Information Security Specialist

at  Profound Medical

Our mission is to Profoundly change the standard of care by creating a tomorrow where clinicians can confidently ablate tissue with precision; a tomorrow where patients have access to safe and effective treatment options, so they can quickly return to their daily lives. Changing the standard of care is part of our fabric. We are a group of energetic, problem-solvers focused on innovation, and looking to change the world. We are changing the paradigm for treating diseases such as prostate cancer by using real-time MR Imaging, thermal ultrasound and close-loop temperature feedback control, to gently ablate the diseased tissue with minimal side effects.
If you share our values and want to work in a collaborative results focused culture and want to make a Profound impact in healthcare and your career, here is your chance.

EDUCATION AND CERTIFICATION:

• A Bachelor’s degree in Information Security, Computer Science, or a related discipline.
• One or more professional certifications such as CISSP, CISM, CEH, or equivalent.

KEY ATTRIBUTES (EXPERIENCE, SKILLS AND TECHNICAL KNOWLEDGE):

• Minimum of 5 years of experience in information security or related fields.
• Proficient with Microsoft Defender suite, including Endpoint, Identity, and Cloud configurations.
• In-depth knowledge of data protection regulations and compliance frameworks.
• Strong understanding of network security, application security, and data encryption methodologies.
• Experience with security risk assessments and vulnerability management.
• Demonstrated ability to lead security incident response and investigations.
• Familiarity with secure development practices and software security principles.
• Excellent communication skills, with the ability to explain complex security concepts in simple terms.
• Strong analytical and problem-solving skills.
• Hands-on experience with security monitoring and SIEM tools.
• Ability to manage multiple priorities and projects in a dynamic environment.

GENERAL ACCOUNTABILITY:

The Information Security Specialist reports to the IT Manager and is responsible for ensuring the security of the company’s applications, infrastructure, and data. This role involves collaborating with other IT team members and software teams to maintain secure configurations and compliance standards of all devices and applications. The Information Security Specialist will act as the company’s Data Protection Officer (DPO) and play a critical role in maintaining the security and compliance of the TULSA-PRO and Sonalleve applications.

DUTIES AND RESPONSIBILITIES:

• Collaborate with IT team members to secure all applications and configurations using Microsoft Defender.
• Monitor and maintain Microsoft Defender security tools and processes to ensure optimal performance and compliance.
• Act as the company’s Data Protection Officer (DPO), ensuring compliance with data protection regulations and overseeing data privacy initiatives.
• Work with the software development team to identify and mitigate security risks for the TULSA-PRO and Sonalleve applications.
• Conduct regular security assessments, vulnerability scans, and penetration tests to identify potential threats.
• Develop, document, and implement information security policies, procedures, and standards.
• Manage incident response activities, including investigation, documentation, and resolution of security incidents.
• Provide training and awareness programs for employees on information security and data protection.
• Oversee compliance with industry standards, regulatory requirements, and best practices, including GDPR, HIPAA, or ISO 27001 as applicable.
• Maintain up-to-date and accurate information security documentation.
• Establish KPIs for information security processes and monitor performance to ensure objectives are met.
• Manage vendor relationships for security tools and services.
• Support IT projects by providing security and compliance guidance.
• Other duties as assigned by the IT Manager.