We currently have a Regular Full-Time position for a Chief Information Security Officer (CISO) in the Information Services at our Bayview Campus.
Summary of Duties :
Lead development and execution of an effective and sustainable cyber security program and related controls across Sunnybrook.
Lead planning and implementation of Sunnybrook’s cybersecurity architecture and related requirements in context of Sunnybrook’s evolving risk posture and industry best practices and standards.
Lead and facilitate the overarching cybersecurity governance structure for the organization, including reporting of KPIs, events, risks, and mitigations to Sunnybrook’s Information Security Council and other governance tables as required.
Lead Sunnybrook’s incident response for all cybersecurity-related incidents.
Establish and implement monitoring framework for internal digital operations to ensure compliance to cybersecurity standards and policy, including leading internal audits of performance / compliance.
Establish effective reporting processes that support management discussion and leadership decision making about Information Security plans and objectives.
Lead procurement for cybersecurity-related purchases.
Liaise with Sunnybrook’s Technical Services leadership to build alignment between the security and enterprise architectures, and ensure that information security requirements are implicit in network architectures.
Cultivate effective relationships across Sunnybrook’s program and department leaders to facilitate Cybersecurity Program compliance.
Continuously monitor the external ecosystem for emerging risks and mitigating solutions.
Liaise with other healthcare organizations and external agencies, such as law enforcement and other advisory bodies, to ensure that the organization maintains a strong security posture and is kept abreast of the threats identified by these agencies.
Ensure that effective disaster recovery policies and standards are in place and maintained.
Develop, deploy, and maintain the cybersecurity response procedures for organizational response to cyber incidents.
Manage all aspect of human resources including hiring, promoting, disciplining and terminating staff within the cybersecurity team.
Manage the unit / department financial resources
Qualifications / Skills
At a minimum, completion of a Master’s Degree in Computer Science, Computer Engineering or recognized equivalent
At a minimum over 10 years and up to and including 15 years practical and related experience
10+ years of progressive IT solutions, compliance, regulatory experience and roles of increasing responsibility with a minimum of 5 years in Senior Leadership roles
Practical experience and working knowledge of common information security and IT management frameworks (i.e., IEC 27001, ITIL, COBIT, NIST, including 800-53)
Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.
Deep understanding of cyber security and the relationship between threat, vulnerability and information value in the context of risk management.
Strong proficiency with common cyber security management frameworks, regulatory requirements and industry leading practices such as GDPR, PIPEDA, PHIPA.
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA
Microsoft Certified Technology Specialist (MCTS)
ITIL Practitioner Certificate (ITIL Practitioner)
ITIL Service Manager Certificate (ITIL Service Manager)
Working knowledge and practical experience of common information security and IT management frameworks, ISO.IEC 27001, ITIL, COBIT, NIST, including 800-53 and Cyber security Framework
Qualified candidates are invited to submit their cover letter and resume (in one document) quoting 201312 to :
Sunnybrook Health Sciences Centre