ISO Cybersecurity Compliance Lead

Join our team as an ISO Cybersecurity Compliance Lead! In this role, you'll be responsible for achieving and managing ISO certification. Your duties will include creating policies and procedures, developing cross-functional framework charts, assisting in creating Information Security test plans, and collaborating with consulting agencies on implementation and program management to achieve ISO and other regulatory certifications.

We are ideally seeking a candidate located in Calgary. Our Home Office is in Calgary and follows a hybrid work model.

1. Collaborating with external consulting firms to facilitate the implementation of ISO 27001 certification and other certifications, ensuring alignment with healthcare compliance requirements.
2. Managing projects to achieve and maintain ISO 27001 and ISO 27701 certification.
3. Assisting in gap analysis, risk assessments, and the development and implementation of necessary controls.
4. Creating, reviewing, and updating cybersecurity policies, procedures, and guidelines to ensure compliance with ISO 27001, ISO 27701, HIPAA, HITECH, and other applicable standards.
5. Maintaining thorough documentation of all compliance activities, including risk assessments, audit findings, and corrective actions.
6. Preparing regular reports for the IT leadership group and ensuring all healthcare-related compliance documentation is up to date.
7. Conducting risk and compliance assessments of IT and security standards.
8. Coordinating external and internal audits, providing documentation for audits.
9. Upgrading cybersecurity programs and capabilities, implementing and maintaining security controls.

1. A bachelor’s degree in information security, Computer Science, or a related field.
2. 3 to 5 years of experience in cybersecurity, focusing on compliance and implementing ISO 27001, ISO 27701, and other privacy frameworks.
3. Experience in implementing and maintaining ISO 27001, ISO 27002, ISO 27701 certifications, and healthcare-related compliance.
4. CISA, Security+, etc., certifications or pursuing certifications are considered assets.
5. CIS 2.0 security and NIST 800-53 framework controls are considered assets.
6. Experience in creating and maintaining IT and security policies, standards, and procedures.
7. Knowledge of Identity Access Management and Privileged Access Management (IAM and PAM).
8. Understanding of Role and attribute-based access controls (RBAC and ABAC).
9. ISO 27001 Implementer or Auditor certification is considered an asset.
10. Bilingualism (French/English) is considered an asset.

1. A comprehensive total rewards package, including two free pairs of glasses and lenses per year.
2. A coaching culture that fosters ongoing growth and development opportunities.
3. A people-first culture (dogs are also welcome!).
4. An organization that gives back locally and nationally, supporting your involvement.

FYihealth group is Canada's leading diversified healthcare organization, comprising FYidoctors, Visique, BonLook, and Solis Optics. Doctor-led, professionally managed, and patient-focused, we aim to deliver outstanding eye care with patient-centric products and services. Our purpose is to enhance the lives of our patients. We are Canada's fastest-growing eye care provider, with our own ophthalmic lens manufacturing facility and distribution center.

At FYihealth group, our core values are Diversity, Equity, Inclusion, and Opportunity. We are proud to be an equal opportunity employer and provide accommodations upon request during the application process. All accommodation information will be kept confidential to ensure an accessible experience for candidates and team members.