Chief Information Security Officer jobs

Job Description

Reporting to the Chief Information Officer, The Chief Information Security Officer (CISO) provides strategic and operational leadership for the organization’s IT Security program. Operating in a regulated healthcare environment including Long-Term Care and Home Care across Canada, The CISO is accountable for protecting healthcare, workforce, and corporate information while enabling safe, reliable, and innovative care delivery.

The CISO partners closely with IT leadership, clinical and frontline operational leaders, Legal, Finance, HR and Enterprise Risk Management to ensure the IT security programs and practices are aligned with organizational goals, regulatory requirements, and patient safety priorities.

This position will be based at our Head Office in Markham, ON. Extendicare offers a hybrid working environment.

As the Chief Information Security Officer you will:

• Establish and maintain a comprehensive, enterprise‑wide IT Security and risk management program covering people, processes, and technology.

• Provide guidance to internal leadership stakeholders regarding risks, controls, incidents, and emerging threats, including regular reporting and briefings.

• Define and maintain information security policies, standards, and governance aligned with healthcare best practices and regulatory expectations.

• Establish and report on security key risk metrics (KRM) suitable for consumption by technical and nontechnical stakeholders

• Lead cybersecurity risk assessments, threat modeling, and control effectiveness reviews across clinical, operational, and IT corporate systems.

• Ensure compliance with healthcare and privacy regulations (e.g., PHIPA, PIPEDA,) and alignment to NIST, SOC 2 and Zero Trust frameworks.

• Partner with IT Audit and IT leadership to ensure internal IT Audit controls (ICFR/ITGC) are operating effectively

• Establish and oversee a third‑party risk management (TPRM) program to assess vendors, cloud providers, and partners for security, privacy, and resiliency risks.

• Oversee the organization’s security operations, including detection, response, recovery, and continuous improvement.

• Act as executive sponsor for the Cybersecurity Incident Response Program, ensuring readiness, testing, and effective execution during cyber incidents.

• Collaborate across the organizational to embed modern security‑by‑design into infrastructure, applications, cloud services, and medical technologies.

• Define and provide oversight for the security program including identity and access management, data protection, endpoint security, infrastructure security, email security, people protection and third‑party integrations.

• Build, lead, and mentor a high‑performing cybersecurity culture within IT.

• Promote a strong security and privacy‑aware culture across the organization through education, awareness, and leadership engagement.

• Ensure appropriate skills, tools, and training are in place to support evolving threats and business needs.

• Other duties as required

Role Requirements:

• 10+ years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.

• Demonstrated experience operating in a regulated healthcare environment.

• Clear ability to engage in practical counsel rooted in relevant business terms, situational risk, supported by data and in language for technical and non-technical audiences.

• Strong understanding of healthcare technologies, privacy obligations, and patient safety considerations.

• Strong technical background and experience working in environments supporting Microsoft and Amazon PaaS and IaaS multi cloud models and the Microsoft ecosystem of cybersecurity and compliance solutions across the IT landscape.

• Familiar with working environments supporting Workday HCM and Finance, Service Now ITSM, Point Click Care and AlayaCare EMR as well as the Okta Identity lifecycle and governed solutions.

Additional preferred requirements:

• Executive experience as a CISO, Deputy CISO, or equivalent senior leadership role.

• Professional certifications such as CISSP, CISM, CRISC, or equivalent.

• Experience supporting healthcare accreditation, or regulatory examinations.

• Familiar with emerging AI capabilities, relevant AI business risk, risk mitigation concepts and experience with AI models including Microsoft and Anthropic.

• Experience in health sector is beneficial

At Extendicare, we believe that working as a team creates an environment that allows us to reach our potential. We value each employee, encourage equal opportunity for growth and recognize achievement. As a valued member of our team, you can expect:

• Continuous mentorship, support for life-long learning and growth opportunities

• Opportunities for advancement and career growth within the organization

• A rewarding and meaningful work experience where you can enrich your life and the lives of others through your work.

• Employee Family Assistance Program.

• Robust benefits package.

#extendicareIT

Time Type

Full time

Compensation Details

Compensation will be discussed during the recruiting process.

At Extendicare, we’ve spent more than 50 years dedicated to enhancing quality of life for the people we serve across Canada. When you join Extendicare, you become part of a compassionate, mission-driven team committed to supporting care delivery in homes and communities nationwide. Our corporate roles play a vital part in enabling front-line teams to provide exceptional experiences for clients and families. Together, we foster a culture of collaboration, innovation, and accountability—creating solutions that strengthen our services and improve lives every day.

We are committed to providing competitive compensation that reflects the value of this role and the unique qualifications each candidate brings. This opportunity is a replacement for an existing role and to support transparency, a hiring range may be included with this posting. However, final salary offers are based on a variety of factors such as your skills, experience, education, and alignment with the responsibilities of this position.

Base salary is one component of our broader total rewards package. We offer a comprehensive suite of benefits designed to support your health, financial well-being, and long-term career growth. Your recruiter can provide more details about our total rewards offerings during the hiring process.

We may use artificial intelligence (AI) tools to support certain stages of the recruitment process, such as reviewing applications, analyzing resumes, or assessing candidate responses. These tools assist our recruitment team but do not replace human judgment — every application is reviewed by a member of our team to ensure thoughtful and equitable consideration. If you would like more information about how your data is processed, please contact us.

Extendicare is committed to fostering an accessible, inclusive, and equitable hiring process. We gladly accommodate the needs of applicants throughout all stages of recruitment and selection upon request.