Manager, Cybersecurity Risk

At SE Health, our people are everything—and our Home Office is an important part of that culture. When you choose to join SE Health, you become part of a caring, purpose-driven team that’s making a real difference across the country. Our Home Office is where innovation meets impact—supporting our direct care teams, driving strategic growth, and helping to shape the future of health care. As a member of our amazing Home Office team, you’ll collaborate with passionate colleagues, bring bold ideas to life, and contribute to meaningful work that supports thousands of care interactions each day. We believe in growing together, investing in our people, and creating an inclusive workplace where you can be yourself. Learn why you come first at SE Health.

Job Summary  
The Manager, Cybersecurity Risk is responsible for the operational execution and continuous improvement of SE Health’s cybersecurity governance, risk management and compliance programs. The role translates cybersecurity strategy into repeatable processes, controls and assurance activities that support regulatory readiness and strengthen SE Health’s overall security posture.

The Manager leads and develops a team of cybersecurity analysts, ensuring consistent execution of cybersecurity governance, risk and compliance activities across the organization. The role maintains alignment with cybersecurity-focused regulatory and industry standards such as ISO 27001, NIST CSF, SOC 2, and the cybersecurity requirements of PHIPA and PIPEDA, and collaborates across departments to enhance audit readiness, control effectiveness, vendor oversight and accountability in the management of cybersecurity risk.
 

Job Responsibilities:

Governance & Policy Framework Management

• Maintains, operationalizes and continuously improves approved cybersecurity governance frameworks, policies and standards.
• Ensures policies and standards remain aligned with regulatory requirements, internal controls and the cybersecurity strategy. Coordinates with Privacy team to ensure alignment where security and privacy requirements intersect.
• Leads and mentors their team in the development, review and lifecycle management of cybersecurity governance documents, including security policies, technical standards, security procedures and control requirements.
• Supports the Director, Cyber Security in promoting consistent policy adoption and ensuring clarity of roles, responsibilities and control expectations across the organization.
   

Cybersecurity Risk Management & Control Assurance

• Manages the execution of cybersecurity risk identification, assessment and mitigation planning processes, including maintenance of the cyber risk register.
• Prepares risk treatment and risk acceptance recommendations for review and approval by Cyber Security management.
• Ensures that control testing, validation and documentation meet compliance and assurance requirements.
• Monitors the status of risk mitigation activities and provides timely updates to Cyber Security management to support informed decision-making.
• Supports analysts in interpreting risk outcomes and applying consistent risk scoring and documentation practices.
   

Cybersecurity Audit & Regulatory Compliance

• Manage end-to-end internal and external cybersecurity audit readiness and security assessments, including evidence collection for security controls, security control testing results, technical documentation submissions and security finding remediation tracking.
• Maintains readiness for certification and compliance audits (ISO 27001, SOC 2, etc.), ensuring documentation and control requirements are met.
• Supports audit finding remediation efforts by partnering with control owners and tracking progress to closure.
   

Third-Party Risk & Data Protection

• Manages third-party cybersecurity risk assessments focused on vendor security controls, infrastructure security, access management, data encryption, incident response capabilities and technical security requirements, including risk scoring, documentation and remediation tracking. Coordinates with Privacy team on data protection impact assessments (PIAs) where cybersecurity controls intersect with privacy requirements.
• Escalates high-risk vendors, unresolved findings and exception requests to Cyber Security management for review, risk acceptance or further action.
• Collaborates with Legal, Privacy and Compliance teams to ensure technical security control expectations, contractual security requirements and security-related data protection obligations are met. This role focuses on cybersecurity controls that protect systems and data.
• Maintains documented records of vendor cybersecurity assessments, security control validations and technical security reviews to support auditability and ongoing security monitoring.
   

Awareness, Metrics & Continuous Improvement

• Defines cybersecurity awareness and training requirements focused on security threats (phishing, malware, social engineering), secure practices, access control, data protection and incident reporting, ensuring content aligns with cybersecurity policy, regulatory and risk management needs, and coordinates delivery with HR, Communications or Learning teams as appropriate.
• Develops, tracks and reports key risk and performance indicators (KRIs/KPIs) related to control effectiveness, audit findings, third-party risk and risk treatment progress to Cyber Security management.
• Identifies recurring gaps, trends and opportunities for process and control enhancement to support ongoing maturity of SE Health’s cybersecurity progra
   

Qualifications:

• Post-secondary education in an IT-related field (e.g., Cybersecurity, Computer Science, Information Technology) or an equivalent combination of relevant education, certifications and professional experience.
• Professional certifications such as CISSP, CISM, CISA or ISO 27001 Lead Auditor/Implementer considered strong assets.
• Experience working with cybersecurity frameworks such as ISO 27001, NIST CSF, SOC 2, PHIPA, PIPEDA and related regulatory requirements.
• Strong analytical and problem-solving skills, with the ability to evaluate risk, interpret control requirements and support remediation activities.
• Ability to communicate clearly and collaborate effectively with both technical and non-technical teams.
• Demonstrated ability to lead, coach and support a technical team.
• Ability to manage multiple priorities and operate effectively in a dynamic and evolving environment.
   

Why Join SE Health?

• Competitive Total Rewards: So much more than a paycheque! Enjoy comprehensive benefits, pension, flexible pay options, car-loan support, housing solutions and exclusive staff perks.
• Flexibility & Belonging: Thrive with hybrid work, flexible scheduling and a supportive, inclusive culture that puts people first.
• Purpose & Impact: Join a national social enterprise where your voice matters. Every role helps advance health, spark innovation and strengthen communities across Canada.
• Growth That Meets Your Ambition: Access tuition support, training and meaningful career pathways across a growing, future-focused organization.

About SE Health

SE Health is a not-for-profit social enterprise advancing health with heart. With 115+ years of impact, we bring hope, happiness and exceptional care to people and communities across Canada. We lead with empathy, dignity and purpose while building a future where everyone can realize their full health and well-being potential. We’re also an inclusive, supportive workplace offering competitive compensation, strong benefits and real opportunities to grow. We’re All In Together.

COVID-19: To protect the health of our clients, teams, and communities, all SE Health employees must be fully vaccinated (two doses, 14+ days since the final dose).

Accessibility: If you require accommodations due to illness or disability, please contact Talent Acquisition at careers@sehc.com.

AI and compensation details: We use AI to take notes during our interview.  All applications and interviews are reviewed by our Talent Acquisition team. This role is a new addition. The total target compensation for this position is $97,000 - $121,000. The compensation offered is determined based on the successful candidate’s relevant experience, skills, and competencies, taking into consideration internal equity.