Manager, IT Security

The Manager, IT Security will identify, manage, and report on the company’s compliance, as well as regulatory, legislative, and contractual requirements for IT systems and products. Responsibilities will include developing and managing all aspects of IT security, including strategy, monitoring and reporting on IT security performance, and tracking performance vs. KPIs to the business. The Manager, IT Security will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support IT security, compliance, and audit requirements. This role will also perform and support reviews, assessments, and audits.

What we offer (and why you’ll love it here!):

• Growth Opportunities: Committed to fostering a culture of growth, where every team, member is encouraged to pursue new skills, expand their knowledge, and advance their careers.

• Vibrant Culture: Over 1,500 team members across Canada and year over year we manage to maintain an overall above industry engagement score by using a monthly pulse survey.

• Our People Say It Best:  https://www.youtube.com/watch?v=gySeQnPY7Tg

• Attractive Compensation: Competitive salary, incentive program, and comprehensive benefits package.  
• What & Where: Atlantic Canada Based (Full Time, Permanent)
• Closing Date: April 16th, 2025

Why BioScript Solutions?

At BioScript, we're not just a company—we're a fast-growing company always putting patients first. Recognized as one of Canada’s Best Managed Companies, we believe in pushing boundaries, setting trends, and creating meaningful experiences that captivate and inspire. Our vibrant team is made up of innovative minds who are passionate about driving success and making an impact. Ready to be a part of this exhilarating journey?

Your Mission

Strategy and Planning

• Developing & maintaining an information security strategy aligned with organizational objectives.
• Establishing IT security governance structures and processes to ensure decision-making aligns with organizational goals.
• Creating and enforcing information security policies and standards.
• Improve existing compliance programs and processes related to secure IT assets.
• Develop, review, and modify information security and privacy policies.
• Monitor advancements in information privacy regulations to ensure organizational adaptation and compliance.
• Determine whether a security incident violates a privacy principle or, in partnership with the legal team, assess if the legal standard has been reached requiring legal action.
• Work with Senior Leadership Team as part of the Information Security Group and business managers to align the IT security organization with business unit security and compliance needs.
• Develop and institute security and compliance goals and objectives.
• Select and deploy appropriate best practices governance frameworks, such as NIST-CSF, ISO 27001, or COBIT.

Acquisition & Deployment

• Assess applicable IT purchases to ensure they support security and compliance mandates.
• Implement Privacy and Security by Design toolset to support the business’s application of IT security best practices.

• Review proposed projects to identify potential security related risks.

Risks, Compliance, and Audit Assessments

• Design and execute audit procedures to assess and measure company compliance with IT security policies and procedures.
• Identify and deploy standard risk assessment models or frameworks.
• Track and measure the enterprise’s risk posture.
• Conduct internal security risk assessments and security compliance audits.
• Establish IT security audit procedures relevant to the applicable standard, framework, or guidelines such as NIST CSF and ISO 27001, etc.
• Understand and operate within privacy frameworks such as PIPEDA and PHIPA, and to a lesser extent HIPAA and GDPR
• Support and coordinates third-party audits, penetration tests, Privacy Impact Assessments, and Threat Risk Assessments.
• Create and communicate strategies for risk mitigation, including forecasting and tracking costs of risk management initiatives.
• Implement controls and monitoring mechanisms to reduce the likelihood of risk events and their impact on the organization.
• Participating in Architecture Review Board (ARB) and the Change Advisory Board (CAB) to ensure proper oversight and decision-making.

Communication

• Develop materials and tools to effectively communicate IT security compliance and IT security corporate requirements.
• Develop and deliver IT security risk awareness training for key staff and stakeholders.
• Collect, analyze, and prepare reports for senior management, regulators, and other relevant stakeholders.
• Document, investigate, and report cybersecurity compliance issues and incidents, where necessary.
• Work with business leaders to ensure information security risk findings are reviewed, and solutions are implemented.
• Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
• Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders, including [business, security, legal, IT, and customers].
• Liaise with relevant parties to commission activities relating to contingency planning, business continuity management, and IT disaster recovery.

Operational Management

• Oversee day-to-day security monitoring not carried out by IT Operations.
• Consult and collaborate with the Director of IT Operations to ensure IT security operations align with IT Security strategy.
• Develop, monitor, and report on the IT security performance KPIs to the business.
• Consulting and acting as an escalation point for security incidents.
• Liaise between internal and external audit teams.
• Schedule and launch periodic audit reviews.
• Plan and oversee IT security risk mitigation and remediation projects.
• Lead the development and maintain the Major Incident Response plan for Cybersecurity related events.
• Plan and lead tabletop exercises to test cyber event readiness.

What You Bring to the Table 

Education 

• University degree in Computer Science, Engineering, or comparable; diploma in related field; or comparable experience.
• CISSP, CISA, CISM, Security +, or other relevant security-related designation(s).

Experience & Skills

• Minimum of 10 years of IT experience.
• Significant knowledge of and experience with IT privacy and security standards such as ISO 27001, NIST CSF, COBIT, etc.
• Experience with IT governance, risk, and compliance management.
• Deep knowledge of business management practices and principles.
• Proven experience in auditing legislative and regulatory compliance.
• Experience with IT security best practices and regulations pertaining to the healthcare industry.
• Experience in the technical management of technology software and hardware platforms.
• Knowledge of computer networking concepts and protocols and network security methodologies.
• Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of risk management processes.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Proven leadership and management skills.
• Highest levels of personal and professional integrity.
• Superior analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Proven experience in interfacing with executive teams, business management and external firms.
• Excellent written, oral, and interpersonal communication skills.
• Ability to research existing and emerging security and compliance issues as required.
• Ability to present ideas in both business-friendly and IT-friendly language.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.

Compensation: At BioScript, your base pay is one part of your total compensation package and is determined within a range. Our pay ranges are based on the local cost of labor benchmarks for each specific role, level, and geographic location.

We're proud to be an equal opportunity employer. As a people-centric organization, we’re committed to fostering a welcoming culture free of discrimination, and to providing a healthy and safe work environment where all team members can thrive as individuals. Through our commitment to diversity, inclusion, belonging, and equity, we strive to provide an accessible workplace, where individuals feel valued, respected, and supported every day. 

We encourage and accept all applications, however, only candidates selected for interviews will be contacted. Accommodations can be made available on request for candidates taking part in all aspects of the selection process. For inquiries, please email the talent acquisition team at recruitment@bioscript.ca. 

Ready to make your mark? If you’re passionate about transforming ideas into extraordinary results and excited to join a forward-thinking team, we want to hear from you! 

#INDA

Take a look firsthand at what we do here! -  https://www.youtube.com/watch?v=Prd_s5vXynQ