Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Practice EHR

Senior Manager, Infosec, IT & Compliance

Practice EHR

Senior Manager managing InfoSec, IT Operations, and Compliance for healthcare practitioners. Overseeing regulatory execution, vendor relations, and technical risk management in a remote-first environment.

Posted 7/14/2026full-timeRemote • 🇨🇦 CanadaSenior💰 CA$165,000 - CA$180,000 per yearWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in managing multi-jurisdictional compliance, particularly with HIPAA/HITECH and GDPR regulations, while leading IT operations and security initiatives in a remote-first environment. Proven ability to negotiate vendor agreements and implement security frameworks to enhance organizational resilience and compliance maturity.

Highest-signal resume keywords
HIPAA/HITECH ComplianceGDPR/UK GDPR KnowledgeVendor Risk ManagementSecurity Framework ImplementationIdentity & Access Management

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
Compliance ExecutionBusiness Associate AgreementsData Processing AgreementsIncident Response PlanningEndpoint Security ManagementSaaS Vendor ManagementSecurity Controls ImplementationData Minimization StrategiesRemote Device ManagementThird-Party Audit Management
Soft Skills
Exceptional CommunicationPragmatic Risk ManagementCollaborationMentoringAdaptability
Tools & Technologies
SOC 2ISO 27001AWSGoogle WorkspaceOktaMicrosoft 365
Industry Keywords
Healthcare SaaSPrivacy LawsRegulatory ComplianceInfoSecIT Operations

Tech Stack

Tools & technologies
AWSCloud

About the role

Key responsibilities & impact
  • Manage multi-jurisdictional compliance execution - Support implementation of HIPAA/HITECH, GDPR/UK GDPR, PIPEDA, Quebec Law 25, PHIPA, and emerging privacy laws and coordinate with legal counsel on complex regulatory matters.
  • Drive vendor risk management and BAA/DPA lifecycle - Negotiate and finalize Business Associate Agreements and Data Processing Agreements with subprocessors, ensuring breach notification timelines meet calendar-day standards, data deletion commitments are defined, and subprocessor transparency obligations are satisfied.
  • Mature security posture and operational resilience - Partner with Engineering to implement security controls that support SOC 2 Type II and ISO 27001 readiness, lead incident response planning and breach notification workflows, and establish monitoring/alerting.
  • Embed privacy-by-design across product and engineering - Collaborate with Product and Engineering leadership to assess PHI exposure in new features, define data minimization strategies, and guide architecture decisions that reduce compliance risk.
  • Lead IT operations and service delivery - Own user onboarding / offboarding workflows, device provisioning and management, and IT service delivery for a remote-first team, partnering with HR on seamless employee lifecycle management.
  • Drive Identity & Access Management (IAM) strategy - Own identity provider configuration and access control policies, implementing least-privilege access principles, periodic access reviews, and role-based access control (RBAC) frameworks.
  • Manage endpoint security and device management - Define and enforce endpoint security standards (MDM, disk encryption, antivirus, patching). Establish laptop procurement standards and remote device management policies. Coordinate with Engineering on developer tooling and access requirements.
  • Own SaaS vendor rationalization and procurement hygiene - Conduct regular vendor intelligence audits to identify tool overlaps, license waste and procurement gaps. Partner with Finance on SaaS spend optimization.
  • Strengthen the InfoSec, IT & Compliance function - Develop and refine processes, tooling, and documentation to support organizational growth. Manage and mentor the IT Operations team. Partner with third-party compliance advisors to accelerate maturity.
  • Act as the bridge between Legal, Engineering, IT, and the business — Translate complex legal language into actionable engineering requirements. Partner with Customer Success on practitioner-facing compliance communications. Coordinate cross-functional responses to regulatory inquiries, audits, and customer due diligence requests.

Requirements

What you’ll need
  • 6+ years of relevant experience in information security, IT operations, privacy, and compliance roles, with at least 2+ years in healthcare SaaS or regulated industry
  • Deep expertise in HIPAA/HITECH compliance, including Business Associate obligations, breach notification requirements, and Covered Entity vs. Business Associate determination frameworks
  • Strong working knowledge of GDPR/UK GDPR and cross-border data transfer mechanisms
  • Proven ability to negotiate and finalize vendor BAAs and DPAs, with a strong understanding of must-have vs. nice-to-have contractual terms
  • Experience implementing security frameworks (SOC 2, ISO 27001, or equivalent) and managing third-party audits or certifications
  • Hands-on experience leading IT operations for remote-first organizations, including identity & access management, device provisioning, and SaaS vendor management
  • Prior experience building or scaling InfoSec, IT, and compliance functions from scratch in high-growth SaaS companies
  • Technical grounding in SaaS architecture, APIs, data flows, infrastructure (cloud environments like AWS), and identity providers (Google Workspace, Okta, Microsoft 365)
  • Exceptional communication skills - you can translate legal jargon into plain language for practitioners, write concise vendor negotiation emails, and present compliance strategies to executive leadership with clarity and confidence
  • Bias for action and pragmatic risk management - you know when to escalate to legal counsel and when to make judgment calls independently
  • Comfortable operating in a fast-moving, high-growth environment where priorities shift and ambiguity is the norm.

Benefits

Comp & perks
  • Comprehensive health and dental benefits from day 1
  • RRSP matching
  • Generous paid parental leave
  • Annual learning stipends
  • Unlimited vacation
  • $750 annual Health & Wellness Allowance
  • $1,000 annual Learning & Development Allowance to support your growth
  • $500 annual Home Office Allowance to set up a productive remote workspace
  • Personalized support for family-building and fertility journeys
  • Confidential, digital mental health support from licensed professionals
  • Company-wide holiday closure in December
  • Regular virtual company-wide events, lunches, and team socials to stay connected