Salary Range: $76,111-$109,409/year. The starting salary for this position would be determined with consideration of the successful candidate’s relevant education and experience, and would be in alignment with the provincial compensation reference plan. Salary will be prorated accordingly for part time roles.

Job Summary:

The Information Security Analyst analyses and monitors the IT environment, and provides initial intake, assessment, and prioritization of security requests and/or events requiring incident responses based on risk and urgency. The Analyst logs, tracks and coordinates incident response work activities, and ensures higher priority events are escalated timely and appropriately. The Analyst leads investigations into security related incidents and policy violations and is a key member of an integrated breach response team. In collaboration with the Information Access and Privacy department, the Analyst consults on the development of security policies and procedures, and the implementation of security controls.

Duties/Accountabilities:

Technical

• Conducts information security investigations and breach management activities utilizing approved processes and techniques on electronic audits, security logs review, and to gather forensic evidence.
• Maintains clear, concise, objective and complete documentation regarding all details of information security breaches and investigations to ensure action taken to contain and remediate these events are formally recorded.
• Monitors and maintains security tracking tools and associated databases and prepares reports and presentations on metrics and risk trends.
• Conducts security, vulnerability, and risks assessments related to the information security features of the systems, networks, and related administrative activities. Develops reports and recommends mitigation strategies where necessary.
• Responds to and manage customer security related requests based on risk and urgency analysis to ensure appropriate prioritization and timely response to high priority events.
• Performs other related duties as assigned.
  
  

Working Relationships

• Coordinates completion of remediation activities to security incidents in collaboration with technical teams within Technology Services and Client representatives.
• Liaise with the Information Access and Privacy department on security assessments, audits and investigation, as required.
• Actively participates on internal and external committees, as required.
  
  

Leadership

• Provides day-to-day guidance and direction both verbally and in writing to internal staff, customers and management on information security processes, policy, standards and best practices.
• Consults on the development of policies and procedures, and the implementation of security controls.
• Promotes good security practices and a culture of information security awareness.
  
  

Decision Making

• Analyzes complex information through acute problem-solving to manage and investigate security incidents. Develops reports, action plans, and response communication on mitigation strategies.
• Monitors and interprets security alerts generated by security monitoring systems to ensure appropriate and timely response to security-related incidents.
  
  

Budget

• Not responsible for a department or business unit stream.
  
  

 

Qualifications:

Education, Training and Experience:

• A minimum of a Bachelor’s degree in computer science, engineering or a related study with a minimum of five (5) years of experience within a large complex multi-site organization, preferably in healthcare or a public sector setting OR equivalent combination of work experience and education.
• Information Security Certification (CISSP, CISM) is preferred.
• Comprehensive knowledge of information security principles, IT risks, compliance and security frameworks (COBIT, ISO 27001/2, PCI).
  
  

Knowledge, Skills and Abilities:

• Strong assessment and problem solving skills, including the ability to research, analyze, and interpret data and information from a variety of disparate sources
• Ability to utilize both analytical skills and conceptual thinking to identify and resolve issues timely and effectively
• Demonstrated ability to work independently in a highly dynamic environment, including adapting and responding to changing priorities, while meeting deadlines
• Highly developed communication skills, both written and verbal with the proven ability to present technical information to target audiences clearly and concisely
• Excellent interpersonal skills, including the ability to foster and maintain good working relationships with professionalism, tact, confidentiality and discretion
• Ability to work within a team environment
• Physical ability to perform the duties of the position