Job Description

Bayshore HealthCare is one of the country\xe2\x80\x99s leading providers of home and community health care services and is a Canadian owned company. Bayshore HealthCare is proud to showcase its achievement as a Platinum member of Canada\xe2\x80\x99s Best Managed Companies Program every year since 2006. In 2015, Bayshore achieved the designation for Best Practice Spotlight Organization from the Registered Nurses\xe2\x80\x99 Association of Ontario. Bayshore Healthcare is also Canada\xe2\x80\x99s Best Employers Forbes 2023 list.

The Senior Information Security Analyst, under the direction of the Manager, Information Security & Compliance assists with the planning and implementing of security measures to protect Bayshore\xe2\x80\x99s information computing systems and data that supports the company\xe2\x80\x99s Security program and objectives. The role\xe2\x80\x99s main activities include system monitoring, technical review of company initiatives and enhancements, risk analysis, policy review and development, implementation of various security roadmap projects and activities, awareness training programs, cloud-security, security assessments and remediation activities.

The Senior Information Security Analyst reports directly to the Manager, Information Security & Compliance.

Duties and Responsibilities :

• Educate, communicate, participate and lead projects, ensuring security policies, standards and procedures of technology and configuration are applied to new system implementations and that other IT and security risks are adequately mitigated
• Performs threat risk and/or privacy risk assessments on projects and other IT initiatives and propose solutions to mitigate risk.
• Participate in the SDLC process on projects in order to design and implement the required Information Security measures for new and upgraded systems.
• Collaborates with application development teams to ensure security requirements are satisfied within Bayshore\xe2\x80\x99s applications
• Identify, coordinate and lead the execution of ad hoc application assessments and penetration testing.
• Drive the remediation of issues identified through internal and external security testing (penetration testing, annual corporate testing).
• Supports and drives the secure implementation, delivery and operation of new and existing business applications, platforms and services projects of IT and across Business functions
• Understand, deploy and document solutions to comply with Bayshore\xe2\x80\x99s security directives;
• Reviews and approves security configuration and installation of firewall, VPN, routers, IDS scanning technologies, and servers;
• Provides security consulting and expertise on threat mitigation, prevention, and counter measures;
• Acts as a Subject Matter Expert in one or more of the other security domains ( Data Protection, Application Security, Endpoint Security, Network & Infrastructure Security, Threat & Fraud Management, SIEM/Auditing/Analytics, Identity and Access Management)
• Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards
• Leads the Information Security Awareness Program
• Working knowledge in Identity Access Management, Privileged Account Management and Key Management solutions
• Manage day-to-day security operations, ensuring the identification and remediation of information security risks, threats and vulnerabilities.
• Monitor and respond to security alerts generated from Security Incident Event Management (SIEM), Traps (Anti-virus), Firewall, IDS/IPS, VPN, etc. and escalate to the appropriate team for resolution;
• Manage the vulnerability management program by reviewing vulnerability scans, interpreting results, coordinating remediation efforts, reporting status and metrics to demonstrate improvement;
• Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
• Secure business applications and computing environments in Azure and AWS cloud infrastructures.
• Completes other security related tasks as requested
• Backup to the Information Security Officer
• Monitors industry security updates, technologies and best practices to improve security across the infrastructure and application development domains.

Work Location : Mississauga National Office ( Hybrid )

Qualifications

Education

• College or University level education or equivalent level of experience in the industry.
• Completion of a Security related certification is mandatory (CISSP, CISA, GIAC, etc.).
• Cloud Certificate is required.

Experience

Minimum 5 years\xe2\x80\x99 experience in a technical security consultant or analyst role.
Demonstrates expert knowledge of network security control environments and architecture, including, system administration, intrusion detection, network architecture, enterprise threat management, perimeter controls.
Knowledge of network security controls, appliances, including next generation perimeter security controls and web application firewalls.
Systems administration experience, in Networks and Windows is considered a strong asset;
Strong Knowledge of traditional and cloud Architecture, experience of AWS, Azure or other public and private cloud technologies is required.
Other Skills and Abilities

• Ability to work independently with minimal supervision;
• Strong verbal and written communication skills are essential;
• Ability to work effectively and collaboratively with internal staff, external partners and stakeholders.
• Demonstrates solid analysis skills
• Displays high ethics and trust values

#LI-Hybrid

Bayshore HealthCare