Senior Manager, Enterprise Security Operations

@ Canada Health Infoway

Overview

At Canada Health Infoway, we believe a more connected and collaborative system leads to healthier outcomes. Working with governments, healthcare organizations, clinicians, and patients, we digitize health services including access to personal health information, appointments, prescriptions, lab results, and more.

Position Purpose

The Senior Manager, Enterprise Security Operations safeguards Infoway's information assets, infrastructure, and personnel. This role oversees daily operations of the security unit including incident response, threat intelligence, access management, network security, vulnerability management, and physical and personnel security while aligning with regulatory requirements and best practices.

Major Responsibilities

• Lead and mentor the Security Operations Centre (SOC) team and vendor.
• Monitor alerts, analyze threats, and respond to incidents.
• Oversee vulnerability assessments, penetration testing, and remediation activities.
• Coordinate with IT, legal, compliance, and other departments.
• Prepare and present security reports to senior leadership.
• Manage security tools and configurations ensuring optimal performance.
• Stay current with emerging threats, technologies, and regulatory changes.
• Lead investigations and coordinate root cause analysis.
• Support staff training and security awareness programs.
• Manage vendor relationships and evaluate third-party solutions.
• Monitor compliance to security standards and conduct audits.
• Review cloud configurations for best practices and separation of duties.
• Oversee SIEM tools and Privileged Access Management.
• Identify and address gaps in security coverage.
• Assist in the deployment of security mitigations and enhancements.
• Advise internal stakeholders including development, privacy, and technical support teams.
• Collaborate with technology teams for secure IT system implementation.
• Document security configurations, procedures, and changes.
• Support development teams in automating security testing.

Qualifications

A bachelor's degree in Computer Science, Information Security, or a related field is required; an advanced degree or certifications (CISSP, CISM) are preferred. A minimum of 5+ years in information security operations with at least 2 years in a leadership position. Experience with cloud-based security tools and infrastructures such as AWS, Azure, and other CSPs is expected. A strong knowledge of incident response, threat intelligence, and vulnerability management is essential along with an understanding of Canadian privacy laws and regulatory requirements. Experience with Zero-trust, devSecOps, and digital health solutions in Canada is beneficial.

Key Skills/Competency

• Incident Response
• Threat Intelligence
• Vulnerability Management
• Network Security
• Cloud Security
• Leadership
• Risk Management
• Compliance
• Security Audits
• SIEM