- (Reference :MT - 43)
Information Security Analyst
- As soon as possible
- To be discussed
Reporting to the Vice-President, Information Technology, the Information Security Analyst (ISA) is responsible for information security policy development and maintenance; design of security policy education, training and awareness activities; monitoring compliance with IT Security policy and applicable law, and; coordinating the investigation and reporting of security incidents. Working with an information security team, the ISA will implement security technologies and processes, monitor, assess and refine the IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.
Monitor and advise on information security issues to ensure the internal security controls are appropriate and operating as intended;
Coordinate and execute IT Security projects, including security architecture and design;
Assist in the development, implementation, and monitoring of access control, data confidentiality, system integrity, system reliability, system audit and recovery methods and procedures;
Coordinate response to information security incidents up to resolution;
Coordinate resolution of security vulnerabilities;
Coordinate third party annual vulnerability tests and IT security assessments;
Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements;
Prepare responses, or assist with responses, to client RFPs and information security assessments;
Conduct Business Impact Assessments, Data Classification Assessments and security audits and manage remediation plans;
Collaborate with IT Management, the legal department, safety and security and law enforcement agencies to manage security vulnerabilities;
Create, manage and maintain user security awareness material;
Conduct security research to keep abreast of latest security issues;
Perform other related duties as assigned.
Formal Education & Certification
College or University degree in computer science or related field is required;
At least one Security Certification is required: CISSP, CISA, CISM, CSSLP. CISSP preferred.
Knowledge & Experience
Minimum 5 years direct work experience in an information security capacity, including all aspects of policy development, audit and security program execution. Experience should include Internet technology and security issues, policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing.
Knowledge of information security standards (ISO 27002), rules and regulations related to information security and data confidentiality (HIPPA, PIPEDA) and desktop, server, application, database, network security principles for risk identification and analysis. Knowledge of ITIL and CobiT an asset.
Experience troubleshooting information security related problems and incidents; knowledge of security architecture including encryption, firewalls, VPNĺs, anti-virus systems and vulnerability management.
To apply on line : http://www.medisys.ca/careers.htm
We wish to thank all applicants in advance for their interest; however, only those who will be considered for an interview will be contacted.
Committed to employment equity, Medisys encourages applications from the four designated groups as identified in the Employment Equity Act. Accommodation will be provided in all parts of the hiring process as required under the Medisys Accommodation Policy. Applicants are required to make their needs known in advance.
Medisys Health Group is a total healthcare solutions provider.
Combining professional expertise with technological sophistication, we work hand-in-hand with over 4,000 corporate clients on the development of customized, comprehensive health management strategies. In addition to executive health, employee health management, independent medical assessments and medical imaging services (ex. MRI, CT), we provide health-related underwriting services to insurance companies. Founded on the objective of putting service back into healthcare, Medisys aims to set a new standard in the field of healthcare management.