Our Client is a rapidly growing Life Sciences & HealthTech company based in Vancouver. We seek a highly-skilled and motivated Manager of Risk & Information Security to join the team.

Responsibilities:

• Evaluate the existing landscape and devise a long-term strategy to enhance security measures and mitigate risks.

• Implement the strategy by selecting, configuring, and supporting enterprise-level cybersecurity solutions and associated procedures as required.

• Establish and oversee an outsourced model for security operations, including monitoring, investigations, and incident response.

• Promote security awareness throughout the organization through various means, such as training programs and simulated phishing exercises.

• Create and execute a framework and system for managing IT risks, encompassing information security, regulatory compliance, and operational continuity risks.

• Collaborate with IT business partners to identify and address information security risks within critical functional areas like HR, Research, and Clinical Development.

• Regularly update the IT Steering Committee, Senior Executive Team, and Board Audit Committee on the performance of existing controls, plans for implementing new controls, known threats, and any cybersecurity incidents, in conjunction with the SVP, Information Systems.

• Manage relationships with vendors (e.g., hardware, software, and service providers) to optimize their value in project delivery and ongoing operations.

• Oversee the internal team and external resources to develop and implement effective solutions (people + process + technology) and provide seamless support for those solutions.

• Utilize data and metrics to analyze performance trends, gain insights, and drive continuous improvement.

• Contribute to the formulation and execution of the strategy for evolving the overall IT operating model, including restructuring, process enhancements, and new ways of working.

• Assume additional responsibilities as the IT department expands and adapts to meet the company’s needs, leveraging relevant experience, expertise, and available resources within IT.

• Establish and propose short- and long-term objectives for the department aligned with the company’s overall strategies and plans.

Requirements:

• Bachelor’s Degree, certification in information systems security (CISSP / CISA), and a deep understanding of industry frameworks and standards, including NIST CSF and ISO 27001A.

• Minimum of 8 years of IS/IT experience and 4 years in cyber security.

• Experience with vendor management and operating an outsourced model for security operations.

For more information, please get in touch with Tim Swanson.

For transparency reporting purposes, the estimated base compensation range is $130k to $150k annually. This range is an estimate only and may be adjusted to reflect market conditions or experience.