Security Lead

Are you passionate about helping people live their healthiest lives Do you thrive in a dynamic supportive environment where your contributions truly matter If so Medcan is the place for you!

• Elevate Medcans security program by refining existing controls introducing innovative practices and advancing a dynamic security roadmap tailored to evolving threats and business needs.
• Lead the development and implementation of Medcans information security vision and strategy aligned with organizational priorities and business objectives.
• Champion a culture of security across the organization ensuring senior stakeholder buy-in and executive mandate.

• Maintain Medcans PCI DSS and Canada CyberSecure certifications ensuring ongoing compliance through audits documentation and remediation.
• Lead the initiative to achieve ISO/IEC 27001 certification including gap analysis policy development and implementation of controls.
• Ensure all security controls are compliant with Medcans internal security policies and external regulatory requirements.

• Oversee threat and vulnerability management activities including risk identification assessment and remediation planning.
• Collaborate with cross-functional teams to ensure consistent application of security policies across infrastructure applications and services.

• Partner with infrastructure and development teams to embed security into the design and deployment of systems networks and applications.
• Ensure secure architecture and configuration of cloud and on-premises environments.
• Drive secure software development practices and DevSecOps integration.

• Develop and manage a metrics and reporting framework to measure the effectiveness of the security and data governance programs.
• Provide regular updates to executive leadership and the board on the status of the security program and enterprise risk posture.
• Facilitate appropriate resource allocation to improve security maturity across the organization.

• Design and manage a targeted information security awareness program for employees contractors and system users.
• Establish and track metrics to evaluate the effectiveness of training across different audiences.

• Collaborate with vendor management and procurement teams to ensure security requirements are embedded in third-party contracts.
• Engage with internal committees and external partners to align security practices with privacy compliance risk management and business continuity standards.

• Document update and align organizational security policies and processes with the NIST Cybersecurity Framework and other relevant standards.
• Ensure consistent policy application across all technology projects and services.

• Proven experience of 5-10 years leading enterprise security programs in complex environments with the willingness to further develop their skills.

• Deep understanding of security frameworks (NIST ISO 27001 PCI DSS etc.).
• Strong knowledge of infrastructure and application security including cloud and hybrid environments.
• Excellent communication and leadership skills with the ability to influence at all levels of the organization.
• Experience managing audits certifications and compliance programs.
  
  This is a full-time hybrid position working 40 hours per week and 2 days in office. Our downtown Toronto office is conveniently located at 150 York St. which is nearby St. Andrew station or a 10-minute walk from Union Station!

Position Pay Range

Pay will be determined based on an analysis of the selected candidates experience and qualifications within the roles compensation grade. Medcans compensation ranges are determined by a combination of required qualifications and skills market value and internal equity. The above range pertains solely to the base compensation and is not inclusive of additional compensation details such as perks benefits and potential bonuses or incentives.

Diversity Equity and Accessibility:

Medcan is dedicated to equity diversity and inclusion. We strive to ensure all stakeholders have a fair opportunity to participate in our community. If contacted for an opportunity please advise your Talent Acquisition contact should you require accommodation.

AI Use Disclosure Opportunities at Medcan

Medcan uses artificial intelligence (AI) tools to support the screening and assessment of applicants for opportunities as part of a fair transparent and inclusive process. These tools assist our team but do not make final decisions. All decisions are reviewed and made by our teams to ensure fairness and alignment with Medcans values. If you have questions about how your application is assessed please contact the Medcan Talent Acquisition team at .