Position: Director, Information Cyber Security
Status: Full Time
Department: Infrastructure and Digital Services (IDS)
Posted Date: Monday Nov 10th, 2025 – Sunday Nov 23rd, 2025
Base Rate: $135,934.50 - $203,911.50 (salary band placement commensurate with experience)
Job Description:
Company Overview and Regional Role:
Trillium Health Partners (THP) is recognized as a leader in Health Care, committed to excellence, quality and innovation. We are dedicated to safeguarding our information assets and ensuring the highest level of system performance, integrity, and reliability. Join our team and contribute to our mission for a better community.
THP serves as the digital and cybersecurity lead for the Central South Local Delivery Group (LDG), a partnership comprising THP, William Osler Health System, Mackenzie Health, and Halton Healthcare. As the regional lead, THP is entrusted with advancing the cyber security posture of the Central South region in strong collaboration with four partner hospitals. This role is pivotal in elevating and continuously maturing the region’s cyber resilience in alignment to Ontario Health’s Cyber Security Operating Model (CSOM). The successful candidate will join a forward-thinking organization committed to excellence, innovation, and collaboration, and will play a key role in shaping the future of health care security across the region.
Position Overview:
The Director of Information Cyber Security will serve as the regional coordinator, providing strategic leadership to both THP and the Central South LDG. While operationally reporting to the THP CTSO, this role will drive regional collaboration, ensure compliance with Ontario Health requirements, and lead a team of security professionals in protecting information assets from cyber threats. The Director will be accountable for both regional and THP-specific deliverables, including risk management, operations, partnership development, and continuous improvement of security practices. This position requires a visionary leader who can balance strategic planning with hands-on operational management, foster strong relationships across multiple organizations, and champion a culture of security awareness and innovation.
The Director of Information Cyber Security will hold financial accountability for the effective management of cyber security budgets and resources within THP, ensuring alignment with both organizational goals and fiscal responsibility. In addition, this role is responsible for oversight of the Ontario Health Transfer Payment Agreement (TPA), ensuring that all cyber security initiatives and expenditures are compliant with TPA and reporting requirements.
Regional Accountabilities
· Regional Leadership & Coordination:
Establish, nurture, and maintain strong, collaborative relationships with regional Chief Information Officer (CIO) leaders, and their respective cybersecurity leadership teams, ensuring all responsibilities and commitments in the LDG Governance Memorandum of Understanding (MOU) are consistently fulfilled. Serve as the primary regional point of contact for all Central South LDG cyber security matters, including escalations, proactively addressing concerns and facilitating solutions to security issues. Represent the Central South LDG in provincial forums, Ontario Health working groups, and other strategic committees, ensuring advocacy and communications of regional interests, challenges, and successes. Regularly engage in information sharing sessions and briefings with regional CIOs to foster trust, transparency, and alignment on shared cyber security objectives.
Strategic Advancement:
Lead, participate in, and drive the continuous advancement of regional cyber security practices, frameworks, and strategic initiatives. Engage regularly with other LDG leads, the Ontario Health Cyber Security Centre, and provincial advisory committees to stay abreast of emerging threats, new technologies, and best practices. Facilitate the development and implementation of forward-looking regional security initiatives designed to align with and support Ontario Health’s overarching vision, standards, and program requirements. Promote a culture of innovation by encouraging the adoption of new tools, processes, and methodologies that enhance regional cyber resilience and effectiveness.
Collaboration & Partnership:
Coordinate and facilitate regular regional planning workshops, cross-organization collaboration tables, and joint initiatives in partnership with member hospitals and Ontario Health Regions. Build and sustain a robust network for knowledge sharing, resource pooling, and coordinated response to cyber incidents, promoting a unified approach to security challenges. Develop and maintain mutual assistance plans, ensuring that
resources and expertise are readily accessible across organizations in times of need. Champion inter-hospital collaboration on projects and pilots, leveraging collective experience to address shared risks and elevate overall security maturity.
Program Delivery:
Oversee and ensure the effective execution of all regional deliverables, including comprehensive technology platform inventories, expertise and resource sharing programs, and actionable risk reduction roadmaps. Standardize and enhance board education initiatives, ensuring consistent levels of cyber security awareness and knowledge among regional leadership. Develop, implement, and maintain unified performance reporting metrics across the region, supporting clear communication, monitoring, and accountability. Provide regular updates and progress reports to senior leadership and governance bodies, highlighting achievements, challenges, and opportunities for improvement.
Continuous Improvement:
Continuously identify, evaluate, and implement opportunities for operational rationalization, cost efficiencies, and region-wide risk reduction. Lead and facilitate in-depth post-incident reviews, lessons learned sessions, and best practice dissemination to ensure ongoing improvement in cyber security posture. Develop and maintain a repository of regional best practices, guidelines, and lessons learned to support continuous learning and adaptation across the Central South LDG. Encourage and enable a THP-Specific Responsibilities
Security Operations Management:
Provide strategic leadership for the Security Operations Center (SOC), ensuring a robust, proactive, and effective approach to identifying, protecting, detecting, responding to, and recovering from cyber threats. Oversee the seamless delivery of daily information security operations, including incident triage and response, forensic analysis, threat intelligence, and vulnerability management. Foster a high-performance team environment that can rapidly adapt to emerging threats and maintain operational excellence across all facets of security operations.
Strategic Planning & Implementation:
In collaboration with THP’s CTSO and CIAO, develop, implement and continuously refine cybersecurity strategies and operational plans, ensuring alignment with business priorities and long-term organizational goals. Oversee and guide the development, implementation, and maintenance of comprehensive security policies, standards, procedures, and technical controls, ensuring they remain current with evolving regulatory requirements, best practices, and threat landscapes.
Compliance & Risk Management:
Lead the organization’s compliance initiatives with all relevant regulatory requirements, industry standards (such as SOC2, NIST, ISO/IEC 27001:2022), and internal policies. Conduct and oversee regular risk assessments, penetration tests, and security audits to systematically identify, evaluate, and mitigate vulnerabilities. Ensure all findings are addressed with actionable remediation plans and that risk management processes are embedded in organizational decision-making.
Stakeholder Engagement:
Establish and nurture strong partnerships with the THP Privacy, Legal, and Risk teams, as well as with other internal departments and external partners. Act as a champion for security awareness, spearheading ongoing training, education, and engagement initiatives that cultivate a culture of vigilance and shared responsibility for cyber security across the organization. Facilitate clear communication and collaboration with both technical and non-technical stakeholders to ensure security objectives are understood and supported.
Technology & Vendor Management:
Lead the evaluation, selection, and management of third-party vendors and security technology solutions to ensure they meet organizational security standards and integrate effectively with existing systems. Oversee the implementation of new security tools, platforms, and software, ensuring proper due diligence, testing, and ongoing oversight to maintain compliance with industry standards and maximize security posture.
Reporting & Communication:
Prepare and deliver regular, comprehensive reports, briefings, and risk-based recommendations to senior leadership and governance bodies, ensuring transparency and informed decision-making. Effectively communicate complex cyber security issues, risks, and incidents in a clear, concise, and actionable manner tailored to both technical and non-technical audiences, supporting a shared understanding of security priorities at all levels.
Incident Response & Recovery:
Ensure the team’s 24/7 readiness to respond to security incidents, ensuring robust protocols for rapid containment, investigation, and remediation including MSSP escalations. Lead and facilitate detailed lessons learned sessions, post-mortem reviews, and the dissemination of best practices following cyber security events and incidents. Promote a culture of continuous improvement by integrating feedback and evolving tactics to strengthen the organization’s resilience and recovery capabilities.
