Security Lead

Medcan • Full-time • Toronto, ON, CA • 1d ago

Are you passionate about helping people live their healthiest lives? Do you thrive in a dynamic, supportive environment where your contributions truly matter? If so, Medcan is the place for you!

This job posting is for a current vacancy.

Medcan is seeking a seasoned and visionary Security Lead to spearhead our enterprise-wide information security program. This role is critical to ensuring the confidentiality, integrity, and availability of Medcan’s digital assets, infrastructure, and applications. The successful candidate will lead strategic initiatives, maintain key security certifications, and drive continuous improvement in our cybersecurity posture.

Key Responsibilities

Security Program Leadership

Elevate Medcan’s security program by refining existing controls, introducing innovative practices, and advancing a dynamic security roadmap tailored to evolving threats and business needs.
Lead the development and implementation of Medcan’s information security vision and strategy, aligned with organizational priorities and business objectives.
Champion a culture of security across the organization, ensuring senior stakeholder buy-in and executive mandate.

Compliance & Certification Management

Maintain Medcan’s PCI DSS and Canada CyberSecure certifications, ensuring ongoing compliance through audits, documentation, and remediation.
Lead the initiative to achieve ISO/IEC 27001 certification, including gap analysis, policy development, and implementation of controls.
Ensure all security controls are compliant with Medcan’s internal security policies and external regulatory requirements.

Risk, Threat & Vulnerability Management

Oversee threat and vulnerability management activities, including risk identification, assessment, and remediation planning.
Collaborate with cross-functional teams to ensure consistent application of security policies across infrastructure, applications, and services.

Infrastructure & Application Security

Partner with infrastructure and development teams to embed security into the design and deployment of systems, networks, and applications.
Ensure secure architecture and configuration of cloud and on-premises environments.
Drive secure software development practices and DevSecOps integration.

Metrics, Reporting & Governance

Develop and manage a metrics and reporting framework to measure the effectiveness of the security and data governance programs.
Provide regular updates to executive leadership and the board on the status of the security program and enterprise risk posture.
Facilitate appropriate resource allocation to improve security maturity across the organization.

Security Awareness & Training

Design and manage a targeted information security awareness program for employees, contractors, and system users.
Establish and track metrics to evaluate the effectiveness of training across different audiences.

Vendor & Stakeholder Engagement

Collaborate with vendor management and procurement teams to ensure security requirements are embedded in third-party contracts.
Engage with internal committees and external partners to align security practices with privacy, compliance, risk management, and business continuity standards.

Policy & Framework Alignment

Document, update, and align organizational security policies and processes with the NIST Cybersecurity Framework and other relevant standards.
Ensure consistent policy application across all technology projects and services.

Qualifications & Experience

Proven experience of 5-10 years, leading enterprise security programs in complex environments with the willingness to further develop their skills.
Deep understanding of security frameworks (NIST, ISO 27001, PCI DSS, etc.).
Strong knowledge of infrastructure and application security, including cloud and hybrid environments.
Excellent communication and leadership skills, with the ability to influence at all levels of the organization.
Experience managing audits, certifications, and compliance programs.

This is a full-time, hybrid position working 40 hours per week and 2 days in office. Our downtown Toronto office is conveniently located at 150 York St., which is nearby St. Andrew station or a 10-minute walk from Union Station!

Position Pay Range

$95,336.00 - $131,087.00 CAD annually

Pay will be determined based on an analysis of the selected candidate's experience and qualifications within the role's compensation grade. Medcan's compensation ranges are determined by a combination of required qualifications and skills, market value, and internal equity. The above range pertains solely to the base compensation and is not inclusive of additional compensation details such as perks, benefits, and potential bonuses or incentives.

Notice to Candidates: Recruitment Fraud

Please note that Medcan will never request any form of payment from candidates at any stage of the recruitment or hiring process. In addition, Medcan does not utilize third-party immigration consultants or recruitment agents to conduct offers of employment on our behalf. Employment contracts are shared directly by members of the Medcan Talent Acquisition or Human Resources team using official Medcan email domains.

If you receive a request for payment or are contacted by an individual or organization claiming to represent Medcan that appears suspicious, please do not respond or share personal information. Instead, we encourage you to contact us directly at recruitment@medcan.com to verify the legitimacy of the communication.

Diversity, Equity and Accessibility:

Medcan is dedicated to equity, diversity and inclusion. We strive to ensure all stakeholders have a fair opportunity to participate in our community. If contacted for an opportunity, please advise your Talent Acquisition contact should you require accommodation.

AI Use Disclosure – Opportunities at Medcan

Medcan uses artificial intelligence (AI) tools to support the screening and assessment of applicants for opportunities as part of a fair, transparent, and inclusive process. These tools assist our team but do not make final decisions. All decisions are reviewed and made by our teams to ensure fairness and alignment with Medcan’s values. If you have questions about how your application is assessed, please contact the Medcan Talent Acquisition team at recruitment@medcan.com.