Position Summary
Interior Health is looking for an experienced Specialist, Information Security to join our team on a full time permanent basis.
This position offers a flexible work location from within the Interior Health Region.
What we offer:
-Employee & Family Assistance Program
-Employer paid training/education opportunities
-Employer paid vacation
-Employer paid insurance premiums
-Extended health & dental coverage
-Municipal Pension Plan
-Work-life balance
Salary Range:
Salary range for the position is $88,990 to $127,923. Interior Health establishes salaries within the minimum and maximum of the salary range based on consideration of the qualifications, experience of the applicant, and an internal equity review of the salaries of other employees.
About the job:
In accordance with the established vision and values of the organization, the Specialist, Information
Security works as a subject matter expert and lead resource in reviewing existing and proposed computer-based application and data access services. Works within Digital Health and with other IHA business areas to ensure processes and practices support organizational information security policies and standards. Responsible for monitoring and tracking use of IHA data processing infrastructure, conducting investigations, and resolving electronic data processing security-related incidents. Recommends and implements security processes, technologies and access methods that align with industry security standards and support the secure, uninterrupted operation of all IHA technology services.
The Specialist, Information Security deals with sensitive and critical situations and provides training and education to Digital Health and other staff on IHA security procedures, policies, and standards.
Typical duties and responsibilities:
• Provides interpretation and expert advice, both verbally and in writing, to internal staff, physicians and management on legislation, international and eHealth information management standards and principles related to information security.
• Manages complex and cross-agency security breach and violation investigations, including collection and appropriate handling of forensic evidence, conducting risk analysis, electronic audits and on-going investigations using an enterprise risk approach. Leads, coordinates, and directs case management and documentation amongst the Integrated Breach Response Team. Liaises with external parties such as provincial government ministries and peer health authorities.
• Evaluates breach root causes, implements, and recommends resolution strategies, including disciplinary action, and practical quality improvement opportunities and risk controls targeted at strengthening organizational, operational, and technical controls.
• Participates in the development and application of security safeguards and system access controls for new and existing information technology services, ensuring alignment with IHA security policy and practices.
• Reviews and assesses operational processes both current and planned to ensure alignment with IHA security policy and industry best practice.
• Conducts periodic compliance reviews, risk analysis, electronic audits, and ongoing investigations.
• Evaluates the security risks associated with information systems and systems infrastructure by conducting formal Security Threat and Risk Assessments (STRAs) and Security Assessments (SAs) to assess risk, ensure accurate and complete documentation of security controls, and to ensure alignment with IHA policies and legislated security obligations.
• Lead monthly meetings involving partners from various IHA user-departments to review newly released patches and based on the IHA enterprise risk management framework, determine the urgency and criticality of deploying them to IHA systems.
• Reviews security logs and violation reports investigating and evaluating root causes, implements, and recommends resolution strategies, practical quality improvement opportunities and risk controls targeted at strengthening organizational, operational, and technical controls and/or escalating as required.
• Participates in the development of formalized procedures for the creation, modification, management, and deletion of user accounts and other access controls. Ensures access requests are consistent with IHA standards and have received appropriate authorization.
• Provides expert guidance to management and physicians and takes a lead role in ensuring information security is considered throughout the design or re-design of programs services and projects and initiatives.
• Develops and implements changes to existing procedures for secure management of data and information systems access controls.
• Initiates partnerships and effectively maintains critical external linkages and partnerships with provincial and federal government agency representatives, regulatory bodies, legal representatives, external private companies and partners, researchers and the public to gather, provide, clarify, or manage information security requirements.
• Initiates partnerships and effectively maintains critical internal linkages to ensure development of a consultative approach to mutual problem solving, enhancing communication, proactively anticipating, and resolving issues and supporting the implementation of required changes.
• Researches, creates, compiles, and evaluates security information management performance metrics. Completes reports including Briefing Notes and statistical reports on specific subjects such as breach management score cards, progress of the corporate security educational program within IHA. Prepares and delivers presentations to key partners, management, and staff.
• Participates in the development of technology solutions that align with industry and IHA security standards. Evaluates and recommends third party information security products to meet IHA security and confidentiality requirements.
• In collaboration with IHA Network services, provides direct and indirect support for network security solutions such as Firewalls, Intrusion Prevention Systems, Antivirus, and Internet Filtering technologies.
• Effectively participates and represents the Health Authority on provincial and local committees or task groups. Represents the Manager, Information Security as required.
• In collaboration with Information and Privacy personnel, works with IHA programs to ensure education and compliance with system security policy and procedures. Promotes security best practices and performs both formal and ad-hoc information protection training.
• In alignment with IH’s Occupational Health & Safety Program, employees shall adhere to all Occupational Health and Safety policies and procedures at all times and attend all required training. Employees are responsible to report any identified hazards, unsafe conditions or incidents to the manager or supervisor immediately.
• Performs other related duties as assigned.
Qualifications
Honouring Interior Health’s commitment to Truth and Reconciliation and the Declaration on the Rights of Indigenous Peoples Act (DRIPA), and Pursuant to Section 42 of the BC Human Rights Code, preferential consideration and/or hiring will be given to qualified applicants who self-identify as Indigenous (First Nations, Métis, or Inuit).
Education, Training, and Experience
• A Bachelor's degree in Computer Science.
• Five years of experience in a large information technology services environment.
• Or an equivalent combination of education, training, and experience.
Skills And Abilities
• Good working knowledge of IM/IT security principles, management, tools, and procedures.
• Comprehensive knowledge of core security technologies including firewalls, anti-virus, intrusion detection/prevention, monitoring'/reporting.
• Recent relevant experience working with Windows desktop and server technologies in a large information technology environment required.
• Good working knowledge of networking concepts and technologies.
• Knowledge of FIPPA, ISO 27002 and the BC Government Information Security Policy preferred.
• Active CISSP, SANS GIAC, or Security + certification and healthcare experience preferred.
• Advanced understanding of information security, governance and eHealth practices and trends, related legislation and requirements, provincial eHealth, and clinical information systems.
• Solid understanding of information security principles and controls to support risk management identification in electronic systems.
• Ability to problem solve with a global perspective in order to incorporate the organization's systems and strategies when developing viable solutions to problems.
• Ability to establish and maintain effective partnerships with a variety of partners while exercising maturity, tact, confidentiality, and discretion.
• Ability to function in a highly dynamic environment, including working under pressure, adapting, and responding to changing priorities and meeting deadlines.
• Ability to keep skill set up to date with new technologies as they are introduced to the workplace.
• Excellent facilitation, coaching, conflict management, planning and interpersonal skills, with the capability of providing leadership and interacting comfortably with a variety of disciplines at all levels of the organization.
• Ability to assess complex situations and make appropriate recommendations.
• Excellent written and oral communication skills coupled with the ability to write or edit high quality business.
• documents.
• Ability to utilize both analytical skills and conceptual thinking to identify and resolve issues.
• Ability to work independently and effectively under time pressure to meet deadlines, balance work priorities and resolve issues appropriately.
• Demonstrated superior organizational, time management, listening and recording skills.
• Use of a personal vehicle to travel between multiple sites.
• Physical ability to perform the duties of the job.
Comments
Interior Health now offers assistance from an Indigenous Employment Advisor. If you self-identify as Indigenous (First Nations, Métis or Inuit) and if you would like assistance with the application process and/or career exploration, send your question(s) via email to IndigenousEmployment@interiorhealth.ca to be redirected to the Employment Advisor. We invite applicants to self-identify as First Nations, Métis, or Inuit within cover letters and/or resumes.