Executive Director

Alberta’s Health Shared Services (HSS) has an exciting opportunity for a Chief Information Security Officer (CISO) who will share accountability with HSS leadership for defining, implementing, and running the enterprise information security program aligned with the vision and priorities of Alberta’s refocused health system. This involves identifying, evaluating, and reporting on legal and regulatory IT, and cybersecurity risks to information assets and advancing the objectives of Alberta’s new health pillars: Acute Care Alberta, Primary Care Alberta, Assisted Living Alberta, and Recovery Alberta. The CISO reports to the Chief Information Officer (CIO), is part of an IT Executive Committee, and co-chairs the Information and Cyber Security Council with the Chief Technology Officer (CTO). This role also regularly reports to organizational governance groups and participates in other committees as required. The CISO establishes and maintains the information security program, ensuring information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the HSS digital ecosystem. This is accomplished by collaborating with executive and senior management to determine acceptable risk levels for HSS and its supported organizations. The CISO provides vision and guidance to leaders while managing stakeholder expectations and collaborating across the health organization. The CISO proactively works with stakeholders to build a culture of awareness, understanding, and adoption for practices that meet strong information security policies and standards. The CISO should understand and articulate the impact of cybersecurity on digital business and be able to effectively collaborate on/communicate pragmatic recommendations for investments and projects that will mitigate overall risks to senior stakeholders.

The Chief Information Security Officer (CISO) must be knowledgeable of HSS priorities and environments to ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory, and contractual obligations. They maintain oversight of second-line assurance activities not only related to confidentiality, integrity, and availability, but also to the safety and recovery of information in the custody of, owned, or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology, applications, systems, and processes in large and complicated healthcare structure at HSS is as important as protecting information within the organization's perimeter. Financial responsibilities for this role include monitoring assigned budgets, authorizing expenditures and/or changes, planning and determining budgets, and having complete accountability for multi-faceted budgets. The ideal candidate is a great communicator and collaborator capable of building consensus and bridges of understanding between HSS business and technology portfolios. They are an integrator of people, process, and technology. They must also be able to coordinate disparate drivers, constraints, and differing opinions, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. This role requires an expert with a strong understanding of IT/organizational risk management and the ability to influence the organizational policy directives. This role leads a group of administrative/specialist/professional staff across the function and provides expert guidance to other specialists.

Knowledge and understanding of relevant legal and regulatory requirements. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework. Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies. Up-to-date knowledge of methodologies and trends in both business and IT. Ability to motivate HSS and its supported stakeholders in embracing security best practices. Strong ability to collaborate and build understanding across a broad range of stakeholders. Strong decision-making abilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security. Degree in business administration or a technology-related field, or equivalent work-or education-related experience.

There is an expectation that candidates have held a CISO position in a large organization previously.

Desired, but not required: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials. Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment. Experience with contract and vendor negotiations.