Information Security Officer - (H-415)

Information Security Officer - (H-415)

26 Aug
Women's College Hospital

26 Aug

Women's College Hospital


Women's College Hospital (WCH) is an academic, ambulatory care hospital in Ontario with a focus on health for women, health equity and health system solutions. If you're ready to be part of a team that is revolutionizing the future of healthcare, then you will want to join an institution where the possibilities for innovation, new discovery and system thinking are limitless. Women's College Hospital is committed to equity, quality and patient safety as key professional values and essential components of daily practice.

With the mobilization of our , WCH has entered an exciting phase of its history – strengthening its bond with partners and introducing a new and inspiring vision:

Healthcare revolutionized for a healthier and more equitable world.

Job Description

An exciting regular full-time opportunity as an Information Security Officer exists in Information Management/Information Technology reporting to the Manager, Technical & Support Services. This role is responsible for continuously assessing the security posture, quantifying risks and remediating weaknesses in security controls. This includes the operation of security solutions: identifying, investigating and resolving security breaches detected. In addition, articulating security risks and proving practical recommendations to management, providing plans for remediation of identified risks and implementing proactive fixes as necessary. The Information Security Officer is expected to align with organization security goals by creating, and or maintaining of policies, standards, guidelines and procedures, as well as conducting vulnerability audits and assessments, to actively work towards upholding those goals.

Summary of Duties, but not limited to:

Strategy & Planning

• Participate in the planning and design of enterprise security architecture

• Create enterprise security documents (policies, standards, guidelines and procedures) to apply to technical architecture, data security and mitigate risks for new projects and day-to-day operations

• Develops plans for remediation of any security breaches or risks/issues identified

Acquisition & Deployment

• Maintain up-to-date knowledge of the IT security industry including awareness of new security solutions, improved security processes and the development of new system vulnerability identifiers

• Deploy, integrate and configure all new security solutions and enhance existing solutions in accordance with best practice and security standards

Operational Management

• Regularly evaluate information security posture across technology solutions

• Monitor all security solutions (e.g. Firewall, SIEM, NAC), review logs/reports and participate in investigations into problematic activity using plans developed for remediation

• Maintain up-to-date baselines for the secure configuration and operations of all devices (e.g. security tools, workstations, servers, network devices, etc.) and ensure compliance

• Assess risk to the organization’s information/technology assets based on evolving landscape

• Provide analysis and guidance regarding threats, vulnerabilities, privacy and security incidents

• Produce high quality information security risk reports, auditing of data access not complying with policies and clearly articulating risks and providing practical recommendations to senior management

• Integrate information security principles into corporate initiatives, ensuring alignment and engagement with organizational stakeholders (such as privacy, health information, etc.)

• Regularly monitor compliance vs. internal/industry targets for KPIs

• Participate in projects by evaluating requirements, interviewing stakeholders, providing security-related questions and feedback, evaluating technical solutions, managing security testing (including Vulnerability Assessments and Pen. Testing), producing appropriate reports, and following up on recommendations

• Provide expertise and oversight to ensure the organization adheres to corporate policies, minimizes risks and follows best practices to protect organizational resources

• Improve the efficiency and effectiveness of information security governance, security architecture, security procedures, standard practices, and technical standards

• Promote the understanding and adoption of information security standards, solutions, products and tools by technical, clinical and business personnel

• Provides hands-on support/guidance to WCH’s technical team as required relating to security posture and implementation of best practices

• Supports implementation of security principles through technical solutions, including pre-and-post-implementation testing

• Maintain and monitor network security infrastructure, including ownership of regular network penetration testing and remediation, monitoring of Wi-Fi environments, IDS/IPS, maintaining all equipment software and policy levels, in-line with the evolving global threat landscape

• Administer and help secure network access control using existing NAC(clearpass) system to control network access to WCH

• Operate and help secure enterprise IT networking services (NAC, IPS, VPN, Firewalls, Switches, Wi-Fi, IDS/IPS, VOIP, Load Balancers, etc.) acting as the secondary to the Network Specialist

As a role model and champion you will work to identify and integrate safe, best practices into daily activities to foster the delivery of safe and exemplary care.

The responsibilities described above are representative and are not to be construed as all-inclusive.


• Bachelor’s Degree in Computer science, Information Technology, Information Management, or other related field, or equivalent experience and industry certifications, such as CCNP/CCIE, CISSP, HP Ace, etc.

• 10 years of hands-on network or infrastructure-related technical experience

• 5 years in an Information Security-related role/profession

• Experience with penetration testing, vulnerability scanning and threat-risk assessments (assessment and remediation)

• Knowledge of IT security products and current threat landscape

• Strong knowledge of networking concepts, particularly next-generation firewalls

• Knowledge of IT security frameworks (COBIT, TOGAF, NIST, ISO 27001, etc.)

• Ability to document and plan multi-phase initiatives, adapting in-flight, with minimal disruption

• Familiarity with PHIPA and PIPEDA an asset

• Experience working with Cloud technologies an asset

• Experience working with Network Access Control, Firewalls, Auditing and other security tools an asset

• Should have functional knowledge of High Availability and Disaster Recovery solutions

• Strong problem solving and conflict resolution skills.

• Strong customer service skills.

• Strong analytical skills; ability to forecast comprehensive multi-year plans.

• Strong organizational skills and the ability to oversee several projects with competing priorities.

• Strong ability to produce high quality reports and meet deadlines.

• Self-starter, with strong ability to self-manage or self-direct.

• Strong interpersonal skills in order to interact with individuals in a wide range of situations.

• Strong verbal and written communication skills.

• Strong critical thinking, judgement and analysis.

• Demonstrated record of good performance and acceptable attendance will be considered as part of the selection criteria

• Professional behaviour and communication that meets the standards of the professional regulatory college or association, as applicable, and the standards of Women’s College Hospital

• This position plays a critical role in acting as an advocate for safety and will demonstrate principles, practices and processes that will optimize a safe environment for all

Closing Statement

Women's College Hospital is a fully affiliated teaching hospital of the University of Toronto and is committed to fairness and equity in employment and our recruitment and selection practices. We encourage applications from Indigenous peoples, people with disabilities, members of sexual minority groups, members of racialized groups, women and any others who may contribute to the further diversification of our Hospital community. Accommodation will be provided in all parts of the hiring process as required under our Access for People with Disabilities policy. Applicants need to make their requirements known in advance.

The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: information security officer - (h-415)
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert