Cyber Security Manager
Listed on 2026-07-07
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, IT Project Manager
About GroupHEALTH
At GroupHEALTH, we're proud of the work we do – but it's how we do it that truly sets us apart. We're a fast-moving, ever-evolving, stable organization with deep roots and a bold vision: to transform the way Canadians experience benefits. We combine agility with long-term stability to create meaningful impact. Here, you'll find more than just a job. You'll find a purpose-driven, people-first culture where kindness, collaboration, and curiosity thrive.
Whether you've been here fifteen years or fifteen days, you'll notice right away – our people are genuinely invested in one another's success and delivering exceptional experiences to our clients and plan members.
The Role
The Cyber Security Manager will lead the development and implementation of our cybersecurity strategy, owning overall security posture and playing a crucial role in safeguarding our company. The Cyber Security Manager will be responsible for establishing and implementing robust security processes, developing policies, and building an Information Security Management System (ISMS). In this role, you will work on our existing roadmap of findings to identify and address security gaps, enhance our security posture, and ensure the protection of our valuable assets.
This is a hybrid role based out of our Surrey office, working a blend of days in office and days from home.
First 30 Days:
- Compute a baseline composite score across all six KPI domains and present to the CIO with a gap analysis and 90-day improvement plan.
First 60 Days:
- Hire and onboard the Security Analyst and Security Engineer, with each team member receiving clear 90-day objectives within their first week.
- Develop and present the 12-month Cyber Security roadmap covering all six NIST CSF 2.0 functions, tool procurement, and maturity milestones by Day 45.
First 90 Days:
- Deliver the first quarterly cyber security report to the board risk committee covering the composite score baseline, top risks, PIPEDA compliance status, and Munich Re alignment summary.
- Oversee Security Analyst development of the GroupHEALTH policy suite, with all core policies approved by the CIO and communicated to all staff and entity presidents by Day 75.
- Identify all Tier 1 vendors across all 10 entities, initiate security questionnaires, and launch a Microsoft EASM or UpGuard evaluation by Day 75.
- Establish and support an effective cybersecurity program aligned with industry best practices, regulatory requirements, and organizational objectives
- Develop, document, and implement comprehensive security policies, standards, and procedures to protect information assets
- Develop, implement, and monitor an ISMS program to ensure the confidentiality, integrity, and availability of sensitive data owned, controlled, or processed by the organization
- Serve as the primary point of contact and responsible party for cyber and information security across the organization
- Contribute to the development and oversight of a global security management strategy and framework
- Oversee third‑party reviews and risk assessments to ensure comprehensive evaluation of security risks
- Lead business compliance efforts for security, including supporting regular risk assessments to identify potential vulnerabilities, threats, and areas for improvement, and developing action plans to mitigate identified risks
- Develop a metrics and reporting framework to measure cybersecurity and governance KPIs and KRIs, including tracking industry trends and best practices
- Collaborate with cross‑functional teams and the Privacy and Risk team to ensure security requirements are integrated into system development and business processes
- Provide guidance and support to technical teams in the design and implementation of security systems, networks, and applications
- Stay current with the latest industry trends, emerging threats, and security technologies, and adjust the organization's security strategy accordingly
- Develop and deliver a security training and awareness program to promote a culture of security and influence behavior that reduces cyber and information security risk
- Monitor and respond to…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: