Are you passionate about helping people live their healthiest lives? Do you thrive in a dynamic, supportive environment where your contributions truly matter? If so, Medcan is the place for you!
This job posting is for a current vacancy.
Medcan is seeking a seasoned and visionary Security Lead to spearhead our enterprise-wide information security program. This role is critical to ensuring the confidentiality, integrity, and availability of Medcan’s digital assets, infrastructure, and applications. The successful candidate will lead strategic initiatives, maintain key security certifications, and drive continuous improvement in our cybersecurity posture.
Key ResponsibilitiesSecurity Program Leadership- Elevate Medcan’s security program by refining existing controls, introducing innovative practices, and advancing a dynamic security roadmap tailored to evolving threats and business needs.
- Lead the development and implementation of Medcan’s information security vision and strategy, aligned with organizational priorities and business objectives.
- Champion a culture of security across the organization, ensuring senior stakeholder buy-in and executive mandate.
Compliance & Certification Management- Maintain Medcan’s PCI DSS and Canada CyberSecure certifications, ensuring ongoing compliance through audits, documentation, and remediation.
- Lead the initiative to achieve ISO/IEC 27001 certification, including gap analysis, policy development, and implementation of controls.
- Ensure all security controls are compliant with Medcan’s internal security policies and external regulatory requirements.
Risk, Threat & Vulnerability Management- Oversee threat and vulnerability management activities, including risk identification, assessment, and remediation planning.
- Collaborate with cross-functional teams to ensure consistent application of security policies across infrastructure, applications, and services.
Infrastructure & Application Security- Partner with infrastructure and development teams to embed security into the design and deployment of systems, networks, and applications.
- Ensure secure architecture and configuration of cloud and on-premises environments.
- Drive secure software development practices and DevSecOps integration.
Metrics, Reporting & Governance- Develop and manage a metrics and reporting framework to measure the effectiveness of the security and data governance programs.
- Provide regular updates to executive leadership and the board on the status of the security program and enterprise risk posture.
- Facilitate appropriate resource allocation to improve security maturity across the organization.
Security Awareness & Training- Design and manage a targeted information security awareness program for employees, contractors, and system users.
- Establish and track metrics to evaluate the effectiveness of training across different audiences.
Vendor & Stakeholder Engagement- Collaborate with vendor management and procurement teams to ensure security requirements are embedded in third-party contracts.
- Engage with internal committees and external partners to align security practices with privacy, compliance, risk management, and business continuity standards.
Policy & Framework Alignment- Document, update, and align organizational security policies and processes with the NIST Cybersecurity Framework and other relevant standards.
- Ensure consistent policy application across all technology projects and services.
Qualifications & ExperiencePosition Pay Range
$95,336.00 - $131,087.00 CAD annually
Pay will be determined based on an analysis of the selected candidate's experience and qualifications within the role's compensation grade. Medcan's compensation ranges are determined by a combination of required qualifications and skills, market value, and internal equity. The above range pertains solely to the base compensation and is not inclusive of additional compensation details such as perks, benefits, and potential bonuses or incentives.
Diversity, Equity and Accessibility:
Medcan is dedicated to equity, diversity and inclusion. We strive to ensure all stakeholders have a fair opportunity to participate in our community. If contacted for an opportunity, please advise your Talent Acquisition contact should you require accommodation.
AI Use Disclosure – Opportunities at Medcan
Medcan uses artificial intelligence (AI) tools to support the screening and assessment of applicants for opportunities as part of a fair, transparent, and inclusive process. These tools assist our team but do not make final decisions. All decisions are reviewed and made by our teams to ensure fairness and alignment with Medcan’s values. If you have questions about how your application is assessed, please contact the Medcan Talent Acquisition team at recruitment@medcan.com.
