Chief Information Security Officer (CISO) – Local Delivery Group (LDG) Cybersecurity Lead

Union: Non-union
Number of vacancies: 1
New or Replacement Position: Replacement
Site: 620 UniversityAvenue
Department: Digital
Reports to: Chief Information Officer
Hours: 37.5 hours per week
Status: Permanent Full Time
Closing Date: March 29, 2026

Position Summary

Reporting to the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) will lead and coordinate cybersecurity strategy across the Toronto Regional Local Delivery Group (LDG), representing multiple healthcare organizations across the region. In this executive leadership role, the CISO will oversee the implementation of Ontario Health’s Cyber Security Operating Model (CSOM), ensuring funded cybersecurity initiatives are delivered on time, within scope, and measurably strengthen the region’s security posture. The CISO will build strong partnerships across member organizations, guide governance and stakeholder engagement, and ensure alignment with the LDG delivery model. This role also oversees cybersecurity investment, procurement aligned with Broader Public Sector guidelines, and partnerships with external security providers to support secure and resilient healthcare operations.

Duties

• Cybersecurity Strategy & Leadership: Lead the development and execution of a regional cybersecurity strategy aligned with Ontario Health’s Cyber Security Operating Model (CSOM). Identify emerging cyber risks and establish multi-year roadmaps to strengthen cybersecurity maturity and resilience across all member organizations. Ensure alignment between regional security and privacy programs and promote consistent cybersecurity practices across the LDG.
• Program Oversight & Performance Management: Oversee the delivery of LDG-wide cybersecurity initiatives, ensuring projects are executed on schedule and in alignment with program objectives and funding requirements. Monitor progress, address barriers to implementation, and provide regular reporting and updates to executive leadership and key stakeholders. Lead regional cybersecurity awareness and education initiatives to strengthen organizational security culture.
• Risk Management & Incident Preparedness: Implement and maintain a regional risk management framework to proactively identify and address cybersecurity risks and vulnerabilities. Establish and coordinate a region-wide incident response approach, including preparedness planning, testing, and continuous improvement. Develop and maintain common cybersecurity policies, standards, and practices across member organizations.
• Governance & Stakeholder Engagement: Lead regional cybersecurity governance structures, including working groups and executive forums, to support collaboration, knowledge sharing, and coordinated decision-making across member organizations. Ensure transparent communication of priorities, progress, and outcomes while aligning regional initiatives with provincial cybersecurity direction.
• Financial Stewardship & Vendor Management: Oversee the regional cybersecurity budget and ensure investments are strategically prioritized to enhance the LDG’s security posture. Manage procurement and vendor partnerships for cybersecurity solutions and services, ensuring alignment with public sector procurement requirements and the delivery of high-quality, standardized security capabilities across the region.