Director of Information Security (Toronto, ON /Vancouver, BC)
Director of Information Security (Toronto, ON /Vancouver, BC)
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Founded in 2014 and with a total funding currently at $220 million; League is a platform technology company powering next-generation healthcare consumer experiences. Payers providers consumer health partners and employers build on Leagues platform to deliver high-engagement personalized healthcare experiences consumers love. Millions of people use solutions powered by League to access navigate and pay for care.
The Role:
The Director of Security is a senior leadership role responsible for establishing and maintaining a comprehensive information security program for League. This includes direct oversight of Security Operations (SecOps) and Product/Application Security teams. The successful candidate will be a strategic thinker with a strong technical background capable of influencing without direct authority and working collaboratively across all departments to implement security measures that are proportionate to Leagues evolving needs and risk landscape. This role is pivotal in protecting Leagues assets data and reputation while enabling business objectives.
What you will do:
- Build relationships with stakeholders in customer engineering and company organizations to influence decision making and manage expectations and escalations
- Collaborate closely with product leaders to influence product strategy roadmap and process
- Work with your teams to set clear and measurable objectives and drive them to completion
- Build a high performing team through the ongoing development of current team members and leaders
- Develop and lead inclusive welcoming and effective recruiting processes
- Maintain relationships with senior leaders and colleagues throughout the company and our external partners and represent engineering in cross-functional projects and to the company and partners.
- Proactively identify areas of improvement where engineering teams can make a difference and work with other teams to make those improvements happen
- Develop implement and maintain a strategic comprehensive enterprise information security and risk management program to ensure the integrity confidentiality and availability of information.
- Lead and mentor the Security teams across operations and product security ensuring effective incident detection response and recovery capabilities including managing security monitoring tools and processes.
- Oversee the Product/Application Security program embedding security best practices into the software development lifecycle (SDLC) from design to deployment including code reviews vulnerability assessments and penetration testing.
- Collaborate with engineering product legal IT and other business units to ensure security is integrated into their processes and initiatives.
- Champion a culture of security awareness and responsibility throughout the organization.
- Develop and implement security policies standards and procedures that are practical effective and proportionate to Leagues business objectives and risk tolerance.
- Conduct regular risk assessments and security audits to identify vulnerabilities and ensure compliance with relevant regulations and standards.
- Manage security budgets and vendor relationships.
- Stay current with the latest security threats technologies and industry best practices.
- Provide regular reporting on the current status of the information security program to executive leadership and relevant stakeholders.
- Effectively influence stakeholders at all levels of the organization to adopt and support security initiatives even without direct reporting lines.
- Foster a collaborative environment to achieve shared security objectives across the company.
What you bring:
- Bachelors degree in Computer Science Information Security or a related field. A Masters degree is a plus.
- Minimum of 10 years of experience in information security with at least 5 years in a leadership or management role.
- Demonstrated experience in leading managing and delivering Security Operations (e.g. SIEM incident response threat intelligence) and Product/Application Security (e.g. secure SDLC SAST/DAST DevSecOps) Enterprise Security and Identity Management functions.
- Proven experience in developing and implementing security strategies policies and programs.
- Strong understanding of common security frameworks and standards (e.g. HITRUST NIST CSF ISO 27001 SOC 2 PCI DSS).
- Relevant professional certifications are highly desirable (e.g. CISSP CISM CRISC GIAC certifications).
- Experience working in a dynamic fast-growing technology company is preferred.
- Deep understanding of cloud security principles and practices (e.g. AWS Azure GCP).
- Experience in influencing cross-functional teams and driving change in a collaborative manner.
What We Offer:
- Comprehensive Health Benefits:We prioritize your well-being with complete medical dental and vision coverage
- Bonus Program:Be rewarded for your contributions with our performance-based bonus program
- Employee Stock Option Program:Become an owner and share in our success through our stock option program
- Unlimited Paid Time Off:Take the time you need to recharge and maintain a healthy work-life balance
- Spending Accounts:Manage your healthcare and dependent care expenses with tax-advantaged spending accounts
- Wellness Days:Prioritize your mental and physical health with dedicated wellness days throughout the year
- Growth Opportunities:We invest in your future with abundant opportunities for professional development and advancement
- Mentorship Program:Benefit from guidance and support from experienced leaders in your field
- Flexible Ways of Working:Enjoy the freedom to work in a way that suits your life and boosts your productivity
Security-Related Responsibilities
- Responsibility and accountability for executing Leagues policies and procedures within the department/ team
- Notification of HR Legal Compliance & Security of any incidents breaches or policy violations
- Compliance with Information Security Policies
CANADA APPLICANTS ONLY: The Canada-specific compensation range below for this full-time position is exclusive of bonus equity and benefits. This range reflects the minimum and maximum target for base salaries for the position across all Canadian locations. The salary range is intentional to account for the performance and career progressions a Leaguer will experience in the role throughout their time at League. Where in the band you may land is determined by job-related skills/experience. Your recruiter can share more about the specific salary range specific to your skills and experience during the hiring process.
Compensation range for Canada applicants only
$210100 - $262000 CAD
We are committed to equal employment opportunity regardless of race color ancestry religion sex national origin sexual orientation age citizenship marital status disability gender identity or Veteran status. If you are an individual in need of assistance at any time during our recruitment process please contact us at .
- You should receive a confirmation email after submitting your application.
- A recruiter (not a computer) reviews all applications at League.
- If we see alignment with Leagues needs a recruiter will reach out to learn more about your goals. The recruiter will also share the team-specific interview process depending on the roles you are exploring.
- The final step is an offer which we hope you will accept!
- Prior to joining us we conduct reference and background checks. Additional checks could be required for US Candidates depending on the role you are exploring.
- Learn about our platform leadership team and partners
- Highmark Health Google Cloud League: new digital front door to seamless care
- Former Providence President and Workday EVP of Corporate Strategy join League Board of Directors
- League raises $95 million USD in Series C to build worlds leading healthcare CX platform
- Forbes x League: The Platformization Of Healthcare Is Here
- Fast Company x League: If we want better innovations in healthtech we need more competition
Recognize and Avoid Employment scams. Practice safe job searching.
Scammers are getting craftier and leveraging fake job postings to get personal information. Know the warning signs and protect yourself from scammers. Learn more here.We are committed to ensuring fairness and transparency throughout our hiring process. League may use Artificial Intelligence (AI) tools to assist in the screening of applicants for this position. Please check out our stance on using AI in recruitment here.
Required Experience:
Director
Employment Type
Full Time
