Our Mission: A New Kind of Health Care for a Healthier Community

Our Values: Compassion, Excellence, Courage

Our Goals: Quality, Access, Sustainability

Our Enablers: People, Education, Innovation, Research

• Identify and report on information security risks, threats, vulnerabilities and breaches and make recommendations on remediation opportunities to manage risks.
• Develop, implement and maintain information security governance, policies, procedures and controls in coordination with Manager, Information Security to ensure continuous improvement aligned with the changing risk landscape.
• Assist and support the development and delivery of an Information Security strategic and operating plans.
• Implement best practice procedures to ensure uniform security architecture throughout Application Development, Operations and Infrastructure.
• Ensure the team develops and implements the information technology security architecture framework.
• Ensuring the continuous delivery of day-to-day information security and privacy operations.
• Participate in providing 7x24 monitoring and security incident response.
• Leads or commissions forensic analysis on security incidents.
• Ensure the security processes and procedures are followed at all times and escalations are performed in a timely manner.
• Leads design and execution of vulnerability assessments, penetration tests, risk assessments, and security and privacy audits and ensures they are performed on regular intervals.
• Develop materials and promote activities to foster information security awareness across the organization.
• Ensures that projects, programs and other activities in IS are implemented with proper consideration given to information security.
• Determines minimum security requirements for applications and systems based on policy, data sensitivity, exposure, and other factors.
• Maintain current knowledge security industry trends and technologies
• Evaluate new technologies including emerging concepts for security impact on the environment and makes appropriate recommendations.
• Monitor internet for emerging threats of new attacks and threat vectors.
• Leads technical implementations of security-related systems.
• Understand current regulatory environment and related implications to security management compliance.
• Effectively communicate with a wide range of technical and non-technical personnel.
• Review and validate IT controls and assess the impact of any related IT deficiencies.
• Ensure that all documentation and materials are regularly reviewed and up to date.
• Vendor relationship management.
• After hours on call work is required for this role.

• 5-7 years of Information Security experience with expertise in either client/server, network or application security engineering.
• Direct working experience performing IT security and risk assessments and audits:
• Working knowledge of information security frameworks such as the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), and ISO 2700 standards.
• Working knowledge of auditing frameworks such as COBIT or PCI.
• Certified Information Systems Security Professional (CISSP) certification or working towards certification.
• Health care experience an asset.
• Experience interpreting industry and regulatory requirements and authoring supporting controls.
• Strong business and technical acumen.
• Excellent written and verbal communication skills.

• Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP, and Single Sign On (SSO) solutions.
• Experience developing and maturing information security governance frameworks, such as NIST CSF
• Experience performing Application penetration testing
• Application and database security experience including code reviews.
• Network and security engineering experience including log and network traffic capture analysis.
• Strong understanding of network protocols (e.g. IP, TCP/IP) and other network administration protocols.
• Familiarity with Windows, Linux, and UNIX based operating systems.
• Familiarity and knowledge of application development processes and typical application architectures.
• Familiarity and understanding of encryption concepts.
• Experience with system hardening procedures for Windows, Linux and UNIX platforms.
• Security operations experience with firewalls, IDS/IPS, SIEM, email security, vulnerability management and end-point protection platforms.
• Experience with Microsoft 365 security administration including Azure Identity Protection, multi-factor authentication, password protection, Exchange Online protection, Windows Defender Advanced Threat Protection
• Familiarity with Web application development experience using .NET framework as well client side applications for all mobile platforms.
• Familiarity with database technology including Oracle and MS SQL.
• Familiarity with Ontario’s health privacy legislation such as PHIPA, FIPPA
• Experience in with Business Continuity Plans and Disaster Recovery Plans.
• Familiarity with Information Technology Infrastructure Library (ITIL) concepts.
• Familiarity with architecture frameworks such as The Open Group Architecture Framework (TOGAF).
• Demonstrated ability to understand the business side of information risk.
• Strong analytical, research, writing, and communication skills.
• Must have the ability to communicate with internal/external customers, vendors, management etc. in both formal and informal situations.
• Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment.
• Works well under pressure and time constraints and can prioritize competing priorities appropriately.
• Can work independently with minimal supervision and direction.

• Undergraduate degree in Information Management, Computer Science, Engineering, or emphasis in technology or related field
• Masters degree or postgraduate diploma in information/computer science or a technology-related field preferred.