UHN is Canada’s #1 hospital and the world’s #1 publicly funded hospital. With 10 sites and more than 44,000 TeamUHN members, UHN consists of Toronto General Hospital, Toronto Western Hospital, Princess Margaret Cancer Centre, Toronto Rehabilitation Institute, The Michener Institute of Education and West Park Healthcare Centre. As Canada's top research hospital, the scope of biomedical research and complexity of cases at UHN have made it a national and international source for discovery, education and patient care. UHN has the largest hospital-based research program in Canada, with major research in neurosciences, cardiology, transplantation, oncology, surgical innovation, infectious diseases, genomic medicine, and rehabilitation medicine. UHN is a research hospital affiliated with the University of Toronto.

UHN’s vision is to build A Healthier World and it’s only because of the talented and dedicated people who work here that we are continually bringing that vision closer to reality.

www.uhn.ca

Union: Non-union
Number of vacancies: 1
New or Replacement Position: Replacement
Site: 620 University Avenue
Department: Digital
Reports to: Chief Information Officer
Hours: 37.5 hours per week
Status: Permanent Full Time
Closing Date: March 29, 2026

Position Summary

Reporting to the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) will lead and coordinate cybersecurity strategy across the Toronto Regional Local Delivery Group (LDG), representing multiple healthcare organizations across the region. In this executive leadership role, the CISO will oversee the implementation of Ontario Health’s Cyber Security Operating Model (CSOM), ensuring funded cybersecurity initiatives are delivered on time, within scope, and measurably strengthen the region’s security posture. The CISO will build strong partnerships across member organizations, guide governance and stakeholder engagement, and ensure alignment with the LDG delivery model. This role also oversees cybersecurity investment, procurement aligned with Broader Public Sector guidelines, and partnerships with external security providers to support secure and resilient healthcare operations.

Duties

• Cybersecurity Strategy & Leadership: Lead the development and execution of a regional cybersecurity strategy aligned with Ontario Health’s Cyber Security Operating Model (CSOM). Identify emerging cyber risks and establish multi-year roadmaps to strengthen cybersecurity maturity and resilience across all member organizations. Ensure alignment between regional security and privacy programs and promote consistent cybersecurity practices across the LDG.
• Program Oversight & Performance Management: Oversee the delivery of LDG-wide cybersecurity initiatives, ensuring projects are executed on schedule and in alignment with program objectives and funding requirements. Monitor progress, address barriers to implementation, and provide regular reporting and updates to executive leadership and key stakeholders. Lead regional cybersecurity awareness and education initiatives to strengthen organizational security culture.
• Risk Management & Incident Preparedness: Implement and maintain a regional risk management framework to proactively identify and address cybersecurity risks and vulnerabilities. Establish and coordinate a region-wide incident response approach, including preparedness planning, testing, and continuous improvement. Develop and maintain common cybersecurity policies, standards, and practices across member organizations.
• Governance & Stakeholder Engagement: Lead regional cybersecurity governance structures, including working groups and executive forums, to support collaboration, knowledge sharing, and coordinated decision-making across member organizations. Ensure transparent communication of priorities, progress, and outcomes while aligning regional initiatives with provincial cybersecurity direction.
• Financial Stewardship & Vendor Management: Oversee the regional cybersecurity budget and ensure investments are strategically prioritized to enhance the LDG’s security posture. Manage procurement and vendor partnerships for cybersecurity solutions and services, ensuring alignment with public sector procurement requirements and the delivery of high-quality, standardized security capabilities across the region.

• Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related discipline required. A master’s degree (e.g., MBA or Master’s in Cybersecurity or Information Security Management) is considered an asset.
• Minimum of 10 years of progressive experience in information technology and cybersecurity, including demonstrated leadership level enterprise security programs within complex or highly regulated environments (preferably healthcare or the broader public sector). At least 3 years of this experience should be in a senior leadership role (e.g., CISO, Director of Security, or equivalent).
• Experience developing and executing an enterprise or regional cybersecurity strategy, including oversight of multi-year roadmaps, risk-based prioritization, and delivery of large-scale security initiatives across complex or multi-stakeholder environments; demonstrated experience presenting to and advising executive leadership and governance bodies on cybersecurity risk, investment decisions, and program performance.
• Experience translating technical cybersecurity risks into clear business impacts for senior leaders and non-technical stakeholders; demonstrated experience building cross-organizational alignment, leading through influence, and driving consensus across diverse internal and external partners.
• Working knowledge of recognized cybersecurity frameworks and standards (e.g., NIST, ISO/IEC 27001, COBIT) and relevant privacy and regulatory requirements within healthcare and/or the public sector (e.g., PHIPA, PIPEDA). Experience applying cybersecurity best practices in areas such as cloud security, identity and access management, threat management, and incident response.
• Experience overseeing cybersecurity budgets and managing vendor relationships, including procurement, contract oversight, and performance management within a public sector or healthcare environment.
• Professional cybersecurity certifications (e.g., CISSP, CISM, CISA, CCISO) are preferred. Healthcare-focused certifications are considered an asset.

Why join UHN?

In addition to working alongside some of the most talented and inspiring healthcare professionals in the world, UHN offers a wide range of benefits, programs and perks. It is the comprehensiveness of these offerings that makes it a differentiating factor, allowing you to find value where it matters most to you, now and throughout your career at UHN.

• Competitive offer packages
• Government organization and a member of the Healthcare of Ontario Pension Plan (HOOPP https://hoopp.com/)
• Close access to Transit and UHN shuttle service
• A flexible work environment
• Opportunities for development and promotions within a large organization
• Additional perks (multiple corporate discounts including: travel, restaurants, parking, phone plans, auto insurance discounts, on-site gyms, etc.)

Current UHN employees must have successfully completed their probationary period, have a good employee record along with satisfactory attendance in accordance with UHN's attendance management program, to be eligible for consideration.

All applications must be submitted before the posting close date.

UHN uses email to communicate with selected candidates.  Please ensure you check your email regularly.

Please be advised that a Criminal Record Check may be required of the successful candidate. Should it be determined that any information provided by a candidate be misleading, inaccurate or incorrect, UHN reserves the right to discontinue with the consideration of their application.

UHN is an equal opportunity employer committed to an inclusive recruitment process and workplace. Requests for accommodation can be made at any stage of the recruitment process. Applicants need to make their requirements known.

We thank all applicants for their interest, however, only those selected for further consideration will be contacted.