Apply on Kit Job: kitjob.ca/job/2fs2xb

Position: Manager of Cyber Defense & Identity Access Management

Status: Permanent Full time

Department: Information Services

Salary per Annum: $109,600 - $164,400 (salary band placement commensurate with experience)

Trillium Health Partners is one of Canada’s largest community-based teaching hospitals, serving the growing and diverse populations of Mississauga, West Toronto, and surrounding communities through the Credit Valley Hospital, the Mississauga Hospital, the Queensway Health Centre, the Reactivation care Centre (Church Site) and the new THP-UHN Reactivation Care Centre. Guided by our values of compassion, excellence, and courage, and through our strategic roadmap, Plan to 2030, we are creating a new kind of health care - defined not by illness, but by the health and well-being of people and communities.

Position Overview

Drive IT Excellence through Information Security

Bring your talents to Trillium Health Partners and become an invaluable leading resource to our team ensuring the highest level of system performance, integrity and reliability. At THP, we are diligent in protecting our information assets. These assets are critical to the fulfillment of our mission. We strive to safeguard the confidentiality, integrity, and availability of our hospital and patient’s information.

As an integral leader of the Information Services division, the Manager, Information Cyber Security, Identity and Access Management, will provide thought leadership and strategic direction for the delivery of Information Security program, risk management, operations, Human Resource and Financial management.

The Manager is responsible for the leadership of the Information Security staff and program, including all activities related to the development, implementation and operation of the Information Security program for Trillium Health Partners (THP). The Manager is responsible for mentoring and leading both direct reports and staff throughout the organization in establishing and maintaining a culture of information security and resiliency.

The Manager serves as THP’s leader in Information Security, identifying risks and priorities that require resource allocation. They lead experts who collaborate with stakeholders to achieve business goals while adhering to security strategies. The Manager contributes to and implements the Information Security Strategy, oversees human and financial resources, manages succession planning amidst workforce challenges, and ensures ongoing information security operations.

The Manager attracts, retains, and leads top security talent to ensure their area meets business needs, addresses service gaps, and collaborates with other teams as needed. They also minimize risk and maximize productivity through continuous quality improvement.

As a key leader of this role, you will liaise with internal stakeholders and healthcare disciplines on identifying and implementing the corporate security strategic vision.

Here’s what you will get to do:

- Lead THP SOC (Security Operation Center) to identify, protect, detect,



respond and recover towards evolving cyber threats and overall cyber risks 24x7.
- Identify and report on information security risks, threats, vulnerabilities and breaches and make recommendations on remediation opportunities to manage risks.
- Ensures THP is protected from security and cyber threats and has response plans to react and manage security event.
- Contribute to the development of Information security strategic plan and roadmap.
- Development and implementation of the Information Security strategic and operating plans.
- Manage the teams’ workload, assign and prioritize work-based assessment of risk to the organization.
- Lead the development, implementation and maintenance of information security strategy, policies, procedures and controls in coordination with CTO and CIAO and oversight committees to ensure continuous improvement aligned with the changing risk landscape.
- Implement best practice procedures to ensure uniform security architecture throughout Application Development, Operations and Infrastructure.
- Ensure the team develops and implements to align with the information technology security architecture frameworks (NIST CSF, SOC2, ISO27001), Ontario Health’s Security Critical Controls and deliverable targets (TPAs) for Local Delivery Group (LDG).
- Ensuring the continuous delivery of day-to-day information security operations.
- Leads incident response or forensic analysis on security incidents and sensitive investigations into employee conduct and misuse of computer systems.
- Provide reports, briefings and risk-based recommendations on routine and non-routine security events and incidents.
- Lead and facilitate lessons learned, post-mortem and best practices activities on cyber security events and incidents
- Ensure the security processes and procedures are always followed and elevate any issues to the CTO.
- Ensure any new software or technology integration into the hospital meets information security system compliance, standards and specifications.
- Leads design and execution of vulnerability assessments, penetration tests, risk assessments, and security audits and ensures they are performed on regular intervals.
- Develop materials and promote activities to foster information security awareness across the organization.
- Ensures that projects, programs and other activities in IS are implemented with proper consideration given to information security.
- Determines minimum security requirements for applications and systems based on policy, data sensitivity, exposure, and other factors.
- Maintain current knowledge security industry trends and technologies




- Evaluate new technologies including emerging concepts for security impact on the environment and makes appropriate recommendations.
- Monitor internet for emerging threats of new attacks and threat vectors.
- Leads technical implementations of security-related systems.
- Understand current regulatory environment and related implications to security management compliance.
- Effectively communicate with a wide range of technical and non-technical personnel.
- Review and validate IT controls and assess the impact of any related IT deficiencies.
- Ensure that all documentation and materials are regularly reviewed and up to date.

Qualifications

Successful candidates will have demonstrated extensive experience in information security. The ideal candidates will, at minimum, have 5 years of work experience in information security working in a regulated industry, preferably health care. Be familiar with government and industry regulations that involve information security. A university degree is required. Certified Information Systems Security Qualified (CISSP) or equivalent industry certification is an advantage.

To pursue this career opportunity, please visit our website: Careers | Trillium Health Partners

Notes to applicants

If you do not see yourself fully reflected in every job requirement listed on this posting, we still encourage you to reach out and apply. Research has shown candidates from underrepresented groups often only apply when they feel 100% qualified. We encourage applicants who are members of groups that have been marginalized on any grounds enumerated under the Ontario Human Rights Code to consider this opportunity.

Trillium Health Partners is an equal opportunity employer committed to fostering a healthy, safe and respectful environment for healing, based on our values compassion, excellence and courage. To be Better Together, we commit to fostering a respectful workplace culture that promotes a safe and supportive environment for everyone who provides care, supports caregiving, receives care or visits the hospital.

In accordance with the Accessibility for Ontarians with Disabilities Act, 2005 and the Ontario Human Rights Code, Trillium Health Partners will provide accommodations throughout the recruitment and selection process to applicants with disabilities as required.

Applicants must be eligible to work in Canada. We would like to thank all applicants for their interest in this position, however, only those selected for an interview will be contacted. Trillium Health Partners is recognized under the French Language Services Act.

As a condition of employment, we require all staff to be fully vaccinated for COVID19, in addition to other vaccinations required by the Public Hospitals Act.

Our organization may use automated tools, including artificial intelligence (AI) or algorithm-assisted systems, to support the initial review of applications. These tools are used only to assist our recruiters and hiring managers; all hiring decisions include meaningful human involvement and final review

#J-18808-Ljbffr

Apply on Kit Job: kitjob.ca/job/2fs2xb

📌 Manager of Cyber Defense & Identity Access Management (Mississauga)
🏢 Trillium Health Partners
📍 Mississauga