Position: Senior Security Advisor
Posting ID: 2024- 38306
Dept: Information Services
Status: Permanent Full Time
Role Level: PG11 ($45.04-$56.29hr)
Site: Mississauga Hospital
Shift : 9am-5pm
Posted: July 18,2024
Internal Deadline: Until filled
Trillium Health Partners (THP) is one of the largest community-based acute care facilities in Canada. Comprised of the Credit Valley Hospital, the Mississauga Hospital and the Queensway Health Centre, Trillium Health Partners serves the growing and diverse populations of Mississauga, West Toronto and surrounding communities and is a teaching hospital affiliated with the University of Toronto.
Our Mission: A New Kind of Health Care for a Healthier Community
When we set out to build our vision and future, we connected with our community - patients, families, visitors, physicians, staff and volunteers. The foundational goals of our new strategic plan - quality, access and sustainability - anchor everything we do. Our mission for a new kind of health care is built on an inter-connected system of care organized around patients - inside and outside the hospital.
At THP, we are relentless in providing high quality, compassionate care to our communities and take great pride in fostering an inclusive and accessible environment and we are all accountable for contributing to a healthy, safe and respectful environment for healing and promoting excellence in patient care though advancing patient and staff safety. If you are passionate about what you do, motivated to improve the health of the community, committed to excellence, quality and patient safety we would like
As an integral member of the Information Services division, the Senior Security Advisor reports to the Manager, Cyber Defense & Identity Access Management and will have a dotted reporting relationship to the Chief Technology Officer. The Senior Security Advisor will provide thought leadership for the delivery of Information Security Strategies, Solutions Delivery and Operations Governance and is responsible for activities related to the development, implementation and operation of the Information Security program for Trillium Health Partners (THP).
The Senior Security Advisor is recognized as the organizational expert in the Information Security domain and will work with THP stakeholders to understand how technologies can be leveraged to support their business goals while ensuring it aligns with the organization’s information technology and management strategies. They are accountable for delivering the Information Security Strategy; for solution delivery design including the architecture and the financial and human resource requirements that are needed to deliver and implement the strategy; and for ensuring the continuous delivery of day-to-day information security and privacy operations.
Responsibilities
This is not an exhaustive list and the details are bound to change over time.
Security:
- Identify and report on information security risks, threats, vulnerabilities and breaches and make recommendations on remediation opportunities to manage risks.
- Develop, implement and maintain information security governance, policies, procedures and controls in coordination with Manager, Cyber Defense & Identity Access Management, and the Security Technical Lead, to ensure continuous improvement aligned with the changing risk landscape.
- Assist and support the development and delivery of an Information Security strategic and operating plans.
- Implement best practice procedures to ensure uniform security architecture throughout Application Development, Operations and Infrastructure.
- Ensure the team develops and implements the information technology security architecture framework.
- Ensuring the continuous delivery of day-to-day information security and privacy operations.
- Ensure team can provide 7x24 monitoring and security incident response.
- Leads or commissions forensic analysis on security incidents.
- Ensure the security processes and procedures are followed at all times and escalations are performed in a timely manner.
- Leads design and execution of vulnerability assessments, penetration tests, risk assessments, and security and privacy audits and ensures they are performed on regular intervals.
- Develop materials and promote activities to foster information security awareness across the organization.
- Ensures that projects, programs and other activities in IS are implemented with proper consideration given to information security.
- Determines minimum security requirements for applications and systems based on policy, data sensitivity, exposure, and other factors.
- Maintain current knowledge security industry trends and technologies
- Evaluate new technologies including emerging concepts for security impact on the environment and makes appropriate recommendations.
- Monitor internet for emerging threats of new attacks and threat vectors.
- Leads technical implementations of security-related systems.
- Understand current regulatory environment and related implications to security management compliance.
- Effectively communicate with a wide range of technical and non-technical personnel.
- Review and validate IT controls and assess the impact of any related IT deficiencies.
- Ensure that all documentation and materials are regularly reviewed and up to date.
- Vendor relationship management.
- After hours on call work is required for this role.
Work Experience Requirements
- 3+ years of Information Security experience with expertise in either client/server, network or application security engineering.
- Direct working experience performing IT security and risk assessments and audits:
- Working knowledge of information security frameworks such as the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), and ISO 2700 standards.
- Working knowledge of auditing frameworks such as COBIT or PCI.
- Certified Information Systems Security Professional (CISSP) certification is an asset.
- Health care experience an asset.
- Experience interpreting industry and regulatory requirements and authoring supporting controls.
- Strong business and technical acumen.
- Excellent written and verbal communication skills.
Desired Skills and Knowledge
- Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP, and Single Sign On (SSO) solutions.
- Experience developing and maturing information security governance frameworks, such as NIST CSF
- Experience performing Application penetration testing
- Application and database security experience including code reviews.
- Network and security engineering experience including log and network traffic capture analysis.
- Strong understanding of network protocols (e.g. IP, TCP/IP) and other network administration protocols.
- Familiarity with Windows, Linux, and UNIX based operating systems.
- Familiarity and knowledge of application development processes and typical application architectures.
- Familiarity and understanding of encryption concepts.
- Experience with system hardening procedures for Windows, Linux and UNIX platforms.
- Security operations experience with firewalls, IDS/IPS, SEIM and end-point protection platforms.
- Familiarity with Web application development experience using .NET framework as well client side applications for all mobile platforms.
- Familiarity with database technology including Oracle and MS SQL.
- Experience in with Business Continuity Plans and Disaster Recovery Plans.
- Familiarity with Information Technology Infrastructure Library (ITIL) concepts.Familiarity with architecture frameworks such as The Open Group Architecture Framework (TOGAF).
- Demonstrated ability to understand the business side of information risk.
- Strong analytical, research, writing, and communication skills.
- Must have the ability to communicate with internal/external customers, vendors, management etc. in both formal and informal situations.
- Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment.
- Works well under pressure and time constraints and can prioritize competing priorities appropriately.
- Can work independently with minimal supervision and direction.
Education
- Undergraduate degree in Information Management, Computer Science, Engineering, or emphasis in technology or related field
- Masters degree or postgraduate diploma in information/computer science or a technology-related field preferred.
Additional Knowledge and Skills are as an asset:
- Certified Information Systems Security Professional (CISSP)
- Certified for Proofpoint Email Security, Insider Threat
- Microsoft Security Operation Analyst is an asset.
- Wireshark, Malware analysis & Triage
Internal Candidates who believe they possess the necessary qualifications and experience for this position and who have been in their current position for at least six (6) months are encouraged to apply.
To pursue this career opportunity, please visit our website: www.trilliumhealthpartners.ca
Trillium Health Partners is an equal opportunity employer committed to fostering a healthy, safe and respectful environment for healing, based on our values compassion, excellence and courage. To be Better Together, we commit to fostering a respectful workplace culture that promotes a safe and supportive environment for everyone who provides care, supports caregiving, receives care or visits the hospital.
In accordance with the Accessibility for Ontarians with Disabilities Act, 2005 and the Ontario Human Rights Code Trillium Health Partners will provide accommodations throughout the recruitment and selection process to applicants with disabilities. If selected to participate in the recruitment and selection process, please inform Human Resources of the nature of any accommodation(s) that you may require in respect of any materials or processes used to ensure your equal participation.
All personal information is collected under the authority of the Freedom of Information and Protection of Privacy Act.
Trillium Health Partners is identified under the French Language Services Act.
We thank all those who apply but only those selected for further consideration will be contacted.