Job Description

Southlake is building healthy communities through outstanding care, innovative partnerships, and amazing people. We deliver a wide range of healthcare services to the communities of northern York Region and southern Simcoe County. Our advanced regional programs include Cancer Care and Cardiac Care and serve a broader population across the northern GTA and into Simcoe-Muskoka.Our team of nearly 6,000 staff, physicians, volunteers, students and Patient and Family Advisors are committed to creating an environment where the best experiences happen. As a recognition of our commitment to quality and patient safety, we have received the highest distinction of Exemplary Standing from Accreditation Canada.Job SummaryReporting to the Cyber Security Lead, this position performs an analyst/administration role in safeguarding data and Information Technology assets by assisting with developing, implementing, and sustaining the hospital\'s Board of Director approved Cyber Security strategy & program. As a Cyber Security Analyst, the incumbent will apply their cyber security knowledge and skills to protect the hospital\'s information and technology environment from increasingly complex and evolving cyber threats using the appropriate security tools, products, and best practices, and will help develop and implement robust security operation processes and procedures.The role is part of any Shared Health Network Information Exchange (SHINE) Privacy and Security committees directed by SHINE Business Council executives, and implementation committees directed by Central Regional Cyber Security Partnership.Primary ResponsibilitiesExecution and Compliance to Cyber Security Strategy & Program

• Ensure that appropriate cyber security controls are executed according to the security program.
• Implement security improvements by assessing current situation, evaluating trends and anticipating requirements.
• Establish security standards for IT infrastructure and solutions and assess compliance of existing and proposed solutions.
• Assist with Vulnerability and Threat Risk Assessments (TRA) to identify potential security concerns; track and monitor the remediation and mitigation of the identified concerns through risk management methodologies.
• Help review externally completed Vulnerability and Threat Risk Assessments, track and monitor the remediation and mitigation of the identified concerns through risk management methodologies.
• Conduct internal security audits (including assessing infrastructure components and operational processes against information security and privacy policies and standards), prepare documentation of the results, set priorities based on risk levels, and track remediation and mitigation of non-conformities to acceptance and/or resolution.
• Contribute to the maintenance, testing, and improvement of incident response plans, procedures, and processes.
• Organize and conduct penetration tests on the network infrastructure and recommend prioritized remediations and mitigations to reduce risk to an acceptable level.
• Help prepare (depending on the scope / impact / situation) reports and action plans in the event that a security breach does occur.
• Assist with maintaining cyber security policies, principles, and standards in alignment with partnership commitments ie. SHINE, Central Region Security Partnership, Ontario Health.
• Maintain internal control matrices to demonstrate compliance with various frameworks and requirements, adapt to changing environments and processes, and measure the maturity of the Information Security program.
• Assist with the creation and maintenance of Incident Response Plans and Playbooks for Emergency Preparedness (Code Grey, Loss of Systems).
• Assist with the creation and maintenance of Departmental Business Continuity plans.

Cyber security infrastructure support and maintenance

• Key user / system administrator for the various cyber security tools that are utilized by the hospital (this includes ensuring the tools are kept up to date to a supportable level).
• Work with vendors to co-ordinate updates, new implementations, bug fixes etc. for security tools.
• Analyzing completion of patches (critical and otherwise) for all technology infrastructure and applications and where necessary, assisting in deployment of the patches.
• Suggest and verify baseline security configurations for applications, operating systems, networking, and telecommunications equipment.
• Conducting on-going audits to ensure compliance with security policies (both for IT staff, as well as end users).
• Maintain subject matter expertise on information security processes and standards.

Cyber Security Awareness and Training

• Help create the content and manage the process for providing security awareness training for hospital staff, physicians and any other groups that need access to corporate network and applications. This may involve providing town hall sessions and creating materials for the Learning Management Solution (LMS).
• Assist with developing and delivering training for technical staff on network and information security best practices and procedures.
• Collaborate with security partnerships (vendors and other organizations) on cyber education materials to ensure alignment where possible.
• Help maintain industry awareness and knowledge of cyber education trends and solutions.

Infrastructure Support

• Leverage technical expertise and experience to provide infrastructure support to ensure that operational activities are maintained.

Skills & Abilities

• Hands-on experience (at least 3 years) with information security is a requirement.
• Experience in network and information systems for 5 years or more in a larger sized organization (more than 500 users).
• Ability to work independently and with multiple and diverse contacts, including external organizations, other IT staff, and different levels of management within the organization.
• Foundational understanding of information security principles.
• Working experience and familiarity with common security and privacy industry standards (example: ISO/IEC 27001, NIST, PCI DSS etc.).
• Ability to handle multiple concurrent tasks while demonstrating urgency and ownership to drive projects to completion.
• Strong organizational and problem-solving skills.
• Thorough work ethic, attention to detail.
• Demonstrated experience with self-education on the ever-changing landscape of cyber security.
• Demonstrated excellence in communication, both written and verbal
• Demonstrated commitment to customer service and teamwork
• Demonstrated individual leadership skills
• Commitment to providing an exceptional experience for patients and families as well as other members of the healthcare team within a challenging and exciting health care environment.
• Demonstrated commitment to, and understanding of the principles of diversity, equity and inclusion
• Models behaviour that is aligned with the values of Southlake Regional Health Centre.
• Always with compassion
• Power of many
• Serve with purpose
• Every voice matters

Qualifications

• Undergraduate Degrees in Technology or equivalent, or Community College plus 2 years equivalent infrastructure experience.

As a condition of employment, you are required to submit proof of COVID-19 vaccination to the Hospital\'s Occupational Health and Safety department. Successful candidates will be required to submit proof of COVID-19 vaccination (two doses) from the Ontario Ministry of Health website or other authorized source directly to the Occupational Health and Safety department. In the event that you are unable to be vaccinated as a result of a ground protected under the Human Rights Code, you may submit a written explanation of the ground and any supporting documentation to determine if you are exempt from this requirement to the recruitment team. A recruitment representative may follow up with you for further information if necessary.At Southlake, we are committed to fostering an inclusive and accessible environment. We are dedicated to building a workforce that reflects the diversity of the community in which we live and serve, including those with disabilities. Southlake is committed to providing accommodations in all parts of the hiring process. If you require an accommodation, we will work with you to meet your needs.It is the responsibility of all Southlake employees to work in a safe manner and promote health and safety in the workplace.Please note: If you are selected to move forward in the recruitment process, a Southlake Talent Representative will contact you via email. Please double check any emails you receive from Southlake and ensure that the address ends in @southlakeregional.org or @southlake.ca. If it does not, we do not recommend responding as your email may not be sent to the Southlake team.

Southlake Regional Health Centre