer (and why youll love it here!:
- Growth Opportunities: Committed to fostering a culture of growth where every team member is encouraged to pursue new skills expand their knowledge and advance their careers.
- Vibrant Culture: Over 1500 team members across Canada and year over year we manage to maintain an overall above industry engagement score by using a monthly pulse survey.
- Our People Say It Best: Compensation: Competitive salary incentive program and comprehensive benefits package.
- What & Where:Atlantic Canada Based (Full Time Permanent)
- Closing Date: April 16th 2025
Why BioScript Solutions
At BioScript were not just a companywere a fastgrowing company always putting patients first. Recognized as one of Canadas Best Managed Companies we believe in pushing boundaries setting trends and creating meaningful experiences that captivate and inspire. Our vibrant team is made up of innovative minds who are passionate about driving success and making an impact. Ready to be a part of this exhilarating journey
Your Mission
Strategy and Planning
- Developing & maintaining an information security strategy aligned with organizational objectives.
- Establishing IT security governance structures and processes to ensure decisionmaking aligns with organizational goals.
- Creating and enforcing information security policies and standards.
- Improve existing compliance programs and processes related to secure IT assets.
- Develop review and modify information security and privacy policies.
- Monitor advancements in information privacy regulations to ensure organizational adaptation and compliance.
- Determine whether a security incident violates a privacy principle or in partnership with the legal team assess if the legal standard has been reached requiring legal action.
- Work with Senior Leadership Team as part of the Information Security Group and business managers to align the IT security organization with business unit security and compliance needs.
- Develop and institute security and compliance goals and objectives.
- Select and deploy appropriate best practices governance frameworks such as NISTCSF ISO 27001 or COBIT.
Acquisition & Deployment
- Assess applicable IT purchases to ensure they support security and compliance mandates.
- Implement Privacy and Security by Design toolset to support the businesss application of IT security best practices.
- Review proposed projects to identify potential security related risks.
Risks Compliance and Audit Assessments
- Design and execute audit procedures to assess and measure company compliance with IT security policies and procedures.
- Identify and deploy standard risk assessment models or frameworks.
- Track and measure the enterprises risk posture.
- Conduct internal security risk assessments and security compliance audits.
- Establish IT security audit procedures relevant to the applicable standard framework or guidelines such as NIST CSF and ISO 27001 etc.
- Understand and operate within privacy frameworks such as PIPEDA and PHIPA and to a lesser extent HIPAA and GDPR
- Support and coordinates thirdparty audits penetration tests Privacy Impact Assessments and Threat Risk Assessments.
- Create and communicate strategies for risk mitigation including forecasting and tracking costs of risk management initiatives.
- Implement controls and monitoring mechanisms to reduce the likelihood of risk events and their impact on the organization.
- Participating in Architecture Review Board (ARB) and the Change Advisory Board (CAB) to ensure proper oversight and decisionmaking.
Communication
- Develop materials and tools to effectively communicate IT security compliance and IT security corporate requirements.
- Develop and deliver IT security risk awareness training for key staff and stakeholders.
- Collect analyze and prepare reports for senior management regulators and other relevant stakeholders.
- Document investigate and report cybersecurity compliance issues and incidents where necessary.
- Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
- Understand develop and deliver meaningful reports on the program state and adherence to frameworks and standards.
- Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders including business security legal IT and customers.
- Liaise with relevant parties to commission activities relating to contingency planning business continuity management and IT disaster recovery.
Operational Management
- Oversee daytoday security monitoring not carried out by IT Operations.
- Consult and collaborate with the Director of IT Operations to ensure IT security operations align with IT Security strategy.
- Develop monitor and report on the IT security performance KPIs to the business.
- Consulting and acting as an escalation point for security incidents.
- Liaise between internal and external audit teams.
- Schedule and launch periodic audit reviews.
- Plan and oversee IT security risk mitigation and remediation projects.
- Lead the development and maintain the Major Incident Response plan for Cybersecurity related events.
- Plan and lead tabletop exercises to test cyber event readiness.
What You Bring to the Table
Education
- University degree in Computer Science Engineering or comparable; diploma in related field; or comparable experience.
- CISSP CISA CISM Security or other relevant securityrelated designation(s).
Experience & Skills
- Minimum of 10 years of IT experience.
- Significant knowledge of and experience with IT privacy and security standards such as ISO 27001 NIST CSF COBIT etc.
- Experience with IT governance risk and compliance management.
- Deep knowledge of business management practices and principles.
- Proven experience in auditing legislative and regulatory compliance.
- Experience with IT security best practices and regulations pertaining to the healthcare industry.
- Experience in the technical management of technology software and hardware platforms.
- Knowledge of computer networking concepts and protocols and network security methodologies.
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of risk management processes.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Proven leadership and management skills.
- Highest levels of personal and professional integrity.
- Superior analytical and problemsolving abilities.
- Ability to effectively prioritize and execute tasks in a highpressure environment.
- Proven experience in interfacing with executive teams business management and external firms.
- Excellent written oral and interpersonal communication skills.
- Ability to research existing and emerging security and compliance issues as required.
- Ability to present ideas in both businessfriendly and ITfriendly language.
- Highly selfmotivated and directed.
- Keen attention to detail.
- Teamoriented and skilled in working within a collaborative environment.
Compensation: At BioScript your base pay is one part of your total compensation package and is determined within a range. Our pay ranges are based on the local cost of labor benchmarks for each specific role level and geographic location.
Were proud to be an equal opportunity employer.As a peoplecentric organization were committed to fostering awelcomingculture free of discrimination andtoproviding ahealthy andsafework environmentwhereall team memberscanthrive as our commitment to diversity inclusion belonging and equity we strive to provide an accessible workplace where individuals feel valued respected and supported every day.
We encourage and accept all applications however only candidates selected for interviews will be contacted. Accommodations can be made available on request for candidates taking part in all aspects of the selection process. For inquiries please email the talent acquisition team at
Ready to make your mark If youre passionate about transforming ideas into extraordinary results and excited to join a forwardthinking team we want to hear from you!
#INDA
Take a look firsthand at what we do here! Experience:
Manager
Employment Type
Full-Time
