Company: TransForm Shared Service Organization
Location: On-site in Windsor, ON
Posting Period: August 18, 2025 to August 31, 2025 closed at 4:00pm
Employment Type: Permanent, Full-Time
Benefits: Pension, Health & Dental, Paid Sick, Life & Disability Insurance, Vacation and more. Visit our website for more details
Scope: Internal & External
Conditions: Current business reference checks, judicial matters police clearance, and immunization medical clearance

POSITION SUMMARY:

The Director of Cybersecurity and GRC is a senior leader responsible for developing and executing a comprehensive cybersecurity program across five hospitals. This role leads the organization’s ISO/IEC 27001 certification strategy and maintains a robust Information Security Management System (ISMS) to drive enterprise risk management and data protection.
The Director oversees all GRC functions, including policy development, risk assessments, audit readiness, and compliance with healthcare regulations such as HIPAA and PHIPA. Working closely with IT and clinical leadership, they embed cybersecurity best practices into operational workflows and reduce technical risk across the organization. This is a strategic role focused on governance, secure configuration, and compliance—not day-to-day infrastructure operations.
The Director reports to the CIO and serves as a key advisor to senior leadership on cyber risk, maturity, and investment priorities.

ABOUT US:

TransForm Shared Service Organization, a non-profit, unique, innovative, results-driven organization founded by hospitals in the Erie St. Clair region. Our services include: clinical and business system application support, integration and development, information system infrastructure, information privacy, security, IT break fix, project management as well as other back office support services. As a strategic solutions centre committed to exceptional service delivery, TransForm leads, innovates and supports health system transformation. If you are service oriented, dedicated to exceeding performance expectations and interested in reaching your full potential, TransForm is for you! We welcome and appreciate your interest in our organization. Want to know more about TransForm? Visit our website

• Lead ISO/IEC 27001/HITRUST implementation and certification efforts across five hospitals.
• Maintain the Information Security Management System (ISMS) and ensure audit readiness.
• Develop and manage the GRC program in alignment with NIST CSF and healthcare regulations (HIPAA, PHIPA).
• Conduct regular risk assessments, track mitigation, and report on compliance.
• Define and enforce secure configurations across Microsoft Intune, O365, SharePoint, and AD using CIS Benchmarks.
• Collaborate with IT to reduce attack surfaces and embed security into system design.
• Advise on cybersecurity in new initiatives (e.g., cloud migration, clinical tech rollouts).
• Lead security awareness and accountability efforts across technical and clinical teams.
• Deliver risk dashboards and metrics to the executive team and board.
• Continuously improve the security program based on threat intelligence and emerging standards.