Senior IT Security Audit & Compliance Specialist

at  Bayshore HealthCare

Bayshore HealthCare is one of the Canada’s leading providers of home and community health care services and is a privately owned company. Bayshore HealthCare is proud to showcase its achievement as a Platinum member of Canada’s Best Managed Companies Program every year since 2006. Bayshore Healthcare is also recognized as Canada’s Best Employers in Forbes 2023 list.
Are you passionate about making a real difference and help people live their best lives? If so, you may be the right person to join us as the Senior IT Security Audit and Compliance Specialist. The Senior IT Security Audit and Compliance Specialist will help manage Bayshore’s compliance with applicable information security standards by conducting risk assessments and internal audits and supporting and/or managing external audits. The role also helps ensure a robust, compliance security posture and is instrumental in safeguarding the organization’s people, processes, technology, and reputations from any Cyber Threats.

EXPERIENCE

• Minimum 8 years of tactical and operational experience in governance, risk, and compliance, or information security, with a focus on risk management, audit, and compliance.
• Knowledge and practical experience with the following risk management frameworks: ISO 27001/2, NIST, PCI, SOC2, and PHIPA/PIPEDA.
• Knowledge of global cybersecurity, technology, and data privacy regulatory requirements
• Experience reporting policy and compliance posture to senior stakeholders.
• Ability to direct cross-functional work and hold others accountable to committed deadlines.
• Experience with auditing cloud infrastructure with cloud standards and certifications (CSA, NIST)
• Governance, Risk, and Compliance Experience in the healthcare sector is a valuable advantage. Other Skills and Abilities
• Ability to work independently with minimal supervision.
• Strong analytical skills along with the ability to effectively communicate complex security related information, including risk identification, assessment, and remediation activity.
• Strong verbal and written communication skills are essential.
• Ability to work effectively and collaboratively with internal staff, external partners, and stakeholders.
• Demonstrates high ethics and trust values.

• Collaborate with Security, Legal, Privacy, and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issues. • Help in Promoting a culture of security awareness within the organization.

• Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation.
• Lead as the Security and Compliance Consultant in the execution of security initiatives, ad hoc application assessments, penetration testing, and staying up to date on potential threats.
• Research and check for new regulations or compliance procedures and measure their effectiveness for cloud SaaS solutions.
• Drive the remediation of issues identified through security testing and support the implementation, delivery, and operation of new and existing business applications, platforms, and services projects.
• Maintain detailed records of compliance activities, audit trails, and risk assessments, recommend corrective actions, follow up on their implementation, and communicate security compliance program results to a broad audience, including peers and senior leaders.
• Help in managing day-to-day security operations, monitor and respond to security alerts, and manage the vulnerability management program.
• Monitor industry security updates, technologies, and best practices to improve security across the infrastructure and application development domains and keep abreast of the latest regulations, standards, and best practices in IT security and compliance.
• Completes other security-related tasks as requested.
• Backup to the Information Security Officer.
• Available to work overtime outside regular business hours or on weekends as required

Education

• College or University level education or equivalent level of experience in the industry.
• Completion of a Security-related certification (CISSP, CISA, GIAC, etc.) is mandatory

• Educate, communicate, and lead Security projects to ensure security policies and standards are applied to new system implementations and that IT and security risks are adequately mitigated.
• Perform Security and Privacy Security assessments on projects and propose solutions to mitigate risk.
• Conduct periodic risk assessments of Bayshore’s security risk exposure and determine the likelihood and impact on the business in quantitative and qualitative terms. Capture relevant cybersecurity risks in the risk register/reports/dashboard and keep it updated.
• Facilitate risk decomposition activities with key stakeholders and document the outcomes.
• Plan, execute, and manage regular audits of the organization’s security controls, procedures, and infrastructure to identify gaps and non-compliance issues.
• Coordinate with internal teams and external auditors to ensure audits are conducted efficiently and meet compliance objectives.
• Implement and maintain compliance programs to ensure Bayshore’s compliance with applicable industry standards such as SOX, ISO, NIST etc., and specific sector regulations, such as PCI-DSS and PHIPAA/PIPEDA.

• Collaborate with Security, Legal, Privacy, and other partners to incorporate security and compliance requirements into the security policy framework and track policy implementation and issues. • Help in Promoting a culture of security awareness within the organization.

• Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation.
• Lead as the Security and Compliance Consultant in the execution of security initiatives, ad hoc application assessments, penetration testing, and staying up to date on potential threats.
• Research and check for new regulations or compliance procedures and measure their effectiveness for cloud SaaS solutions.
• Drive the remediation of issues identified through security testing and support the implementation, delivery, and operation of new and existing business applications, platforms, and services projects.
• Maintain detailed records of compliance activities, audit trails, and risk assessments, recommend corrective actions, follow up on their implementation, and communicate security compliance program results to a broad audience, including peers and senior leaders.
• Help in managing day-to-day security operations, monitor and respond to security alerts, and manage the vulnerability management program.
• Monitor industry security updates, technologies, and best practices to improve security across the infrastructure and application development domains and keep abreast of the latest regulations, standards, and best practices in IT security and compliance.
• Completes other security-related tasks as requested.
• Backup to the Information Security Officer.
• Available to work overtime outside regular business hours or on weekends as required.

The Sr. IT Security Audit & Compliance Specialist directly reports to the Manager of IT Security & Compliance.
Work Location : Bayshore Healthcare, Mississauga ON. ( Hybrid )
Job Qualification

Education

• College or University level education or equivalent level of experience in the industry.
• Completion of a Security-related certification (CISSP, CISA, GIAC, etc.) is mandatory.