Information Security Lead

CARE AND BE CARED FOR - THIS IS YOUR HOME

Are you an experienced IT professional with expertise in Information Security and Risk Management? Do you have an aptitude for building strong working relationships with stakeholders to share your technical knowledge and enjoy working in a collaborative team environment? Are you passionate about exceptional health care and driven by a desire to help others?

If so, take a look at this rewarding career opportunity working alongside a supportive and collaborative team of over 8,000 regulated health care and other professionals. ​​​We are amid a momentous time for health care in Ontario as we move to a more connected health care system through the Ontario Health Teams model of care.

As a key member of the Information Technology and Security team, the Information Security Lead is primarily responsible for assisting in the delivery of program and operational mandates within Information Security area of expertise. This includes the execution of key activities and the development of required deliverables within both the HCCSS Security Program and OH Information Security Office (ISO). The role contributes to the development, execution and maturing of HCCSS Information Security program and serves as a security subject matter expert to the organization and requires a strong collaborative working relationship with teams within HCCSS, Service Provider Organizations and Ontario Health.

What do we offer?

We know wellness is supported with work-life balance. In an inclusive culture committed to support your passion for continuous learning, growth and innovation, we offer: ​

• Attractive comprehensive compensation packages and benefits​
• Valuable development opportunities​
• Membership in a world class defined benefit pension plan
• Hybrid work environment ​
• Ability to work within any of the 14 Home and Community Care Support Services geographies across the province

What will you do?

• Take a subject matter expert role in various security governance and risk management initiatives and providing security expertise, facilitating collaboration and furthering the organization's objectives
• Analyze proposed solution architectures, technology, design and assist in IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes. Identify, analyze, and recommend options for risk management at appropriate levels within the enterprise and the health care sector
• Present topic areas and relevant security materials to product and digital solution groups
• Consult with members and teams in HCCSS and Ontario Health to implement recommended security policies and related controls
• Track the security control implementation and remediation activities across HCCSS and Ontario Health
• Work with members and organizations in the healthcare community to onboard them to provincial digital assets
• Assist in the coordination of internal and external Information Security initiatives as a subject matter expert to reach feasible security solutions for complex problems and issues across the healthcare sector and play a leading role in the implementation and operationalization of those solutions
• Take a leading role in offensive security practices and provide guidance to the teams performing Red/Purple/Blue teaming exercises while familiar with some of the methodologies, tools, and processes
• Contribute to the ongoing development and maturing of the HCCSS security program, consulting and assurance practices
• Play a supportive role in the development of security policies and strategic planning initiatives to ensure compliance with industry standards and best practices
• Assist in the maintenance and currency of the HCCSS and OH security programs by writing or updating security policies, standards, assessment, and guidance documents
• Implement tools and processes to manage workflow and materials related to the Information Security risk management
• Prepare and maintain security-training materials, deliver security-training sessions to various stakeholders throughout the province and within the organization
• Work with IT, Development, and all other Enterprise teams to establish appropriate security processes, controls and ensure compliance with security policies
• Take a leading role in various HCCSS and OH security initiatives providing security expertise, facilitating collaboration and furthering security objectives
• Stay abreast of any changes to industry best practices or legislative regulations and assess the resulting impact to the organizations
• Deep knowledge of the methodologies, frameworks, and processes in Information Security domain
• Support the ongoing development & maintenance of HCCSS and Ontario Health's GRC (Governance, Risk and Compliance) processes to continuously monitor risk remediation, treatments, as well as exceptions
• Generate risk maps to help guide the risk owners and keep the stakeholders in the communication

What do you need?

• 5 or more years of experience in various security domains including third-party risk management, IT audits and/or Security Governance, Risk and Compliance (GRC)
• Bachelor's or Master's degree in Computer Science, Information Technology, Cyber Security, Systems or other related field, or equivalent work experience
• Knowledge of prevalent industry standards (ISO 27001/27002, NIST, CIS, Cobit)
• Professional certifications in information/cyber security (e.g. CISSP, CCSP, CISA, CISM, CRISC) is preferred
• An understanding of threat risk assessment methodologies and Cybersecurity frameworks such as ISO 27001/2 and NIST
• Knowledge and experience developing and working with security architecture, and IT management frameworks such as SABSA, and CoBIT
• Experience in leading end-to-end planning, architecture, solution development, and execution of program activities
• Strong understanding and ability to interpret and communicate risk management concepts
• Experience and working knowledge of risk management lifecycle, processes, and concepts including working knowledge of Threat Risk Assessment, (TRA) methodologies and other risk assessment methodologies and tools, and familiarity with related security tests and test methodologies
• Knowledge of a wide variety of information systems and security technologies including Operating Systems security, LAN and WAN, Internet protocols and applications, secure communications, firewalls, IDS/IPS, PKI, identity management, identification and authentication techniques, role-based access control, malware defenses, etc.
• Understanding of typical security threats, vulnerabilities and safeguards relevant to application development, test and QA environments, and IT (datacenter) operations
• Experience in writing and presenting subject matter information that is both comprehensive and easy to understand with demonstrated experience presenting to large audiences
• Demonstrated ability to understand and discuss technical concepts, manage trade-offs, and evaluate opportunistic innovative ideas with internal and external partners
• Working knowledge of GRC tools used to support the security governance of HCCSS and Ontario Health
• Working knowledge and expertise in the Personal Health Information Protection Act (PHIPA)
• An adept team player who is action oriented, with a record of accomplishment of motivating other team members to achieve higher goals and improving the impact of technology initiatives
• Demonstrated ability to effectively negotiate and resolve conflicts with individuals or teams in a professional and diplomatic manner
• Strong communication and negotiation skills to effectively persuade individuals with differing perspectives and conflicting interests towards a mutually beneficial resolution

We have a mandatory COVID-19 vaccination policy. As a condition of employment, all employees are required to submit proof of COVID-19 vaccination status prior to start date.

Who are we?

We are Home and Community Care Support Services, ready to serve every person in Ontario. We partner with patients and caregivers, family physicians, hospitals, long-term care and retirement homes, service providers and Ontario Health Teams, to deliver responsive, accessible, integrated, patient-centred care.

Why join us?

If you're interested in driving excellence in care and service delivery, and seeking an unparalleled opportunity to lead and learn, partner and connect, care and be cared for, this is your home.

Equity, Inclusion, Diversity and Anti-Racism Commitment

Home and Community Care Support Services is committed to a culture of equity, inclusion, diversity and anti-racism. We are committed to attracting, engaging and developing a workforce that reflects the diverse communities we serve. We welcome and encourage applications from all qualified applicants. Accommodations for persons with disabilities required during the recruitment process are available upon request.

We thank all applicants for their interest; however, only those selected for an interview will be contacted.