Information Security Compliance Specialist

The University of British Columbia is seeking a highly skilled Information Security Compliance Analyst to join its Faculty of Medicine Digital Solutions team. As a key member of the team, you will play a pivotal role in leading comprehensive system security audits, developing verification processes, and making recommendations to secure electronic information and systems for all units within the Faculty of Medicine.

• Lead the audit and verification of cybersecurity controls, including planning, executing, and reporting on diverse audit engagements, while applying a risk-based approach to ensure all projects are completed on target.
• Design and propose solutions for existing complex systems or Faculty-wide compliance issues identified through the audit and verification process.
• Create formal documents that provide an overview of the security requirements for existing complex systems and describe the security controls in place or planned for meeting those requirements.
• Provide project leadership, expert advice, and contribution to ongoing strategic planning for units to move towards full compliance with UBC's Information Security Policy and standards.
• Lead the development of methodologies for improving procedures, and coordinating, tracking, and reporting on the progress for implementation of information security and privacy solutions for complex systems.
• Provide information security technical expertise and mentoring to operational IT teams and leadership to ensure reasonable information security measures are in place to support the ongoing information security management of the unit.
• Establish professional relationships with distributed IT teams and leadership, building trust in our advisory capacity with them. Maintain a strong service orientation and effective communication with practical recommendations and improvement strategies.
• Capture systemic issues, root causes, and trends identified through the information security compliance reviews and propose solutions to senior management and respective teams for addressing the issues.
• Contribute to the development of mature governance and oversight of information security practices, through ongoing improvement of risk identification and remediation activities.
• Apply metrics, perform frequent analysis of key metrics, and measure results of our faculty's information security program effectiveness, and identify improvement opportunities.
• Acquire and maintain a working knowledge of the University's technical and business environment to better understand the business and its priorities.
• Investigate and remain current with industry technology trends as well as the Technology and Information Security Audit and Regulatory environment.

• Undergraduate degree in a relevant discipline.
• In-depth knowledge of applications and the business requirements supporting them.
• Minimum of five years of related experience, or the equivalent combination of education and experience.
• Willingness to respect diverse perspectives, including perspectives in conflict with one's own.
• Demonstrates a commitment to enhancing one's own awareness, knowledge, and skills related to equity, diversity, and inclusion.

• Expert knowledge of IT Audit methodology, Information Security Controls and Standards, and associated tools to ascertain the quality and effectiveness of technology remediation plans.
• A CISA or CIA designation is strongly preferred.
• Knowledge of IT governance, policies, standards, technology risk disciplines and practices, and security threat and risk assessments.
• Expert knowledge of security frameworks, models, and standards such as OWASP, SAMM, NIST, COBIT, and ISO 27001/2, and application architecture and security in hybrid cloud environments.
• Knowledge of computer networking concepts, security methodologies, and protocols (e.g., TCP/IP, DNS, LDAP, TLS), firewall management, identity and access management (e.g., public key infrastructure, OAuth, OpenID, SAML) is an asset.
• Self-motivated with a strong commitment to providing high-quality services, together with a thorough understanding and awareness of information security best practices and the ability to translate them into meaningful and value-added University-wide and local solutions.
• Knowledge of Freedom of Information and Protection of Privacy Act (FIPPA), particularly as it relates to implementing 'reasonable security arrangements' over PI under the University's control or in its custody.
• Ability to work independently with minimal management oversight, as part of a team, and cross-functionally.
• Strong interpersonal skills used to lead, enthuse, motivate, influence, and educate others at all levels to drive change across the University.
• Demonstrated ability to communicate with diverse audiences (management, senior leadership, technical) using a variety of delivery mechanisms (written, oral, presentations, etc.).
• Ability to effectively facilitate multi-disciplinary groups to achieve appropriate outcomes.
• Working knowledge of project management and change management disciplines and best practices.
• In-depth understanding of key trends and players in the IT industry and higher-education sector.
• Excellent organizational, planning, and prioritization skills. Able to multi-task and deliver multiple assignments in a complex environment.
• Shows the willingness, ability, and enthusiasm to help build and learn new processes, methodologies, or technologies.

The University of British Columbia is a global centre for research and teaching, consistently ranked among the top 20 public universities in the world. Since 1915, UBC's entrepreneurial spirit has embraced innovation and challenged the status quo. UBC encourages its students, staff, and faculty to challenge convention, lead discovery, and explore new ways of learning. At UBC, bold thinking is given a place to develop into ideas that can change the world.

Our Vision: To Transform Health for Everyone

Ranked among the world's top medical schools with the fifth-largest MD enrollment in North America, the UBC Faculty of Medicine is a leader in both the science and the practice of medicine. Across British Columbia, more than 12,000 faculty and staff are training the next generation of doctors and healthcare professionals, making remarkable discoveries, and helping to create the pathways to better health for our communities at home and around the world.

The Faculty—comprised of approximately 2,200 administrative support, technical/research, and management and professional staff, as well as approximately 650 full-time academic and over 10,000 clinical faculty members—is composed of 19 academic basic science and/or clinical departments, 3 schools, and 25 research centres and institutes. Together with its University and Health Authority partners, the Faculty delivers innovative programs and conducts research in the areas of health and life sciences. Faculty, staff, and trainees are located at university campuses, clinical academic campuses in hospital settings, and other regionally based centres across the province.

The UBC Vancouver Campus is located on the traditional, ancestral, and unceded territory of the xwməθkwəy̓əm (Musqueam) people. The City of Vancouver is located on Musqueam, Squamish, and Tsleil-Waututh First Nations territory.