Chief Information Security Officer (CISO)

Job Description

Reporting to the Chief Information Officer The Chief Information Security Officer (CISO) provides strategic and operational leadership for the organizations IT Security program. Operating in a regulated healthcare environment including Long-Term Care and Home Care across Canada The CISO is accountable for protecting healthcare workforce and corporate information while enabling safe reliable and innovative care delivery.

The CISO partners closely with IT leadership clinical and frontline operational leaders Legal Finance HR and Enterprise Risk Management to ensure the IT security programs and practices are aligned with organizational goals regulatory requirements and patient safety priorities.

This position will be based at our Head Office in Markham ON. Extendicare offers a hybrid working environment.

As the Chief Information Security Officer you will:

• Establish and maintain a comprehensive enterprisewide IT Security and risk management program covering people processes and technology.

• Provide guidance to internal leadership stakeholders regarding risks controls incidents and emerging threats including regular reporting and briefings.

• Define and maintain information security policies standards and governance aligned with healthcare best practices and regulatory expectations.

• Establish and report on security key risk metrics (KRM) suitable for consumption by technical and nontechnical stakeholders

• Lead cybersecurity risk assessments threat modeling and control effectiveness reviews across clinical operational and IT corporate systems.

• Ensure compliance with healthcare and privacy regulations (e.g. PHIPA PIPEDA) and alignment to NIST SOC 2 and Zero Trust frameworks.

• Partner with IT Audit and IT leadership to ensure internal IT Audit controls (ICFR/ITGC) are operating effectively

• Establish and oversee a thirdparty risk management (TPRM) program to assess vendors cloud providers and partners for security privacy and resiliency risks.

• Oversee the organizations security operations including detection response recovery and continuous improvement.

• Act as executive sponsor for the Cybersecurity Incident Response Program ensuring readiness testing and effective execution during cyber incidents.

• Collaborate across the organizational to embed modern securitybydesign into infrastructure applications cloud services and medical technologies.

• Define and provide oversight for the security program including identity and access management data protection endpoint security infrastructure security email security people protection and thirdparty integrations.

• Build lead and mentor a highperforming cybersecurity culture within IT.

• Promote a strong security and privacyaware culture across the organization through education awareness and leadership engagement.

• Ensure appropriate skills tools and training are in place to support evolving threats and business needs.

• Other duties as required

Role Requirements:

• 10 years of progressive experience in cybersecurity information security or technology risk management including senior leadership roles.

• Demonstrated experience operating in a regulated healthcare environment.

• Clear ability to engage in practical counsel rooted in relevant business terms situational risk supported by data and in language for technical and non-technical audiences.

• Strong understanding of healthcare technologies privacy obligations and patient safety considerations.

• Strong technical background and experience working in environments supporting Microsoft and Amazon PaaS and IaaS multi cloud models and the Microsoft ecosystem of cybersecurity and compliance solutions across the IT landscape.

• Familiar with working environments supporting Workday HCM and Finance Service Now ITSM Point Click Care and AlayaCare EMR as well as the Okta Identity lifecycle and governed solutions.

Additional preferred requirements:

• Executive experience as a CISO Deputy CISO or equivalent senior leadership role.

• Professional certifications such as CISSP CISM CRISC or equivalent.

• Experience supporting healthcare accreditation or regulatory examinations.

• Familiar with emerging AI capabilities relevant AI business risk risk mitigation concepts and experience with AI models including Microsoft and Anthropic.

• Experience in health sector is beneficial

At Extendicare we believe that working as a team creates an environment that allows us to reach our potential. We value each employee encourage equal opportunity for growth and recognize achievement. As a valued member of our team you can expect:

• Continuous mentorship support for life-long learning and growth opportunities

• Opportunities for advancement and career growth within the organization

• A rewarding and meaningful work experience where you can enrich your life and the lives of others through your work.

• Employee Family Assistance Program.

• Robust benefits package.

#extendicareIT

Time Type

Compensation Details

At Extendicare weve spent more than 50 years dedicated to enhancing quality of life for the people we serve across Canada. When you join Extendicare you become part of a compassionate mission-driven team committed to supporting care delivery in homes and communities nationwide. Our corporate roles play a vital part in enabling front-line teams to provide exceptional experiences for clients and families. Together we foster a culture of collaboration innovation and accountabilitycreating solutions that strengthen our services and improve lives every day.

We arecommitted to providing competitive compensation that reflects the value of this role and the unique qualifications each candidate brings. This opportunity is areplacement for an existing roleand to support transparency a hiring range may be included with this posting. Howeverfinal salary offers are based on a variety of factorssuch as your skills experience education and alignment with the responsibilities of this position.

Base salary is one component of our broader total rewards package. We offer acomprehensive suite of benefitsdesigned to support your health financial well-being and long-term career growth. Your recruiter can provide more details about our total rewards offerings during the hiring process.

We mayuse artificial intelligence (AI) toolsto support certain stages of the recruitment process such as reviewing applications analyzing resumes or assessing candidate responses. These tools assist our recruitment team butdo notreplace human judgment every application is reviewed by a member of our team to ensure thoughtful and equitable consideration. Ifyou wouldlike more information about how your data is processed please contact us.

Extendicare is committed to fostering an accessible inclusive and equitable hiring process. We gladly accommodate the needs of applicants throughout all stages of recruitment and selection upon request.