Chief Information Security Officer (CISO)

Overview

Job Description Reporting to the Chief Information Officer, the Chief Information Security Officer (CISO) provides strategic and operational leadership for the organization’s IT Security program. Operating in a regulated healthcare environment including Long-Term Care and Home Care across Canada, the CISO is accountable for protecting healthcare, workforce, and corporate information while enabling safe, reliable, and innovative care delivery.

Responsibilities

• Establish and maintain a comprehensive, enterprise-wide IT Security and risk management program covering people, processes, and technology.
• Provide guidance to internal leadership stakeholders regarding risks, controls, incidents, and emerging threats, including regular reporting and briefings.
• Define and maintain information security policies, standards, and governance aligned with healthcare best practices and regulatory expectations.
• Establish and report on security key risk metrics (KRM) suitable for consumption by technical and nontechnical stakeholders.
• Lead cybersecurity risk assessments, threat modeling, and control effectiveness reviews across clinical, operational, and IT corporate systems.
• Ensure compliance with healthcare and privacy regulations (e.g., PHIPA, PIPEDA) and alignment to NIST, SOC 2 and Zero Trust frameworks.
• Partner with IT Audit and IT leadership to ensure internal IT Audit controls (ICFR/ITGC) are operating effectively.
• Establish and oversee a third-party risk management (TPRM) program to assess vendors, cloud providers, and partners for security, privacy, and resiliency risks.
• Oversee the organization’s security operations, including detection, response, recovery, and continuous improvement.
• Act as executive sponsor for the Cybersecurity Incident Response Program, ensuring readiness, testing, and effective execution during cyber incidents.
• Collaborate across the organization to embed modern security-by-design into infrastructure, applications, cloud services, and medical technologies.
• Define and provide oversight for the security program including identity and access management, data protection, endpoint security, infrastructure security, email security, people protection and third-party integrations.
• Build, lead, and mentor a high-performing cybersecurity culture within IT.
• Promote a strong security and privacy-aware culture across the organization through education, awareness, and leadership engagement.
• Ensure appropriate skills, tools, and training are in place to support evolving threats and business needs.
• Other duties as required.

Role Requirements

• 10+ years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
• Demonstrated experience operating in a regulated healthcare environment.
• Clear ability to engage in practical counsel rooted in relevant business terms, situational risk, supported by data and in language for technical and non-technical audiences.
• Strong understanding of healthcare technologies, privacy obligations, and patient safety considerations.
• Strong technical background and experience working in environments supporting Microsoft and Amazon PaaS and IaaS multi cloud models and the Microsoft ecosystem of cybersecurity and compliance solutions across the IT landscape.
• Familiar with working environments supporting Workday HCM and Finance, Service Now ITSM, Point Click Care and AlayaCare EMR as well as the Okta Identity lifecycle and governed solutions.

Additional Preferred Requirements

• Executive experience as a CISO, Deputy CISO, or equivalent senior leadership role.
• Professional certifications such as CISSP, CISM, CRISC, or equivalent.
• Experience supporting healthcare accreditation, or regulatory examinations.
• Familiar with emerging AI capabilities, relevant AI business risk, risk mitigation concepts and experience with AI models including Microsoft and Anthropic.
• Experience in health sector is beneficial.

Benefits and Environment

At Extendicare, we believe that working as a team creates an environment that allows us to reach our potential. We value each employee, encourage equal opportunity for growth and recognize achievement. As a valued member of our team, you can expect:

• Continuous mentorship, support for life-long learning and growth opportunities
• Opportunities for advancement and career growth within the organization
• A rewarding and meaningful work experience where you can enrich your life and the lives of others through your work
• Employee Family Assistance Program
• Robust benefits package

Additional Information

Time Type: Full time

Compensation will be discussed during the recruiting process. This opportunity may include a hiring range; final offers reflect skills, experience, education, and alignment with responsibilities.

Extendicare is committed to fostering an accessible, inclusive, and equitable hiring process. We accommodate the needs of applicants throughout recruitment and selection upon request.

#J-18808-Ljbffr