SUMMARY

Position Title: Director, Security
Department: Security Team
Report to: VP, Architecture, Delivery and Conformance

EDUCATION

• Undergraduate Degree in related field. MBA, or other related graduate level education, preferred.

QUALIFICATIONS & SKILLS

• Experience
• 5+ years in a security leadership, consulting or advisory role
• Relevant industry certifications including CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
• Experience in developing, and implementation of security policy, and providing security training programs, including phishing simulation
• Experience working in collaboration with external stakeholders, including government
• Experience responding to security and/or privacy incidents, and working with an incident response team
• Domain Expertise
• Solid understanding of security risk management and, ability to understand security risks, threats, and vulnerabilities and the judgement to assess and articulate security risks effectively
• Solid knowledge of security industry standards and best practices such as NIST (National Institute for Standards and Technology), ITIL, COBIT, and ISO 27001
• Knowledge of privacy and security standards (OAuth2, OIDC, SAML).
• Technical Skills
• Hands-on experience with vulnerability scanning, Endpoint Detection and Response (EDR) and Security Information Event Management (SIEM) technologies
• Solid understanding of Linux and Windows operating system security
• Experience implementing digital health solutions in Canada is beneficial
• Excellent written and spoken communication skills
• Ability to travel up to 10% of time (when public health conditions allow)
• Bilingual French and English preferred

POSITION PURPOSE

We are seeking a Director Security to provide both hands-on expertise in enterprise security operations as well as strategic leadership in securing healthcare data exchange and interoperability leveraging International Standards such as HL7® FHIR® and other Interoperability and terminology standards.
In this role, working with the Security Architect and the broader Architecture, Delivery, and Conformance team, you will lead Security aspects of Connected Care initiatives, with the goal of securing healthcare data exchange and interoperability.
In addition, the Director Security is responsible for enterprise security, including short and long-term planning, strategic alignment, leadership, subject matter expertise, project management, operational oversight, monitoring, and risk management to ensure success throughout all phases of initiatives related to engaging, integrating, implementing and deploying Infoway’s Security plans.
The Director Security has a combination of strong technical security skills, a passion for remaining current in the Healthcare critical infrastructure sector, experience in working in security operations independently and with a Managed Service Provider.

MAJOR RESPONSIBILITIES

• Secure Connected Care
• Provides expert level security advice and consultation to all levels of internal and external stakeholders
• Acts as a security subject matter expert (SME) for programs and projects to appropriately manage security risk and enable interoperability
• Participates in security aspects of procurement: vendor assessment, scores RFPs, reviews security T&C with legal counsel
• Secure patient access to health data by analyzing, documenting threats and risks, consulting on mitigation options, review with internal and external stakeholders and reflect feedback in updated risk management documentation
• Solicit, propose and draft security requirements, implementation guidance and standard operating procedures and specifications for secure Individual (Patient) Access to participating pan-Canadian trusted healthcare ecosystem
• Leads the pan-Canadian security forum. Host, lead and participate in security related panel discussions, make connections/introductions with relevant stakeholders and PTJ security representatives
• Writes papers / blogs, lead training, identify speakers, identify and lead working groups, lead and host panel discussions, make connections/introductions
• Enterprise Security Operations
• Draft and present briefing materials for working/advisory groups, senior leadership, committees, and the Board
• Mentoring others on security and data protection
• Research software applications to determine if they are secure for use at Infoway
• Implements data classification and data protection procedures
• Provide leadership and drive the work programs of the planning committee(s)
• Identify gaps in security coverage and make appropriate recommendations to fill the gaps. Assist in the deployment of security mitigations and enhancements when needed
• Maintain the Vulnerability Management program
• Working with IT and MSS, provide ongoing monitoring of compliance to security standards, policies and procedures
• Plan for, procure and perform security reviews and audits
• Maintains currency and a deep understanding of the cyber threat landscape
• Provide security leadership for the Incident Response Program
• As applicable, evaluate, engage and liaise with Managed Security Service provider, on an ongoing basis
• Oversee SIEM (Security Information and Event Management) tools
• Identify and establish appropriate security metrics that reflect information security program outcomes.
• Accountable for Cybersecurity awareness training, and delivery
• Procure and coordinate external Threat Risk Assessments and other key security assessment functions including overseeing required follow-up and remediation of security risks.