Senior Information Security Compliance Analyst

Staff - Non Union

Job Category

M&P - AAPS

Job Profile

AAPS Salaried - Information Systems and Technology, Level D

Job Title

Senior Information Security Compliance Analyst

Department

Information Security | Dean's Office | Faculty of Medicine

Compensation Range

$8,063.17 - $12,575.08 CAD Monthly

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date

March 12, 2024

Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above.

Job End Date

Mar 31, 2026

This position is located within a health-care facility, therefore, the successful candidate will be required to provide verification of full vaccination against Covid-19 provided prior to the start date, as required by a provincial health mandate.

At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career.

Job Summary

The Senior Information Security Compliance Analyst will play a pivotal role in leading comprehensive system security audits, developing verification processes, and making recommendations to secure electronic information and systems for all units within the Faculty of Medicine that fall within the scope of the University's Information Security Compliance Support Program—an integral component of UBC's broader Privacy & Information Security Management program.

In this role, you will collaborate with various units, focusing on providing expert advice and oversight to ensure alignment between self-attestation reports and the actual implementation of critical cybersecurity controls for existing complex systems.

The ideal candidate will be well-versed in scrutinizing and validating Information Security practices within complex organizations, aiming to enhance overall compliance and the effectiveness of the University's cybersecurity measures, particularly within the Faculty of Medicine. You will showcase strong project leadership skills, employing facilitation to identify compliance discrepancies, and driving change through advocacy and influence. Cultivating trusted relationships across UBC is essential, and your expertise in Information Security Compliance verification will play a key role in reinforcing the University's commitment to the highest standards of Information Security.

Organizational Status

The University of British Columbia is a global centre for research and teaching, consistently ranked among the top 20 public universities in the world. Since 1915, UBC's entrepreneurial spirit has embraced innovation and challenged the status quo. UBC encourages its students, staff and faculty to challenge convention, lead discovery and explore new ways of learning. At UBC, bold thinking is given a place to develop into ideas that can change the world.

Our Vision: To Transform Health for Everyone

Ranked among the world's top medical schools with the fifth-largest MD enrollment in North America, the UBC Faculty of Medicine is a leader in both the science and the practice of medicine. Across British Columbia, more than 12,000 faculty and staff are training the next generation of doctors and health care professionals, making remarkable discoveries, and helping to create the pathways to better health for our communities at home and around the world.

The Faculty—comprised of approximately 2,200 administrative support, technical/research and management and professional staff, as well approximately 650 full-time academic and over 10,000 clinical faculty members—is composed of 19 academic basic science and/or clinical departments, 3 schools, and 25 research centres and institutes. Together with its University and Health Authority partners, the Faculty delivers innovative programs and conducts research in the areas of health and life sciences. Faculty, staff and trainees are located at university campuses, clinical academic campuses in hospital settings and other regionally based centres across the province.

The UBC Vancouver Campus is located on the traditional, ancestral, and unceded territory of the xʷməθkʷəy̓əm (Musqueam) people. The City of Vancouver is located on Musqueam, Squamish, and Tsleil-Waututh First Nations territory.

Work Performed

Key Responsibilities:

• Leads the audit and verification of cybersecurity controls, including the planning, executing and reporting on diverse audit engagements, while applying a risk-based approach to ensure all projects are completed on target.
• Responsible for designing and proposing solutions for existing complex systems or Faculty-wide compliance issues identified through the audit and verification process.
• Creates formal document that provides an overview of the security requirements for existing complex systems and describes the security controls in place or planned for meeting those requirements.
• Provides project leadership, expert advice and contribution to on-going strategic planning for units to move towards full compliance with UBC's Information Security Policy and standards
• Leads the development of methodologies for improving procedures, and coordinating, tracking and reporting on the progress for implementation of Information Security and privacy solutions for complex systems.
• Provide Information Security technical expertise and mentoring to operational IT teams and leadership to ensure reasonable Information Security measures are in place to support the ongoing Information Security management of the unit.
• Establish professional relationships with distributed IT teams and leadership, building trust in our advisory capacity with them. Maintains a strong service orientation and effective communication with practical recommendations and improvement strategies.
• Capture systemic issues, root causes and trends identified through the Information Security Compliance reviews and propose solutions to senior management and respective teams for addressing the issues.
• Contribute to the development of mature governance and oversight of Information Security practices, through ongoing improvement of risk identification and remediation activities.
• Apply metrics, perform frequent analysis of key metrics and measure results of our faculty's Information Security program effectiveness, and identify improvement opportunities.
• Acquire and maintain a working knowledge of the University's technical and business environment to better understand the business and its priorities.
• Investigates and remains current with industry technology trends as well as the Technology and Information Security Audit and Regulatory environment.

