Posted : 01 / 15 / 2018 1 : 44 : 51 PM
We currently have opportunities for Regular Full Time Security Analyst in the Department of Information Services Information Security and Risk Operations located at the Bayview Campus.
Reporting to the Manager, Information Security , the Information Security Analyst is responsible for information technology risk assessments, general information security program operational activities and reporting within Sunnybrook’s Information Services group, in support of our Information Security Program accountabilities.
Summary of Duties :
Undertake security threat and risk assessments for Sunnybrook services and systems identified by the Security Council in accordance with industry recognized standards and which support appropriate security risk response, including the identification of administrative, procedural and technical control remediation items as required;
Review of TRAs which may be provided by 3rd parties in support of shared systems and services reviews in which Sunnybrook is a participant;
Review of mobile and other emerging end point applications and for cloud-based services which Sunnybrook programs and service areas may be proposing to acquire from a third party or develop in-
house, in conjunction with the combined support of Sunnybrook Communications and Stakeholder Relations, internal legal, and Information services groups;
Collaborate with and support other departments to identify security risks within their respective operational areas, make recommendations for appropriate security control remediation items and support the development of security process control improvements within those portfolios suitable for risk mitigation;
Monitor, review and respond on security events received from Sunnybrook SOC and track through to resolution. Escalate issues that cannot be resolved within acceptable time frames;
Support the ongoing design, implementation and operation of Sunnybrook’s Information Security Program in coordination with the IS Risk Office, and across the Information Services group generally;
Review and implement Microsoft patches across the organization;
Coordinate and perform both network and web application vulnerability assessments;
Perform ongoing day-to-day security device administration, which includes, but are not limited to, firewall, VPN, anti-
virus, spam protection, vulnerability and patch management tools, DLP, IPS, etc.;
Manage security awareness training program and report key findings and recommendations;
Develop, manage and update, as required, information security policies and procedures;
Support the annual assessment of the Risk Office’s performance against Information Security Program goals and objectives and compliance with established policy and procedures using established reporting tools and ensure the successful implementation of any identified and assigned Program remediation items; and
Perform other related duties as assigned.
Qualifications / Skills :
University Degree in Business Administration, Science or Engineering or equivalent;
Minimum 5 years of experience in an Information Security role;
Minimum 5 years of experience with administration of various security products such as Palo Alto, Cisco ASA and Juniper firewalls, VPN, McAfee DLP and endpoint protection, Microsoft SCCM, WSUS, Qualys network and web application scanner;
Possess good understanding of vulnerability scan remediation, and management;
Strong understanding of IT Security concepts and best practices;
Superior written and oral communications, interpersonal and customer-service skills;
Demonstrated knowledge of and / or familiarity with standards and frameworks such as ITIL, COBIT, ISO / IEC 31000 series, ISO / IEC 27000 series, PCI, COSO;
Demonstrated experience in undertaking supervised security threat and risk assessments, preferably within a healthcare context, using an industry recognized framework equivalent to the Harmonized Threat and Risk Assessment (HTRA) methodology;
Certification in one or more IT governance or control standards such as ISC2 (e.g. CISSP), SANS, ISACA (e.g. CISM, CISA), PMI (e.
g. PMBOK) or equivalent preferred;
Strong analytical, problem-solving and negotiation skills;
Excellent computer skills utilizing office productivity tools including email, word processing, database and spreadsheet applications;
Knowledge of information technology project management, technology (software or hardware) development and / or technology operations management preferred; and
Knowledge of the healthcare sector and direct hospital administrative or clinical support experience preferred.
Qualified candidates are invited to submit their resumes and cover letters, in one document, quoting file 17, to :
Sunnybrook Health Sciences Centre