Cyber Security Manager

WHO ARE WE?   

The GroupHEALTH Family of Companies is a leading Canadian provider of employee benefits, made up of GroupHEALTH Benefit Solutions, GroupSource, Manion Wilkins & Associates Ltd, and Disability Management Institute and an additional 7 operating companies.    

GroupHEALTH holds substantial controlling interest of the above companies and is a wholly owned subsidiary of Munich Re New Ventures, a division of Munich Re—one of the world’s leading providers of reinsurance, primary insurance, and insurance-related risk solutions.

YOUR ROLE

As Cyber Security Manager, you'll be responsible for leading the development and implementation of our cybersecurity strategy and you will play a crucial role in safeguarding our company. You will work on our existing roadmap of findings to identify and address security gaps, enhance our security posture, and ensure the protection of our valuable assets. Additionally, you will work closely with various Business Units to manage day-to-day security operations and will report to management of both GroupHEALTH and our parent company. This is a hybrid opportunity out of our Surrey, BC office.

YOUR IMPACT

• You deliver an effective cybersecurity program in alignment with industry best practices, regulatory requirements, and organizational objectives 
• You will implement and monitor the ISMS program to ensure the confidentiality, integrity, and availability of sensitive data owned, controlled or processed by organization
• You will serve as the primary point of contact and responsible party for cyber and information security in the organization
• You will develop and implement a 2–3-year cybersecurity strategy based on audit findings, risk assessments (CMMI), and compliance requirements.
• You will develop metrics and reporting framework to measure cyber security and governance key performance indicators (KPIs) and key risk indicators (KRIs), assessing risk reduction, training effectiveness, policy adherence, and incident response success etc.
• You will collaborate with cross-functional teams to ensure that security requirements are integrated into system development and business processes across the organization
• You will provide guidance and support to technical teams in the design and implementation of security systems, networks, and applications
• You will own the security training program, ensuring regular training updates, phishing simulations, and engagement tracking to improve security culture across all entities.
• You will develop, update, and ensure company-wide adoption of security policies, controls, and best practices. Lead compliance efforts (e.g., ISO 27001, SOC 2) and ensure all business units meet security expectations.
• You will establish role-based access control (RBAC), enforces access governance, and ensures periodic access reviews to prevent privilege misuse.
• You will lead incident response planning and risk mitigation strategies, ensuring readiness and minimizing damage from cybersecurity threats.
• You will work closely with senior leadership, IT, and business units to embed security into business decision-making.
• You will collaborate with IT to define security requirements for new technologies, cloud solutions, and internal applications to ensure security is built into the infrastructure.
• You will regularly assess security maturity, track threat intelligence, and improves controls based on emerging risks and industry trends.
• You will stay up-to date with latest industry trends, emerging threats, and security technologies. Make improvements and adjustments to the organization’s security strategy accordingly.
• You will work with internal and external stakeholders, including auditors and regulators to ensure compliance with relevant security standards, laws and regulation in the area of responsibility.
• You will establish and support an effective cybersecurity program in alignment with industry best practices, regulatory requirements, and organizational objectives
• You will support third-party risk assessments and client questionnaires.
• You will drive the initiative in obtaining security certifications, such as ISO 27001, SOC 2, to enhance the organization's security posture.

WHAT TO EXPECT

First 30 Days: Understanding the Organization & Security Landscape

• Meet with different business units and key stakeholders (IT, risk, compliance, operations) to understand business objectives and how security supports them.
• Review findings from CMMI assessment and existing security policies to assess the current state of security maturity and better understand established controls and gaps.
• Map existing security processes, IT infrastructure, and data flows to understand how information is managed and protected.
• Assess compliance and regulatory requirements.
• Understand current security challenges, leadership expectations, and business risk appetite.

First 60 Days: Strategy Development & Business Alignment

• Continue working closely with business units to fully understand how security impacts daily operations, data handling, and critical processes across teams.
• Develop the first draft of the cybersecurity strategy, outlining quick wins, key security initiatives and long-term roadmap for security maturity.
• Define a structured security awareness and training program.
• Establish a formal cyber risk management framework, ensuring all security risks are measured, owners and mitigation plans are defined
• Engage with IT leadership to integrate security into the technology roadmap and infrastructure planning.

First 90 Days: Strategy Execution & Quick Security Wins

• Finalize and secure leadership approval for the cybersecurity strategy, ensuring it aligns with business objectives.
• Implement quick security wins and initiate key security initiatives, such as strengthening identity & access management (IAM), establishing role-based access controls, and driving security policy adoption across teams etc.
• Launch the company-wide security awareness training and phishing simulations to test employee security readiness.
• Formalize security procedures with IT and business teams, ensuring clear security responsibilities.

By Year-End: Cybersecurity Maturity & Performance Tracking

• Conduct the first company-wide security policy review, adjusting for effectiveness and compliance.
• Define and begin tracking cybersecurity KPIs to measure security effectiveness.
• Implement structured security reporting, ensuring key cybersecurity updates are shared with leadership.
• Execute high-priority security initiatives identified in the cybersecurity strategy and CMMI findings.
• Assess and validate the impact of security initiatives.
• Recalculate the CMMI maturity score, demonstrating measurable improvements in security posture.

THIS IS YOU

• Bachelor’s degree in a security field or equivalent practical experiences of at least 3 years
• Previous experience implementing and managing Cyber Security governance within an organization
• Certified Information Security Manager (CISM) / Certified Information Systems Security Professional (CISSP) or similar Information Security related certificates
• Experience leading projects and initiatives
• Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
• A solid understanding of security best practices and international standards such as ISO27001, NIST
• Familiar with Capability Maturity Model Integration (CMMI) for Cyber Security
• Familiar with PIPEDA and privacy regulations
• Security Training and Awareness, Security Governance, and Security Incident Management knowledge & experience
• Advanced knowledge of organization, technology controls, security and risk issues.
• Experience working with Infrastructure, DevOps and Software Development teams is a plus
• Customer orientation, strong negotiating and problem-solving skills
• Strong planning, organizational and presentation skills.
• Very good command of Business English, both spoken and written.
• Experience explaining and sharing technical concepts to a non-technical audience

WHAT YOU'LL GET   

• Comfortable compensation
• Comprehensive and competitive benefits package.  
• Starting at 4 weeks' vacation, plus flex days to help you achieve that work-life balance.  
• Wellness programs to support you in and out of the office.   
• Learn and grow with us through our employee education program. 

YOUR COMPENSATION

At the time of this posting, the estimated pay range for this position is $155,000-$165,000. Individual compensation within this range is determined by factors such as job-related skills, relevant experience, and education/training. This range reflects the base pay and does not encompass our comprehensive total rewards, benefits, and the variable bonus that we proudly offer.

WHY YOU WILL LOVE WORKING FOR GroupHEALTH   

Professional Development    

We are a fast-growing company and as a result, there are ample opportunities for career growth and professional development when you join our team. From a transparent promotion structure and defined career paths to a wide range of learning and development opportunities, we do what it takes to invest in your career and help you hone your skills so you can grow alongside us!    

Health & Wellness Benefits    

We offer a comprehensive array of health and wellness benefits that provide choices so you can tune your benefits plan to fit your unique needs.    

Events and Socials    

When you join our team, you’ll enjoy everything from virtual company-wide teaching and training days, industry events, team social events and much more!