Manager, ITS Governance Risk and Compliance (GRC)

London Health Sciences Centre (LHSC) is a world-class academic health sciences centre located in the southwestern Ontario city of London. Just two hours from Toronto and two hours from Detroit, London features a beautiful and walkable downtown core located on the Thames River, a vibrant culinary scene and scores of activities that highlight local arts, culture and music.  As one of Canada’s largest acute-care teaching hospitals, LHSC delivers world-class care and experiences, built on our commitment to excellence in research, innovation, and learning. In partnership with our communities, we design and advance healthcare to support he wellness of the populations we serve. LHSC delivers both local and regional services, including the Children’s Hospital, within a large geographic area. LHSC is known for its great people and great care, with a workforce of close to 15,000, dedicated to delivering the highest quality patient care while partnering with communities to transform health, one life at a time. 

The Information Technology Services (ITS) department provides the full spectrum of IT services for both LHSC and St. Joseph’s Health Care London including security. The Southwest Security Operations Centre (SOC) branch of ITS is tasked with providing security operations services to 19 acute care hospitals in Southwestern Ontario. In the capacity of security governance prime, ITS directly supports the City-wide Cyber Security Governance Committee and the Southwestern Ontario Cyber Security Governance Committee.

Posting Period

September 20, 2023 - October 3, 2023

Job Summary

What the Role is 

The Manager, ITS Governance Risk and Compliance (GRC) is accountable for establishing and maintaining IT security and process controls as well as cybersecurity education and relationship management for London Health Sciences Centre (LHSC), St. Joseph’s Health Care London (St. Joseph’s) and 17 other participating acute care facilities. This work is conducted in keeping with the organizations’ vision and strategy to ensure the confidentiality, integrity and security of IT systems and corporate and clinical electronic data. 

The initial focus of the role will be continuing to build a centralized presence, dedicated to increasing the security posture of LHSC and St. Joseph’s and to lead the reduction of organizational risk through completion of a defined mitigation plan.

This role provides guidance and direction to staff in identifying, developing, implementing and maintaining processes across the organizations to reduce information technology risks.  The Manager responds to incidents and non-compliance events, establishes standards and controls and manages security technologies. The role is accountable for the establishment and implementation of policies and procedures while ensuring compliance with provincial and federal laws and industry standards such as the Health Information Technology for Economic and Clinical Health Act (HIPPA). This role will additionally be accountable for a modern cybersecurity education program for all Southwest SOC customers.

Reporting to the Corporate Information Security Officer, the Manager, Governance Risk and Compliance directs, controls and evaluates the delivery of department services. They are responsible for translating decisions of the program leadership into execution, by utilizing relationship management and working with internal and external stakeholders to achieve the necessary outcomes. The Manager ensures their team and department operations are aligned with our mission, vision and values, while working together to successfully achieve our strategic objectives. 

This role is accountable for day-to-day department activities, including the management of human and material resources, day-to-day staffing and scheduling, development and support of a healthy workplace, risk and utilization measurements, and facilitation of improvement initiatives and change management, while operating within approved operational budgets and financial guidelines and controls. A major focus of the role is fostering effective working relationships and networks within the team/unit and with other teams across the organization. 

LHSC is committed to the principles of hybrid work and may offer this option to employees whose work can be performed in an alternate location, without adverse impact to the operations of the Hospital, inclusive of our Staff and Patient experience. Confirmation of hybrid work options available to you will be clarified upon hire and may be subject to change based on the duties required of your position. Successful candidates will be required to perform work within Ontario and must be available to work on location, as required. 

NOTE: this role is required to be on-call, evenings and weekends on a rotational basis of roughly one (1) week out of every quarter. 

Qualifications

Who You Are 

• You are self-aware of own assumptions, values, principles, strengths and limitations 

• You manage and develop self while modeling qualities such as honesty, integrity, resilience, and confidence 

• You engage and support others to foster development, personal goals and encourage a healthy organization 

• You achieve results by strategically aligning direction, decisions, actions and evaluation with the vision, values and evidence 

• You facilitate an environment of collaboration and cooperation 

• You create connections, build partnerships and networks 

• You demonstrate a commitment to the organizational vision, mission, values and service excellence 

• You are a transformational thinker that encourages and supports innovation 

• You have exceptional analytical skills that contribute to effective decision-making 

• You are self-directed, courageous, and highly motivated with excellent interpersonal and effective communication skills  

What Skills Are Needed 

• Planning and executing action plans that deliver results and motivate individuals for greater performance excellence 

• Strong business acumen  

• Values-based leadership and a proven track record for developing and sustaining healthy work environments and effective teams while leading in a performance-driven culture  

• Lead and drive system transformation 

• Develop self and others through teaching, coaching, mentoring and formal development processes  

• Strong analytical skills that contribute to effective problem solving and decision-making 

What You Will Bring with You 

• Successful completion of a recognized baccalaureate degree program in Business, Computer Science, Information Systems, Engineering, or a related discipline  

• Related post-graduate education preferred 

• Professional certifications and membership of associations in the field of IT Security and Risk Management such as CISSP, CRISC, CISM, ISA, and/or COSO Internal Control are an asset 

• Strong familiarity with HIPAA, NIST, ISO and other regulatory and industry frameworks 

• Minimum of 3 to 5 years’ IT security and compliance experience in progressively more responsible leadership roles in a healthcare environment, preferably in an acute care academic teaching hospital  

• Demonstrated experience of working closely with IT partners on major technology initiatives 

• Proven track record of assessing and managing IT compliance at an enterprise-wide level 

• including high quality and safe patient care and exceptional patient/family experiences 

• Ability to effectively work with diversity, appreciating that different opinions, backgrounds and characteristics can bring richness to the challenge at hand 

• Fluent and computer literate with computer systems such as email and Microsoft Office applications (MS Word, Excel & PowerPoint) 

• Demonstrated ability to attend work on a regular basis 

Other Information

London Health Sciences Centre fosters a culture of patient and staff safety whereby all employees are guided by LHSC's Mission, Vision, Values and Code of Conduct.

LHSC is committed to employment equity and diversity in the workplace, and welcomes applications from women, visible minorities, Indigenous people, persons with disabilities, and members of the 2SLGBTQIA+ community. We are committed to providing persons with disabilities equal opportunities and standards of goods and services, and are also fully compliant with the Accessibility for Ontarians with Disabilities Act (2005), as applicable.

Submission Requirements (please submit in one MS Word, or PDF(preferred), document): Cover Letter, Resume and Listing of Education, Credentials and Certifications

As part of the assessment process applicants may be required to complete a written profile, presentations, etc. Please be advised that reference checks may be conducted as part of the selection process. 

Successful candidates will be required to complete a health review which includes providing vaccination records or proof of immunity against Measles, Mumps, Rubella, and Varicella (Chicken Pox), Hepatitis B, Tetanus/Diphtheria/Polio; Meningitis. In addition, candidates will need to provide documentation of Tuberculosis Skin testing and a completed COVID vaccine series (two vaccines).? 

Your interest in this opportunity is appreciated. Only those applicants selected for an interview will be contacted. Successful candidates, as a condition of job offer, would be required to complete a satisfactory police information check (original document) completed in the last 6 months.  


Apply