Careers

Position: IS Manager, Information Cyber Defense, Identity and Access Management
Status: Permanent Full time
Department: Information Services
Posted Date: Monday April 29, 2024 – Monday May 13, 2024, at 11:59 PM EDT
Salary per Annum: $112,050 – $168,150 (salary band placement commensurate with experience)

A New Kind of Health Care for a Healthier Community. That’s our mission at Trillium Health Partners (THP), one of the largest community-based acute care facilities in Canada. Comprised of the Credit Valley Hospital, the Mississauga Hospital, and the Queensway Health Centre, along with several satellite locations, THP serves the growing and diverse populations of Mississauga, West Toronto, and surrounding communities, and is a teaching hospital affiliated with the University of Toronto. If you are passionate about your career, motivated to improve the health of the community, and committed to excellence, quality, and patient safety consider joining our Better Together team!

Position Overview:

Drive IT Excellence through Information Security

Bring your talents to Trillium Health Partners and become an invaluable leading resource to our team ensuring the highest level of system performance, integrity and reliability. At THP, we are diligent in protecting our information assets. These assets are critical to the fulfillment of our mission. We strive to safeguard the confidentiality, integrity, and availability of our hospital and patient’s information.

As an integral leader of the Information Services division, the Manager, Information Cyber Security, Identity and Access Management, is accountable to the Chief Technology Officer and will provide thought leadership and strategic direction for the delivery of Information Security program, risk management, operations, Human Resource and Financial management.

The Manager is responsible for the leadership of the Information Security staff and program, including all activities related to the development, implementation and operation of the Information Security program for Trillium Health Partners (THP). The Manager is responsible for mentoring and leading both direct reports and staff throughout the organization in establishing and maintaining a culture of information security and resiliency.

The Manager is recognized as the organizational leader in the Information Security domain, and will identify risks and the organizational priorities, which require the allocation of human and financial resources to successfully mitigate and implement. The Manager is responsible for leading a team of subject matter experts who work with THP stakeholders to support their business goals while ensuring it aligns with the organizations information security strategies. The Manager is accountable for contributing to and delivering the Information Security Strategy; the human resources plan and succession planning in a subject matter area characterized by workforce shortages and a skills gap; and the financial and human resource requirements that are needed to deliver and implement the strategy; and for ensuring the continuous delivery of day-to-day information security operations.

The Manager is responsible for attracting, retaining and leading high quality security talent to ensure the area(s) they are responsible for are performing as required, are fulfilling business requirements, are identifying and addressing gaps in products and services within their domain and are to engage other teams in this effort as required. While doing so they are responsible for minimizing organizational risk, maximizing productivity and operational effectiveness through a continuous quality improvement approach.

As a key leader of this role, you will liaise with internal stakeholders and healthcare disciplines on identifying and implementing the corporate security strategic vision.

Here’s what you will get to do:

• Lead THP SOC (Security Operation Center) to identify, protect, detect, respond and recover towards evolving cyber threats and overall cyber risks.
• Identify and report on information security risks, threats, vulnerabilities and breaches and make recommendations on remediation opportunities to manage risks.
• Ensures THP is protected from security and cyber threats and has response plans to react and manage security event.
• Contribute to the development of Information security strategic plan and roadmap.
• Development and implementation of the Information Security strategic and operating plans.
• Manage the teams’ workload, assign and prioritize work-based assessment of risk to the organization.
• Lead the development, implementation and maintenance of information security strategy, policies, procedures and controls in coordination with CTO and CIAO and oversight committees to ensure continuous improvement aligned with the changing risk landscape.
• Implement best practice procedures to ensure uniform security architecture throughout Application Development, Operations and Infrastructure.
• Ensure the team develops and implements the information technology security architecture framework.
• Ensuring the continuous delivery of day-to-day information security operations.
• Ensure team can respond 7×24 to security incidents.
• Leads incident response or forensic analysis on security incidents and sensitive investigations into employee conduct and misuse of computer systems.
• Provide reports, briefings and risk-based recommendations on routine and non-routine security events and incidents.
• Lead and facilitate lessons learned, post-mortem and best practices activities on cyber security events and incidents
• Ensure the security processes and procedures are followed at all times and escalate any issues to the CTO.
• Ensure any new software or technology integration into the hospital meets information security system compliance, standards and specifications.
• Leads design and execution of vulnerability assessments, penetration tests, risk assessments, and security audits and ensures they are performed on regular intervals.
• Develop materials and promote activities to foster information security awareness across the organization.
• Ensures that projects, programs and other activities in IS are implemented with proper consideration given to information security.
• Determines minimum security requirements for applications and systems based on policy, data sensitivity, exposure, and other factors.
• Maintain current knowledge security industry trends and technologies
• Evaluate new technologies including emerging concepts for security impact on the environment and makes appropriate recommendations.
• Monitor internet for emerging threats of new attacks and threat vectors.
• Leads technical implementations of security-related systems.
• Understand current regulatory environment and related implications to security management compliance.
• Effectively communicate with a wide range of technical and non-technical personnel.
• Review and validate IT controls and assess the impact of any related IT deficiencies.
• Ensure that all documentation and materials are regularly reviewed and up to date.
• Vendor relationship management.

Qualifications:

Successful candidates will have demonstrated extensive experience in information security. The ideal candidates will, at minimum, have 5 years of work experience in information security working in a regulated industry, preferably health care.  Be familiar with government and industry regulations that involve information security. A university degree is required. Certified Information Systems Security Professional (CISSP) or equivalent industry recognized certifications is required.

APPLY

Internal employees who believe they possess the necessary qualifications and experience for this position and who have been in their current position for at least six (6) months are encouraged to apply.

We are an Equal Opportunity Employer. In accordance with the Accessibility for Ontarians with Disabilities Act, 2005  and the Ontario Human Rights Code. Trillium Health Partners will provide accommodations throughout the recruitment and selection process to applicants with disabilities. If selected to participate in the recruitment and selection process, please inform Human Resources of the nature of any accommodation(s) that you may require in respect of any materials or processes used to ensure your equal participation. All personal information is collected under the authority of the Freedom of Information and Protection of Privacy Act.

Applicants must be eligible to work in Canada. We would like to thank all applicants for their interest in this position, however, only those selected for an interview will be contacted. Trillium Health Partners is recognized under the French Language Services Act.