Director, Security

Summary

Position Title: Director, Security

Department: Security Team

Report to: VP, Architecture, Delivery and Conformance

Overview

At Canada Health Infoway (Infoway) we believe a more connected and collaborative system is a healthier system, and we work with governments, health care organizations, clinicians, and patients to make health care more digital. We’re working to ensure that everyone is able to access their personal health information, book appointments, get prescriptions, view lab test results and access other health services, online. We are working with our partners to transform the health system because we know that digital health can be as transformative as digital has been in other aspects of our lives. We are an independent, not-for-profit organization funded by the federal government.

Continuing to improve Canadian health care necessitates work in interoperability connected systems are healthier systems. Connected care means a healthier Canada, and Infoway is committed to advancing interoperability. Harnessing data sharing will result in “connected care” and a modern health system for all Canadians. In support of the provinces and territories, Infoway is facilitating a national collaborative effort to advance interoperability using a collaborative development process.

Together with our jurisdictional, clinical, patient and industry partners we are committed to improving the health of Canadians by accelerating the development, adoption and effective use of innovative digital health solutions.

Why Join Us?

• Be part of a high-profile, ambitious, and exciting pan-Canadian initiative that improves the health of populations and unlocks value for the health system
• Work with a dynamic, multi-functional team of professionals dedicated and passionate about modernizing the health care system
• Demonstrate your strong organizational, technical leadership skills in a fast-paced, innovative, and supportive environment
• We take care of our employees

Position Purpose

We are seeking a Director Security to provide both hands-on expertise in enterprise security operations as well as strategic leadership in securing healthcare data exchange and interoperability leveraging International Standards such as HL7 FHIR and other Interoperability and terminology standards.

In this role, working with the Security Architect and the broader Architecture, Delivery, and Conformance team, you will lead Security aspects of Connected Care initiatives, with the goal of securing healthcare data exchange and interoperability.

In addition, the Director Security is responsible for enterprise security, including short and long-term planning, strategic alignment, leadership, subject matter expertise, project management, operational oversight, monitoring, and risk management to ensure success throughout all phases of initiatives related to engaging, integrating, implementing and deploying Infoway’s Security plans.

The Director Security has a combination of strong technical security skills, a passion for remaining current in the Healthcare critical infrastructure sector, experience in working in security operations independently and with a Managed Service Provider.

Major Responsibilities

• Secure Connected Care
  • Provides expert level security advice and consultation to all levels of internal and external stakeholders
  • Acts as a security subject matter expert (SME) for programs and projects to appropriately manage security risk and enable interoperability
  • Participates in security aspects of procurement: vendor assessment, scores RFPs, reviews security T&C with legal counsel
  • Secure patient access to health data by analyzing, documenting threats and risks, consulting on mitigation options, review with internal and external stakeholders and reflect feedback in updated risk management documentation
  • Solicit, propose and draft security requirements, implementation guidance and standard operating procedures and specifications for secure Individual (Patient) Access to participating pan-Canadian trusted healthcare ecosystem
  • Leads the pan-Canadian security forum. Host, lead and participate in security related panel discussions, make connections/introductions with relevant stakeholders and PTJ security representatives
  • Writes papers / blogs, lead training, identify speakers, identify and lead working groups, lead and host panel discussions, make connections/introductions

• Enterprise Security Operations
  • Draft and present briefing materials for working/advisory groups, senior leadership, committees, and the Board
  • Mentoring others on security and data protection
  • Research software applications to determine if they are secure for use at Infoway
  • Implements data classification and data protection procedures
  • Provide leadership and drive the work programs of the planning committee(s)
  • Identify gaps in security coverage and make appropriate recommendations to fill the gaps. Assist in the deployment of security mitigations and enhancements when needed
  • Maintain the Vulnerability Management program
  • Working with IT and MSS, provide ongoing monitoring of compliance to security standards, policies and procedures
  • Plan for, procure and perform security reviews and audits
  • Maintains currency and a deep understanding of the cyber threat landscape
  • Provide security leadership for the Incident Response Program
  • As applicable, evaluate, engage and liaise with Managed Security Service provider, on an ongoing basis
  • Oversee SIEM (Security Information and Event Management) tools
  • Identify and establish appropriate security metrics that reflect information security program outcomes.
  • Accountable for Cybersecurity awareness training, and delivery
  • Procure and coordinate external Threat Risk Assessments and other key security assessment functions including overseeing required follow-up and remediation of security risks.

Education

• Undergraduate Degree in related field. MBA, or other related graduate level education, preferred.

Qualifications & Skills

• Experience
  • 5+ years in a security leadership, consulting or advisory role
  • Relevant industry certifications including CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager)
  • Experience in developing, and implementation of security policy, and providing security training programs, including phishing simulation
  • Experience working in collaboration with external stakeholders, including government
  • Experience responding to security and/or privacy incidents, and working with an incident response team

• Domain Expertise
  • Solid understanding of security risk management and, ability to understand security risks, threats, and vulnerabilities and the judgement to assess and articulate security risks effectively
  • Solid knowledge of security industry standards and best practices such as NIST (National Institute for Standards and Technology), ITIL, COBIT, and ISO 27001
  • Knowledge of privacy and security standards (OAuth2, OIDC, SAML).

• Technical Skills
  • Hands-on experience with vulnerability scanning, Endpoint Detection and Response (EDR) and Security Information Event Management (SIEM) technologies
  • Solid understanding of Linux and Windows operating system security
  • Experience implementing digital health solutions in Canada is beneficial
  • Excellent written and spoken communication skills
  • Ability to travel up to 10% of time (when public health conditions allow)
  • Bilingual French and English preferred

Our commitment

Infoway is committed to employing a diverse workforce and is proud to be an equal opportunity employer.

Infoway provides reasonable accommodations to employees as well as candidates taking part in the recruitment process, upon request.

We thank you for your interest in this opportunity at Infoway however, only those applicants who most closely meet the qualifications for this position will be contacted.