ISO Cybersecurity Compliance Lead

Join our team as an ISO Cybersecurity Compliance Lead at FYidoctors! In this role, you'll be responsible for achieving and managing ISO certification, creating policies and procedures, developing cross-functional framework charts, and assisting in creating Information Security test plans. You will work with consulting agencies on implementation and program management to achieve ISO and other regulatory certifications.

We prefer candidates located in Calgary, as our Home Office is based there and follows a hybrid work model.

1. Collaborate with external consulting firms to facilitate the implementation of ISO 27001 certification and other compliance requirements.
2. Manage projects to achieve and maintain ISO 27001 and ISO 27701 certifications.
3. Assist in gap analysis, risk assessments, and develop necessary controls.
4. Create, review, and update cybersecurity policies, procedures, and guidelines to ensure compliance with ISO standards, HIPAA, HITECH, and other standards.
5. Maintain documentation of all compliance activities, including risk assessments, audit findings, and corrective actions.
6. Prepare reports for IT leadership and ensure all healthcare-related compliance documentation is current.
7. Conduct risk and compliance assessments of IT and security standards.
8. Coordinate external and internal audits, providing necessary documentation.
9. Upgrade cybersecurity programs and controls, implementing and maintaining security measures.

1. Bachelor’s degree in information security, Computer Science, or a related field.
2. 3 to 5 years of cybersecurity experience, focusing on compliance and implementing ISO 27001, ISO 27701, and other privacy frameworks.
3. Experience with ISO 27001, ISO 27002, ISO 27701 certifications, and healthcare compliance.
4. Certifications such as CISA, Security+, or pursuing them are assets.
5. Knowledge of CIS 2.0 security controls and NIST 800-53 framework is an asset.
6. Experience in creating and maintaining IT and security policies, standards, and procedures.
7. Understanding of Identity Access Management (IAM) and Privileged Access Management (PAM).
8. Knowledge of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).
9. ISO 27001 Implementer or Auditor certification is an asset.
10. Bilingual in French and English is an asset.

• Comprehensive rewards, including glasses and lenses.
• Growth and development opportunities within a coaching culture.
• People-first culture, with a pet-friendly environment.
• Support for community involvement and giving back.

FYihealth group is Canada's leading diversified healthcare organization, focusing on delivering outstanding eye care. Our values include Diversity, Equity, Inclusion, and Opportunity. We are committed to accessibility and accommodate applicants' needs throughout the hiring process.