Director, Information Security, Information Technology (IT) Risk & Digital Infrastructure

Nova Scotia Health Authority is the largest provider of health services in Nova Scotia. We are over 22,000 employees who provide health care and support services in hospitals, health centres and community-based programs throughout Nova Scotia.

Nova Scotia Health Authority provides health services to Nova Scotians and some specialized services to Maritimers and Atlantic Canadians. We operate hospitals, health centres and community-based programs across the province. Our team of health professionals includes employees, doctors, researchers, learners and volunteers that provide the health care or services you may need. This is accomplished across four geographic management zones which are responsible for the operation of acute care health centres and the provision of a variety of inpatient, outpatient services including academic, tertiary, quaternary care and community based programs and services including continuing care, primary health care, public health, and mental health and addictions.

Job Location

Provincial (Anywhere in Province)

Job Information

The Director, Security, Risk and Digital Infrastructure reports to the Senior Director & Chief Information Officer (CIO), IM/IT, and is responsible for the information security, IT risk and digital infrastructure functions for Nova Scotia Health, setting the direction for information security and IT risk and implementing the target operating model(s) and security strategy. This role is responsible for the successful execution of the IT risk and IT security remediation roadmap, as well as making strategic decisions as challenges arise and changes occur in Nova Scotia Health’s threat landscape Additionally, the Director will be responsible for leading digital infrastructure roadmap development and implementation, collaborating closely with Nova Scotia Digital Services (NSDS), the shared services provider for NSHThe Director will be committed to a high standard of performance and will provide support across the organization in support of NSH’s strategic mission, vision, and goals

The Director must have a strong understanding of

  • Security strategy & roadmap development
  • Security architecture
  • Security organization & sourcing
  • Security & IT risk frameworks (specifically NIST and COBIT, ITIL would be an asset)
  • Database management
  • People management
  • Financial budgeting and forecasting
  • The Director will also be responsible for Board and Executive level updates and communications and be able to distill highly technical information to an appropriate level for non-technical audiences


  • Determining the optimal approach for leveraging and aligning to provincial information security policies, procedures and standards. Includes the creation, modification, periodic review and retirement of security policies, procedures and technical standards. Ensuring the policy framework aligns to address Nova Scotia Health’s cyber risks
  • Determining relevant metrics, key performance indicators (KPIs) and key risk indicators (KRIs) that need to be tracked and reported periodically between control owners, stakeholders (internal and external), security governance committees, internal audit and senior management to provide transparency into Nova Scotia Health’s risk posture
  • Setting up and managing contractual relationships with third parties that are responsible for providing managed security services. Includes third party contracts and memorandums of understanding/operating agreements with Province of Nova Scotia departments
  • Identifying and documenting applicable contractual, regulatory, and legal security requirements that Nova Scotia Health must comply with in collaboration with the legal department and privacy office. Includes requirements for information protection, financial reporting, technical privacy safeguards and any other information security controls required for Nova Scotia Health’s physical and digital records and systems

Responsibilities Continued

  • Designing an information security framework to translate applicable requirements into a unified set of controls to manage Nova Scotia Health’s information security efforts. Includes selecting relevant information security standards and combining all relevant information security requirements to simplify the management of security controls
  • Collaborate closely with Director of Cybersecurity with the Nova Scotia Digital Service developing clear roles and responsibilities matrices for day to day cybersecurity operations, cyber incident response plans, etc. as well as developing detailed cyber incident response plans and frameworks that will be developed in collaboration with groups within NSH such as Risk, Legal, Privacy, Communications, etc.
  • Work closely with NSDS, DHW and IWK staff on implementing various components of the COBIT 2019 risk management framework that are jointly agreed upon at the Health IM/IT steering committee
  • Advises the Senior Director, IM/IT, with respect to overall information security reporting, KPI development, COBIT framework implementation, IT risk management, financial planning, and performance measurement at a program/service level


  • Undergraduate degree or equivalent combination of education, training and 10+ years progressive leadership experience
  • Master’s degree an asset, particularly in health administration, health informatics, leadership, Master of Business Administration
  • Minimum of 5 to 7 years’ leadership experience in an organization of significant size and/or complexity
  • Certified Health Executive and/or Certified Professional in Healthcare Information and Management Systems (CPHIMS) designation or willingness to obtain within 1 year of hire
  • IT Infrastructure Library (ITIL) and/or organizational change management certification an asset
  • CISSP (Certified Information Systems Security Professional) or HCISPP – HealthCare Information Security and Privacy Practitioner certification is would be an asset
  • COBIT 2019 Certification would be an asset
  • Strong knowledge of information and cybersecurity frameworks, controls, and best practices

Qualifications Continued

  • Strong interpersonal skills
  • Strong knowledge of risk management principles
  • Strong understanding of the COBIT 2019 IT Governance framework
  • Ability to execute through effective delegation, motivation, and oversight
  • High level of accuracy and attention to detail
  • Understanding of IT tools and processes (eg: ITIL change management)
  • Experience in data analytics for decision support
  • Ability to prioritize and meet deadlines
  • Experience in leading teams of staff with indirect accountabilities to other operational units
  • Ability to develop and establish financial policies and procedures
  • Clearly communicate the NSH vision, mission, and values
  • Experience in working with patient care leaders and staff across a large, multi-site organization