Senior Analyst, Information Security

University Health Network - Toronto, ON (il y a 30+ jours)

Postuler dès maintenant

Salary/Grade: H007 - $70,081 - $90,000(based on experience and qualifications)

Transforming Healthcare Delivery!

UHN is committed to maintaining a strong Cyber Security posture in the highly targeted Healthcare sector. To support this goal, UHN is looking for a Sr. Analyst, Information Security, specializing in Governance Risk and Compliance as well as some aspects of business analysis. This analyst will help conduct threat and risk assessments and ensure that the level of risk in line with the UHN risk tolerance level. In addition, this role will also develop, maintain and revise security standards and manage and run the Cyber Security awareness program and engage external organizations to perform penetration tests. If you are looking for an exciting role and have the background please consider this opportunity.

Protect and defend UHN’s network through standards, and assessments
Manage various security initiatives being implemented by the technical team (to ensure that they are on track and meeting requirements)
Document risks which may impact to environment (Threat and risk assessments)
Organize, plan and run Cyber Security Awareness phishing campaigns and draft articles and schedule lunch and learns and overall maintenance of Cyber Security Awareness training programs
Capture and quantify risks and manage the enterprise risk register
Collect metrics and create board level dashboards to show Cyber Security maturity levels (in a balanced scorecard method)
Supervises Security Audits and penetration tests (including documenting scope and creation of statements of work)
Recommend security controls to project teams while meeting their business needs.
Review responses around Request for Proposal (RFP), Security Questionnaires, etc.
Develop, coordinate, plan and execute third-party risk assessments and analyze the risk level of third-party engagements, both for new and existing vendors focusing on compliance with regulations, company policies, and internal controls

Job Requirements:
Experience developing and performing threat and risk assessments (both questionnaires and interviews) for both new projects and significant IT changes
Working closely with privacy teams to ensure new solutions comply with privacy and security standards
Excellent written skills requirement, specifically with the development of security standards/policies
Experience working with a Risk register to monitor the lifecycle of risks (Governance Risk and Compliance platform) is desired – Archer, Service NOW GRC etc.
Strong communication skills and ability to develop risk reports and present them on a regular basis
Previous experience working with Enterprise Risk Management teams is an asset
Experience developing and running enterprise phishing/security awareness programs is a definite asset – use of tools such as Knowbe4,Proofpoint, Sans etc.
Ability to develop scope statements and manage third party assessment / penetration testing teams and review findings from these assessments
Ability to translate evolving cyber security threat landscape into Cyber Security Awareness training & awareness programs
Comfortable presenting security awareness material to internal staff at meetings/lunch and learns etc.
Experience conducting TRA/Pen testing in cloud environment (AWS, Azure)
Experience running Privacy assessments (PIA) would also be an asset
Industry certifications (CISSP/SANS/GCIA/CIPP) are strong assets
Strong presentation development skills (executive level presentations)
Experience and/or knowledge of identity management, application security and network security technologies is preferred
Experience in performing IT audits (CISA) would be beneficial
Project management experience in software tool procurements and process improvement initiatives is a definite asset

  • At minimum, completion of a Bachelor’s Degree in Computer Science, or recognized equivalent required
  • At a minimum, 3 -5 years of practical and related experience and/or 1 year on-the-job training required
  • Experience with Healthcare privacy and security concerns
If you are interested in making your contribution at UHN, please apply on-line. You will be asked to copy and paste as well as attach your resume and covering letter. You will also be required to complete some initial screening questions.