Cloud Security Architect - Surrey, Canada - Fraser Health Authority

Requirements:

Professional certifications in cloud security, such as CCSP (Certified Cloud Security Professional) or AWS Certified Security Specialty, are highly desirable.

Take the next step and apply so we can continue the conversation with you.

Come work with dedicated health care providers who are enthusiastic and committed to provide quality healthcare to our clients/patients/residents. We invite you to find out why more than 95% of new employees recommend Fraser Health as an excellent place to work. Work hard and have fun while you do it.

Curious to learn what it's like to work here? Like us on Facebook (@fraserhealthcareers), follow us on Twitter & Instagram (@FHCareer), or connect with us on LinkedIn (fraserhealthcareers) for first-hand employee insights

Detailed Overview

Supporting the Vision, Values, Purpose and Commitments of Fraser Health including service delivery that is centered around patients/clients/residents and families:

Collaborates with internal and external stakeholders on key information security technologies at Fraser Health (FH); acts as a key resource and subject matter expert on information security policies, practices and standards; develops, implements, evaluates and manages internal and corporate information security policies, procedures and processes; undertakes a lead role in the delivery and development of information security and risk-related audits; monitors information security tracking systems, network and access controls and compliance systems throughout FH; assists management and staff to ensure information security is considered in the design and/or redesign of programs, services, projects and initiatives within FH; investigates information security incidents and provides information security training, education and awareness to staff and other internal and external stakeholders.
Responsibilities

1. Develops, assesses, implements, manages and provides recommendations on information security policies, procedures and processes; prepares reports, papers, updates and information security briefings for presentations to internal and external stakeholders; reviews, evaluates and provides recommendations on related information security policies and processes consistent with established FH policies.
2. Designs, implements and maintains enterprise security solutions and access controls to ensure compliance with security procedures, policies, professional standards and related legislation; provides monitoring, auditing and investigation expertise into security, policy and appropriate use violations.
3. Collaborates with teams within the IM/IT in leading the security vision and implementing strategy on security architectures of applications, programs and innovative initiatives.
4. Develops specifications for information security systems to operate on a local and wide area network system by gathering information from stakeholders and support vendors, develops and documents systems and procedures and prepares implementation plans.
5. Investigates and reviews information security incidents and/or violations of a sensitive nature that have varied implications including the potential for recommending disciplinary action or penalties for staff and third party vendors in breach of corporate policies and procedures.
6. Provides expert technical advice and consultation to internal and external stakeholders by performing analysis, providing recommendations for proposed information security technology changes and providing input into systems development for new technology, technology solutions and technology alternatives.
7. Collaborates with the Information Privacy department and other key stakeholders in promoting information security best practices by developing and assisting in the delivery of FH-wide security education and training materials to staff, internal and external stakeholders.
8. Participates in information security, vulnerability and risk assessments related to the security features of the information systems, networks and relayed administrative activities; recommends mitigation strategies, where applicable.
9. Analyzes complex information through acute problem solving in order to manage and investigate security incidents; develops reports, action plans and response communication on mitigation strategies; assists and supports the provincial e-Health programs and initiatives in security and privacy compliance.
10. Participates in the development of information security technology solutions to align with industry and FH information security standards; evaluates and recommends third party solutions, where applicable.
11. Acts as project leader on assigned security-related projects by developing project plans and charters, identifying major project milestones, associated tasks and timelines, managing deliverables and evaluating project outcomes.
12. Develops annual goals and objectives for the area of responsiblity, in collaboration with the Director, ensuring alignment with department plans, organizational objectives and strategies.
13. Maintains current awareness of global security trends and changes by monitoring federal and provincial initiatives, conducts industry comparisons and attends seminars and workshops.
    Qualifications
    
    Education and Experience
    
    Bachelor's degree in Computer Science, or a related field supplemented with five (5) years' recent related experience in an information security role in a large complex multi-site organization including completion of cybersecurity certification such as Certified Information Systems Professional (CISSP) program or related SANS/GIAC security certifications, or an equivalent combination of education, training and experience.
    
    Competencies
    
    

    Demonstrates the leadership practices of the Fraser Health Leadership Framework of Clear, Caring and Courageous and creates the conditions for people to succeed.

    Professional/Technical Capabilities:

14. Extensive knowledge of information security principles, frameworks, standards, best practices, and industry trends.
15. Knowledge of information security issues as it relates to web-based applications
16. Working knowledge of vulnerability assessment tools including VPN technologies
17. Knowledge of security architecture concepts for enterprise solutions including technical design, concepts and methodology
18. Working knowledge of threat risk analysis as it relates to information security risk assessments
19. Demonstrated knowledge and understanding of core Microsoft and other software-based technologies and strategies
20. Ability to plan, organize, prioritize and implement projects in a dynamic environment with changing priorities
21. Ability to develop, implement and deliver education and training programs/initiatives
22. Ability to operate related equipment including applicable software applications
23. Physical ability to perform the duties of the position