Cybersecurity Lead

**Salary**: The salary range for this position is CAD $54.16/Hr. - CAD $77.86/Hr. Article Flag: Mandatory Vaccination Please Note:
As per the current Public Health Orders (Long Term Care/Seniors Assisted Living Provincial Health Order and the Health Sector Order), as of October 26, 2021, all employees working for Providence Health Care must be fully vaccinated against COVID-19. Proof of vaccination status will be required.

**Summary**: Reporting to the Director of Advanced Data & Cloud Technology, the Cybersecurity Lead is responsible for safeguarding our organization's digital assets and ensuring compliance with relevant data security regulations, policies, and procedures. The Cybersecurity Lead plays a crucial role in developing, implementing, and maintaining robust cybersecurity measures to protect sensitive information.

**Qualifications / Skills and Education**: Education, Training and Experience
Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; seven (7) years’ experience securing information systems, preferably in the Health Care context, or an equivalent combination of education, training and experience.

**Experience in the following areas is also required**:
Managing cybersecurity operations, including threat detection, incident response, and vulnerability management.

Development and implementation of cybersecurity policies, procedures, and best practices.

Hands-on interaction with of SaaS, PaaS, and IaaS providers (preferably Amazon and Microsoft), providing guidance on secure system and service configuration.

Security technologies such as firewalls, IDS/IPS, SIEM, DLP, endpoint protection, and encryption.

Familiarity with scripting languages (e.g., Python, PowerShell) for automation of security tasks.

Conducting security audits, risk assessments, and compliance assessments.

Working within multi-disciplinary teams, including those involving representatives from different organizations.

Skills and Abilities
Strong understanding of networking and system administration.

Strong analytical and problem-solving skills.

Demonstrably excellent communication and interpersonal skills, with the ability to communicate technical concepts to non-technical peers and leaders.

Knowledge of current cybersecurity trends, threats, and best practices.

Change management processes and project management methodologies (including Agile).

Familiarity with DevOps and SecDevOps processes and techniques.

Demonstrated ability in building and maintaining effective working relationships with business leaders, peers, users and partners to align activities into overall strategic objectives.

Demonstrated ability to exercise sound judgment, critical thinking and effective decision-making.

Demonstrated ability to respond to changing priorities and unforeseen circumstances.

Physical ability to perform the duties of the job.

Other Desirable Attributes
Professional certifications such as CRISC, TOGAF, CISSP, CISM, CISA, SABSA, ITIL, CompTIA Security+, GSEC or equivalent.

Knowledge and experience with NIST CSF-RMF, ISO 27001/2, and COBIT.

**Duties and Responsibilities**: Policies and Procedures: Develop, maintain, and implement comprehensive PHC-specific cybersecurity policies and procedures tailored to the healthcare delivery, ensuring alignment with broader PHSA/PDHIS policies and procedures and compliance with relevant regulations such as PIPEDA.

**Threat Identification & Avoidance**: In coordination with counterparts at PDHIS, lead and oversee security threat and risk assessment (STRA) activities, vulnerability scans/assessments, penetration testing, and security audits to identify and direct necessary adjustments to mitigate potential threats and vulnerabilities in PHC IT infrastructure.

**Response Preparedness & Execution**: Establish and maintain PHC-specific incident response plans and protocols that interface as needed with broader PDHIS standard operating procedures so as to effectively address and contain cybersecurity incidents, minimizing their impact on patient data and critical systems.

**System Compliance**: Determines systems compliance based on security profile. Negotiates selection and/or decommissioning of systems that are no longer secure, provides resolution how data will be transitioned, and processes replaced. Identifies the effects to PHC systems by VPP wide security changes or policies. Requests training and resources to address PHC system needs.

**Staff Awareness & Education**: Provide guidance and training to staff members on cybersecurity best practices, promoting a culture of security awareness throughout the organization.

**Continuous Learning & Adaption**: Collaborate with IT teams, healthcare professionals, and external partners to stay updated on emerging threats and technologies, and to continuously improve PHC’s cybersecurity posture.

**Other Duties**: Performs other related duties as required.