Consequence of Error/Judgement

UBC is a complex organization that collects and uses information to support its mandate. An information breach (especially relating to personal or other high-risk information) could have a significant financial and reputational impact on the University. The Information Security Compliance Advisor plays a critical role in the identification of key privacy and Information Security Compliance gaps, and providing appropriate recommendations to their portfolio of units of security solutions and technology to be implemented in order to close those gaps.

Sound judgment must be exercised. Lack of good judgment and/or inability to adopt sound risk management techniques may result in the failure to detect significant privacy and Security Compliance gaps which may lead to related exposures to the University's information.

Supervision Received
Works under the general direction of the Senior Information Security Manager within the Faculty of Medicine Digital Solutions team. May receive direction from senior technical staff as assigned. The Information Security Compliance Advisor must work independently, contribute actively and collaborate openly as a team member.
Supervision Given
May manage staff. Acts as a mentor to other less experienced members of the team and may oversee day-to-day work on a project basis of other Information Security, Systems Administrators or IT professionals.
Minimum Qualifications
Undergraduate degree in a relevant discipline. In-depth knowledge of applications and the business requirements supporting them. Minimum of five years of related experience, or the equivalent combination of education and experience.
- Willingness to respect diverse perspectives, including perspectives in conflict with one's own

- Demonstrates a commitment to enhancing one's own awareness, knowledge, and skills related to equity, diversity, and inclusion

Preferred Qualifications

• Expert knowledge of IT Audit methodology, Information Security Controls and Standards, and associated tools to ascertain the quality and effectiveness of technology remediation plans.

• A CISA or CIA designation is strongly preferred.

• Knowledge of IT governance, policies, standards, technology risk disciplines and practices, and security threat and risk assessments.

• Expert knowledge of security frameworks, models and standards such as OWASP, SAMM, NIST, COBIT and ISO 27001/2, and application architecture and security in hybrid cloud environments.

• Knowledge of computer networking concepts, security methodologies and protocols (e.g., TCP/IP, DNS, LDAP, TLS), firewall management, identity and access management (e.g., public key infrastructure, OAuth, OpenID, SAML) is an asset

• Self-motivated with a strong commitment to providing high quality services, together with a thorough understanding and awareness of Information Security best practices and the ability to translate them into meaningful and value-added University-wide and local solutions.

• Knowledge of Freedom of Information and Protection of Privacy Act (FIPPA), particularly as it relates to implementing 'reasonable security arrangements' over PI under the University's control or in its custody.

• Ability to work independently with minimal management oversight, as part of a team, and cross functionally.

• Strong interpersonal skills used to lead, enthuse, motivate, influence, and educate others at all levels to drive change across the University.

• Demonstrated ability to communicate with diverse audiences (management, senior leadership, technical) using a variety of delivery mechanisms (written, oral, presentations etc.).

• Ability to effectively facilitate multi-disciplinary groups to achieve appropriate outcome

• Working knowledge of project management and change management disciplines and best practices.

• In-depth understanding of key trends and players in the IT industry and higher-education sector.

• Excellent organizational, planning, and prioritization skills. Able to multi-task and deliver multiple assignments in a complex environment.

• Shows the willingness, ability, and enthusiasm to help build and learn new processes, methodologies or technologies.