Information Security Analyst, Senior - Remote, Canada

Wednesday, July 5, 2023
This is a remote position and can be located anywhere in Canada.
AS THE WORLD MOVES TO FHIR, THERE ARE PLENTY OF REASONS TO SMILE.
Smarter decisions, fewer barriers, and better incentives are just the beginning. Smile Digital Health makes it easy for healthcare stakeholders to collect and exchange data with our leading FHIR-based data liberation platform.
We reduce barriers between information and care for those who deliver or consume health services and products and whose roles or care are hindered by fractured, inaccessible or complex information systems.
Let’s make a difference!
BE PART OF THE TEAM WORKING TOWARDS #BETTERGLOBALHEALTH
This position provides information security support, vulnerability management, business continuity, disaster recovery and auditing requirements to support the operations of multiple healthcare clients and the internal operations of Smile Digital Health.
Responsibilities

• Perform security and access reviews for our managed services customer on an as needed basis.
• Act as the Information Security lead for organizational business continuity plan and ensure that the obligations are met.
• Define Security baselines and work with Security Operations to implement report and alerting requirements.
• Create and maintain policies, procedures, standards, and processes as needed for our managed services customer.
• Manage vendor assessments including questionnaires and RFPs as they relate to existing and prospective clients, vendors, and suppliers.
• Perform security reviews for network changes, software requests and addon features and provide recommendations as needed.
• Ongoing compliance with organizational policies, procedures and practices (such as but not limited to security, privacy, human resources and confidentiality policies) are an ongoing requirement of the employment or contractual agreement.
• Investigate incidents through the entire process lifecycle and collect necessary documentation and evidence.
• Conduct Privacy Impact and Threat Risk Assessments including maintaining the Risk Register for the organization, as required.
• Accountable for ensuring that all working hours are accurately reported on a daily or weekly basis.
• Track and follow-up with staff to ensure Privacy and Security training is completed.
• Ensure the maintenance of Smile Digital Health certifications and attestations such as ISO 27001:2013, HITRUST v9.4 and SOC 2 Type II.
• Coordinate and support internal audits to ensure certification requirements are met and audit operations activities to include security operations, administrative access and vendors.
• Assist in implementation and maintenance of organizational compliance requirements as they relate to contractual obligations.
• Collaborate with the Client Services department to review privacy and security requirements in product and implementations.
• Serve as alternate back-up for the Incident Manager for Privacy and Security incidents as reported internally or from clients on a rotational basis.
• Review and maintain the disaster recovery plans for clients and act as a liaison, as required.

Requirements

• Familiarity with international privacy legislations such as GDPR and PIPEDA.
• 5+ years working in a relevant role, preferably within a healthcare or service provider organization in Information Security or Risk Management and auditing user access.
• Demonstrated ability in creating policies, standards and procedures using the ISO 27001:2013 standard or NIST framework and experience with CIPP/US, Azure or AWS certifications along with familiarity with ITIL are preferred.
• Post-secondary education in a related field such as Business, Engineering, IT, Healthcare or related field, or equivalent experience.
• Must comply with appropriate background check requirements such as but not limited to: criminal, exclusion screening, credit, education, etc. Such checks are based on the job requirements. The incumbent may be required to re-verify the required checks on an annual basis or from time-to-time as determined by the Company.
• Solid understanding of technical controls enforcing privacy and security requirements combined with at least 3 years of conducting vulnerability management, experience auditing user and patient access as it relates to HIPAA and experience providing information security expertise to web development
• At least one of the following certifications: CISSP, CEH, CRISC, CISA, or CISM combined with experience using the ISO 27001:2013 and/or NIST 800-53 security standards.

Smile's core values include respect, inclusion, embracing our differences, and celebrating shared values and because our people are the foundation of our success, we remain dedicated to building diverse and inclusive teams. We welcome and encourage candidates of all backgrounds to apply. We are big on creating a sense of belonging and empowering each other to bring our authentic selves to work.