Our leading health services client is looking for a Director of Security to join their team.

The Director of Security will lead enterprise-wide security operations while playing a strategic role in protecting healthcare data exchange and interoperability, using international standards like HL7 FHIR . In this key position, you'll work closely with the Security Architect and cross-functional teams in Architecture, Delivery, and Compliance to ensure Connected Care initiatives are secure and aligned with national standards.

This role combines strategic leadership with deep technical expertise, overseeing enterprise security planning, risk management, project execution, and operational readiness. The ideal candidate will bring a strong security background-particularly in healthcare infrastructure-and experience working with internal teams and external managed service providers (MSPs).

Key Responsibilities

Securing Connected Care Initiatives

• Act as a senior security advisor to both internal teams and external partners.
• Serve as a subject matter expert on security for major healthcare projects, helping manage risks and enable secure interoperability.
• Lead security efforts during vendor evaluations, procurement, and contract reviews.
• Identify and mitigate threats to secure patient access to health data; ensure stakeholder feedback is integrated into security planning.
• Develop security requirements, SOPs, and guidance to enable secure, patient-centered data sharing across Canada.
• Facilitate and lead national forums and working groups on healthcare security, write white papers and blogs, and host panels and training sessions.

Enterprise Security Operations

• Prepare and present security briefings to leadership, advisory groups, and the Board.
• Mentor team members on best practices in cybersecurity and data protection.
• Evaluate new software and tools to ensure they meet security requirements.
• Implement and monitor data classification, protection measures, and compliance controls.
• Identify gaps in the security landscape and help design and deploy appropriate countermeasures.
• Lead the Vulnerability Management program and coordinate incident response efforts.
• Oversee continuous security monitoring, including coordination with Managed Security Services (MSS).
• Manage the use of tools such as SIEM and EDR, and track security performance through defined metrics.
• Organize security awareness training and coordinate threat risk assessments and mitigation plans.

Required Education & Experience

• A Bachelor's degree in a related field; graduate education (e.g., MBA) is an asset.
• 5+ years in a senior security leadership, consulting, or advisory position.
• Professional certifications such as CISSP, CISM, or equivalent.
• Proven experience in policy development, phishing simulations, and security awareness programs.
• Track record of effective collaboration with government and external stakeholders.
• Experience managing privacy/security incidents and leading response teams.

Expertise & Technical Skills

• Strong understanding of security risk management and threat/vulnerability assessment.
• Knowledge of frameworks and standards like NIST, ITIL, COBIT, and ISO 27001.
• Familiarity with identity and access protocols including OAuth2, OIDC, and SAML.
• Hands-on experience with tools for vulnerability scanning, SIEM, and EDR.
• Good grasp of operating system security (Linux and Windows).
• Experience in Canadian digital health implementation is an advantage.
• Excellent communication skills, both written and verbal.