Information Security Specialist Jobs

Interior Health is looking for an experienced Information Security Specialist to join the team at our Kelowna location for a full time, term position until the 31st of December 2023.
What We Offer

• Medical Services Plan
• Municipal Pension Plan
• Employer paid training/education opportunities
• Work-life balance
• Employer paid vacation
• Employee & Family Assistance Program
• Extended health & dental coverage
• Employer paid insurance premiums

About The Job
In accordance with the established vision and values of the organization, the Specialist, Information
Security works as a subject matter expert and lead resource in reviewing existing and proposed computer-based application and data access services. Works within Digital Health and with other IHA business areas to ensure processes and practices support organizational information security policies and standards. Responsible for monitoring and tracking use of IHA data processing infrastructure, conducting investigations and resolving electronic data processing security-related incidents. Recommends and implements security processes, technologies and access methods that align with industry security standards and support the secure, uninterrupted operation of all IHA technology services.
The Specialist, Information Security deals with sensitive and critical situations and provides training and education to Digital Health and other staff on IHA security procedures, policies and standards.
Typical Duties And Responsibilities

• In collaboration with Information and Privacy personnel, works with IHA programs to ensure education and compliance with system security policy and procedures. Promotes security best practices and performs both formal and ad-hoc information protection training.
• Provides expert guidance to management and physicians and takes a lead role in ensuring information security is considered throughout the design or re-design of programs services and projects and initiatives.
• Lead monthly meetings involving partners from various IHA user-departments to review newly released patches and based on the IHA enterprise risk management framework, determine the urgency and criticality of deploying them to IHA systems.
• Reviews and assesses operational processes both current and planned to ensure alignment with IHA security policy and industry best practice.
• Evaluates the security risks associated with information systems and systems infrastructure by conducting formal Security Threat and Risk Assessments (STRAs) and Security Assessments (SAs) to assess risk, ensure accurate and complete documentation of security controls, and to ensure alignment with IHA policies and legislated security obligations.
• Effectively participates and represents the Health Authority on provincial and local committees or task groups. Represents the Manager, Information Security as required.
• Evaluates breach root causes, implements and recommends resolution strategies, including disciplinary action, and practical quality improvement opportunities and risk controls targeted at strengthening organizational, operational and technical controls.
• Reviews security logs and violation reports investigating and evaluating root causes, implements and recommends resolution strategies, practical quality improvement opportunities and risk controls targeted at strengthening organizational, operational and technical controls and/or escalating as required.
• In collaboration with IHA Network services, provides direct and indirect support for network security solutions such as Firewalls, Intrusion Prevention Systems, Antivirus and Internet Filtering technologies.
• Provides interpretation and expert advice, both verbally and in writing, to internal staff, physicians and management on legislation, international and eHealth information management standards and principles related to information security.
• Initiates partnerships and effectively maintains critical internal linkages to ensure development of a consultative approach to mutual problem solving, enhancing communication, proactively anticipating and resolving issues and supporting the implementation of required changes.
• Manages complex and cross-agency security breach and violation investigations, including collection and appropriate handling of forensic evidence, conducting risk analysis, electronic audits and on-going investigations using an enterprise risk approach. Leads, coordinates and directs case management and documentation amongst the Integrated Breach Response Team. Liaises with external parties such as provincial government ministries and peer health authorities.
• Initiates partnerships and effectively maintains critical external linkages and partnerships with provincial and federal government agency representatives, regulatory bodies, legal representatives , external private companies and partners, researchers and the public to gather, provide, clarify or manage information security requirements.
• Participates in the development of formalized procedures for the creation, modification, management, and deletion of user accounts and other access controls. Ensures access requests are consistent with IHA standards and have received appropriate authorization.
• Participates in the development of technology solutions that align with industry and IHA security standards. Evaluates and recommends third party information security products to meet IHA security and confidentiality requirements.
• Participates in the development and application of security safeguards and system access controls for new and existing information technology services, ensuring alignment with IHA security policy and practices.
• Conducts periodic compliance reviews, risk analysis, electronic audits and ongoing investigations.
• Develops and implements changes to existing procedures for secure management of data and information systems access controls.
• Performs other related duties as assigned.
• Researches, creates, compiles and evaluates security information management performance metrics. Completes reports including Briefing Notes and statistical reports on specific subjects such as breach management score cards, progress of the corporate security educational program within IHA. Prepares and delivers presentations to key partners, management and staff.