Information Security Analyst

at  BC College of Nurses and Midwives

Status: Regular, Full-Time
Number of Positions: 1
Work Location: Hybrid (a combination of in-office in Vancouver and remote work)

WHO WE ARE

The British Columbia College of Nurses & Midwives (“BCCNM”) is the college empowered under the Health Professions Act to regulate the practice of all licensed practical nurses, nurse practitioners, registered midwives, registered nurses, and registered psychiatric nurses in British Columbia. Regulation helps to protect the public by ensuring that professional care or service received by the public is competent, ethical, and meets the standards that society views as acceptable.
As western Canada’s largest health profession regulator, we believe a diverse and inclusive team enriches our efforts to protect the public. We welcome applications from all who reflect of the communities we serve, and especially encourage Indigenous Peoples and members of equity-seeking groups to apply. We believe diverse perspectives and experiences bring both innovation and better outcomes to the work we do and the decisions we make.
What we offer you
We promise to provide you with rewarding work that challenges you. You will be part of a passionate team contributing to our important mandate of protecting the public. As a member of the team, you can expect to be working in a collaborative, team-based environment, and treated in a respectful and professional manner.
The expected starting base salary for this position is $117,646 - $123,529 annually, depending on a variety of factors including qualifications and experience. Once hired, you will progress through a wider salary range over time as you continue to develop job knowledge, skills and competencies for the role.
In addition to base salary, the college offers a generous vacation and extended benefits package. As an employee, you receive 100% employer-paid health and dental benefits. And we contribute to B.C.’s Municipal Pension Plan to help you secure your retirement income. Throughout your career with us, you will engage in a variety of learning and development. We will support your professional development and cover your professional membership costs. To support you in work and life, we provide an employee assistance program and fitness allowance perk. Working with us allows you to enjoy flexible hybrid work. This position is located in Vancouver, but you’ll be able to work remotely up to 3 days a week. Our office is closed for the 11 statutory holidays in B.C. as well as Easter Monday and Boxing Day.

Your education & skills:

• Bachelor’s degree in Computer Science, Engineering, or related field and/or equivalent combination of education and experience.
• Minimum 5-7 years direct experience in cybersecurity including developing, implementing and managing an IT security program.
• Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP) or similar certification is desirable
• Experience with security architecture and controls across Microsoft cloud and on prem products and services, including Microsoft 365, Dynamics 365, Azure, and Microsoft networking products and services.
• Knowledge of computer networking concepts and protocols (e.g., TCP/IP, DNS) and network security methodologies.
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware.
• Knowledge of remote access technology concepts.
• Knowledge of application firewall concepts and functions (e.g., single point of authentication enforcement, data anonymization, DLP scanning, SSL security).
• Strong analytical and problem-solving skills.
• Exceptional written, oral, and interpersonal communication skills.
• Ability to work in collaborative team environments and to negotiate with multiple stakeholders.
• Experience in developing disaster recovery plans is an asset

Reporting to the Information Technology Architect (ITA), the Information Security Analyst (ISA) assesses risk and establishes a secure information processing environment through the management of a security program incorporating policies, strategies, mitigation plans, measurement programs, architecture, and training processes. The ISA develops and manages the security program, under the guidance of the ITA and with the support of the Director of IT and external IT security service providers.
Security is a key component of BCCNM’s Information Technology architecture. Protecting data and fulfilling regulatory obligations is critical to the public having unshakeable confidence in BCCNM as a healthcare regulator.
The ISA is a member of the IT Architecture team and collaborates with IT staff and other Operations teams to identify, recommend, implement, and manage security solutions, controls, and processes in order to protect BCCNM data and operations.
The ISA works with the ITA, the Director of IT, and external IT security service providers to ensure that security considerations are integrated into new systems, features and changes, and information exchanges with third parties. The ISA has a key role in IT security roadmap initiatives, collaborates with IT in responding to penetration testing and vulnerability assessments, and drives security incident response activities (if necessary, in collaboration with external service providers).

Key responsibilities include:

• Maintain up-to-date knowledge of the IT security landscape including awareness of attacks and threat vectors, security processes, and security solutions.
• Advise on emerging information security threats and vulnerabilities, as well as evolving industry standards and best practices.
• In collaboration with the ITA and with the support of external IT security service providers, develop, implement, and manage an IT Security Program which establishes and maintains a secure information processing environment at BCCNM.
• Based on the IT Security Program, develop and maintain BCCNM’s security environment as necessary for protecting information, systems, and technology assets (standards, policies, baselines, guidelines, procedures, processes, controls, and documentation).
• In consultation with the ITA and Director of IT, maintain an information systems security risk register and recommend security controls to be designed and implemented in collaboration with IT Teams.
• Collaborate within the IT Teams to ensure that solutions align with an established security framework such as the BC Government’s “Defensible Security Framework”.
• Participate in risk assessments in collaboration with the IT and IM Teams.
• Improve overall enterprise security through maximizing value from existing security solutions and, where necessary, driving process to enhance current solutions or select/acquire additional solutions.
• In consultation with the ITA and the Director of IT, ensure appropriate standards, processes, and procedures are in place for the design, implementation, administration, and documentation of information security systems and controls, including, but not limited to:
• Monitoring for vulnerability alerts and timely application of maintenance and patches to all technology components
• Adequate virtual network segmentation and firewall configuration (for internal or hosting providers use)
• Adequate security testing of custom-developed technology solutions
• Automatic configuration of all system components to use secure settings through methods such as Windows Group Policies and Microsoft 365 platform policies.
• Management of platform, operating system and application-level access permissions and identities, including creation of access matrix documentation, across all relevant environments, whether cloud-based or on-premise.
• Monitoring of event and security logs and automatic alert generation
• Response to security alerts and incidents, including investigation, assistance to users reporting suspected incidents, and taking actions to contain detected threat activity and minimize damage.
• Participate in the development, maintenance, and testing of the Disaster Recovery Plan, where appropriate.
• Provide input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.

Your education & skills:

• Bachelor’s degree in Computer Science, Engineering, or related field and/or equivalent combination of education and experience.
• Minimum 5-7 years direct experience in cybersecurity including developing, implementing and managing an IT security program.
• Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP) or similar certification is desirable
• Experience with security architecture and controls across Microsoft cloud and on prem products and services, including Microsoft 365, Dynamics 365, Azure, and Microsoft networking products and services.
• Knowledge of computer networking concepts and protocols (e.g., TCP/IP, DNS) and network security methodologies.
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware.
• Knowledge of remote access technology concepts.
• Knowledge of application firewall concepts and functions (e.g., single point of authentication enforcement, data anonymization, DLP scanning, SSL security).
• Strong analytical and problem-solving skills.
• Exceptional written, oral, and interpersonal communication skills.
• Ability to work in collaborative team environments and to negotiate with multiple stakeholders.
• Experience in developing disaster recovery plans is an asset.