Senior Manager, Infosec, IT & Compliance

Posted yesterday

Apply Now

Resume Score

Check how well your resume matches this job before you apply.

Sign in to check score

About the role

  • Senior Manager managing InfoSec, IT Operations, and Compliance for healthcare practitioners. Overseeing regulatory execution, vendor relations, and technical risk management in a remote-first environment.

Responsibilities

  • Manage multi-jurisdictional compliance execution - Support implementation of HIPAA/HITECH, GDPR/UK GDPR, PIPEDA, Quebec Law 25, PHIPA, and emerging privacy laws and coordinate with legal counsel on complex regulatory matters.
  • Drive vendor risk management and BAA/DPA lifecycle - Negotiate and finalize Business Associate Agreements and Data Processing Agreements with subprocessors, ensuring breach notification timelines meet calendar-day standards, data deletion commitments are defined, and subprocessor transparency obligations are satisfied.
  • Mature security posture and operational resilience - Partner with Engineering to implement security controls that support SOC 2 Type II and ISO 27001 readiness, lead incident response planning and breach notification workflows, and establish monitoring/alerting.
  • Embed privacy-by-design across product and engineering - Collaborate with Product and Engineering leadership to assess PHI exposure in new features, define data minimization strategies, and guide architecture decisions that reduce compliance risk.
  • Lead IT operations and service delivery - Own user onboarding / offboarding workflows, device provisioning and management, and IT service delivery for a remote-first team, partnering with HR on seamless employee lifecycle management.
  • Drive Identity & Access Management (IAM) strategy - Own identity provider configuration and access control policies, implementing least-privilege access principles, periodic access reviews, and role-based access control (RBAC) frameworks.
  • Manage endpoint security and device management - Define and enforce endpoint security standards (MDM, disk encryption, antivirus, patching). Establish laptop procurement standards and remote device management policies. Coordinate with Engineering on developer tooling and access requirements.
  • Own SaaS vendor rationalization and procurement hygiene - Conduct regular vendor intelligence audits to identify tool overlaps, license waste and procurement gaps. Partner with Finance on SaaS spend optimization.
  • Strengthen the InfoSec, IT & Compliance function - Develop and refine processes, tooling, and documentation to support organizational growth. Manage and mentor the IT Operations team. Partner with third-party compliance advisors to accelerate maturity.
  • Act as the bridge between Legal, Engineering, IT, and the business — Translate complex legal language into actionable engineering requirements. Partner with Customer Success on practitioner-facing compliance communications. Coordinate cross-functional responses to regulatory inquiries, audits, and customer due diligence requests.

Requirements

  • 6+ years of relevant experience in information security, IT operations, privacy, and compliance roles, with at least 2+ years in healthcare SaaS or regulated industry
  • Deep expertise in HIPAA/HITECH compliance, including Business Associate obligations, breach notification requirements, and Covered Entity vs. Business Associate determination frameworks
  • Strong working knowledge of GDPR/UK GDPR and cross-border data transfer mechanisms
  • Proven ability to negotiate and finalize vendor BAAs and DPAs, with a strong understanding of must-have vs. nice-to-have contractual terms
  • Experience implementing security frameworks (SOC 2, ISO 27001, or equivalent) and managing third-party audits or certifications
  • Hands-on experience leading IT operations for remote-first organizations, including identity & access management, device provisioning, and SaaS vendor management
  • Prior experience building or scaling InfoSec, IT, and compliance functions from scratch in high-growth SaaS companies
  • Technical grounding in SaaS architecture, APIs, data flows, infrastructure (cloud environments like AWS), and identity providers (Google Workspace, Okta, Microsoft 365)
  • Exceptional communication skills - you can translate legal jargon into plain language for practitioners, write concise vendor negotiation emails, and present compliance strategies to executive leadership with clarity and confidence
  • Bias for action and pragmatic risk management - you know when to escalate to legal counsel and when to make judgment calls independently
  • Comfortable operating in a fast-moving, high-growth environment where priorities shift and ambiguity is the norm.

Benefits

  • Comprehensive health and dental benefits from day 1
  • RRSP matching
  • Generous paid parental leave
  • Annual learning stipends
  • Unlimited vacation
  • $750 annual Health & Wellness Allowance
  • $1,000 annual Learning & Development Allowance to support your growth
  • $500 annual Home Office Allowance to set up a productive remote workspace
  • Personalized support for family-building and fertility journeys
  • Confidential, digital mental health support from licensed professionals
  • Company-wide holiday closure in December
  • Regular virtual company-wide events, lunches, and team socials to stay connected

Job title

Job type

Full Time

Experience level

Senior

Salary

CA$165,000 - CA$180,000 per year

Degree requirement

Bachelor's Degree

Tech skills

AWSCloud

Location requirements

RemoteCanada

Report this job

Found something wrong with the page? Please let us know by submitting a report below.