Senior Manager managing InfoSec, IT Operations, and Compliance for healthcare practitioners. Overseeing regulatory execution, vendor relations, and technical risk management in a remote-first environment.
Responsibilities
Manage multi-jurisdictional compliance execution - Support implementation of HIPAA/HITECH, GDPR/UK GDPR, PIPEDA, Quebec Law 25, PHIPA, and emerging privacy laws and coordinate with legal counsel on complex regulatory matters.
Drive vendor risk management and BAA/DPA lifecycle - Negotiate and finalize Business Associate Agreements and Data Processing Agreements with subprocessors, ensuring breach notification timelines meet calendar-day standards, data deletion commitments are defined, and subprocessor transparency obligations are satisfied.
Mature security posture and operational resilience - Partner with Engineering to implement security controls that support SOC 2 Type II and ISO 27001 readiness, lead incident response planning and breach notification workflows, and establish monitoring/alerting.
Embed privacy-by-design across product and engineering - Collaborate with Product and Engineering leadership to assess PHI exposure in new features, define data minimization strategies, and guide architecture decisions that reduce compliance risk.
Lead IT operations and service delivery - Own user onboarding / offboarding workflows, device provisioning and management, and IT service delivery for a remote-first team, partnering with HR on seamless employee lifecycle management.
Drive Identity & Access Management (IAM) strategy - Own identity provider configuration and access control policies, implementing least-privilege access principles, periodic access reviews, and role-based access control (RBAC) frameworks.
Manage endpoint security and device management - Define and enforce endpoint security standards (MDM, disk encryption, antivirus, patching). Establish laptop procurement standards and remote device management policies. Coordinate with Engineering on developer tooling and access requirements.
Own SaaS vendor rationalization and procurement hygiene - Conduct regular vendor intelligence audits to identify tool overlaps, license waste and procurement gaps. Partner with Finance on SaaS spend optimization.
Strengthen the InfoSec, IT & Compliance function - Develop and refine processes, tooling, and documentation to support organizational growth. Manage and mentor the IT Operations team. Partner with third-party compliance advisors to accelerate maturity.
Act as the bridge between Legal, Engineering, IT, and the business — Translate complex legal language into actionable engineering requirements. Partner with Customer Success on practitioner-facing compliance communications. Coordinate cross-functional responses to regulatory inquiries, audits, and customer due diligence requests.
Requirements
6+ years of relevant experience in information security, IT operations, privacy, and compliance roles, with at least 2+ years in healthcare SaaS or regulated industry
Deep expertise in HIPAA/HITECH compliance, including Business Associate obligations, breach notification requirements, and Covered Entity vs. Business Associate determination frameworks
Strong working knowledge of GDPR/UK GDPR and cross-border data transfer mechanisms
Proven ability to negotiate and finalize vendor BAAs and DPAs, with a strong understanding of must-have vs. nice-to-have contractual terms
Experience implementing security frameworks (SOC 2, ISO 27001, or equivalent) and managing third-party audits or certifications
Hands-on experience leading IT operations for remote-first organizations, including identity & access management, device provisioning, and SaaS vendor management
Prior experience building or scaling InfoSec, IT, and compliance functions from scratch in high-growth SaaS companies
Technical grounding in SaaS architecture, APIs, data flows, infrastructure (cloud environments like AWS), and identity providers (Google Workspace, Okta, Microsoft 365)
Exceptional communication skills - you can translate legal jargon into plain language for practitioners, write concise vendor negotiation emails, and present compliance strategies to executive leadership with clarity and confidence
Bias for action and pragmatic risk management - you know when to escalate to legal counsel and when to make judgment calls independently
Comfortable operating in a fast-moving, high-growth environment where priorities shift and ambiguity is the norm.
Benefits
Comprehensive health and dental benefits from day 1
RRSP matching
Generous paid parental leave
Annual learning stipends
Unlimited vacation
$750 annual Health & Wellness Allowance
$1,000 annual Learning & Development Allowance to support your growth
$500 annual Home Office Allowance to set up a productive remote workspace
Personalized support for family-building and fertility journeys
Confidential, digital mental health support from licensed professionals
Company-wide holiday closure in December
Regular virtual company-wide events, lunches, and team socials to stay connected
Senior Technology Architect providing technical information architecture and solution design for infrastructure projects. Collaborating on modernization initiatives and technical architecture assessments.
Technicien.ne en informatique chez 6tem TI, assurant le support technique aux clients de la région de la Beauce. Poste hybride, alliant interventions sur route et télétravail.
Audit Manager responsible for executing and managing audit engagements at Sun Life. Collaborating with teams to assess risks and improve financial service processes.