Joint Chief Information Security Officer (CISO) - Michael Garron Hospital and Sinai Health

Overview

Joint Chief Information Security Officer (CISO) role for Michael Garron Hospital (MGH) and Sinai Health, with oversight for cybersecurity programs across two hospital organizations (Sinai Health includes The Lunenfeld Tanenbaum Research Institute) and Michael Garron Hospital. The Joint CISO will develop and implement comprehensive cybersecurity strategies, policies, and procedures to protect sensitive data and ensure regulatory compliance. The role requires collaboration with cyber operations teams at each organization and alignment with the Toronto Local Delivery Group (LDG) to harmonize strategy and tooling with other LDG hospitals.

For reference : Sinai Health –

https : / / www.sinaihealth.ca / ; Toronto East Health Network –

https : / / www.tehn.ca / .

Key Responsibilities

Strategic Leadership : Develop, execute and maintain a unified cybersecurity strategy, framework, and governance across MGH and Sinai Health (including associated institutions).

Governance and Reporting : Provide strategic direction, multi-year roadmaps, and oversight for cybersecurity initiatives; report to executive leadership and the boards of each hospital.

Policy and Compliance : Establish, maintain, enforce and align cybersecurity policies, standards, and procedures to safeguard data and ensure compliance with NIST, ISO, HITECH, PHIPA and other relevant frameworks.

Risk Management : Conduct regular risk assessments (including third-party / vendor risk management) and audits; develop a comprehensive risk dashboard for all sites.

Collaboration and Coordination : Work with cyber / privacy operations teams and hospital leadership to ensure consistent security measures; balance security with patient care requirements; foster cross-organization collaboration and threat intelligence sharing.

Incident Response and Management : Lead incident response planning and execution; establish metrics for readiness, remediation, and recovery; oversee investigations and coordinate with legal, compliance and communications.

Technology and Innovation : Stay current on threats and technologies; evaluate and adopt security solutions that enhance posture without disrupting clinical care.

Team and Resource Management : Lead cybersecurity teams across organizations; develop staffing models, succession planning, vendor relationships, and manage the security budget; participate in hiring.

Qualifications

Bachelor’s degree in Computer Science, Engineering, Information Technology, Cybersecurity, or a related field; Master’s degree preferred.

Minimum of 10 years of experience in cybersecurity with at least 5 years in a senior leadership role; proven experience in healthcare cybersecurity.

Strong knowledge of PHIPA, HITECH, NIST CSF / RMF, ISO 27001, CIS Controls; excellent leadership, communication, and interpersonal skills.

Experience mentoring cybersecurity teams; crisis management and incident response expertise; strategic thinker balancing security with operational priorities.

Ability to collaborate with diverse stakeholders; relevant certifications (CCISO, CISSP, CISM, CISA) highly desirable.

Employment details

Seniority level : Executive

Employment type : Full-time

Job function : Information Technology

Industries : Hospitals and Health Care

#J-18808-Ljbffr