Are you a self-motivated and tech-savvy individual who is up-to-date on the latest information system security threats and risk mitigation strategies in the modern workplace? Does an innovative, dynamic and collaborative organization committed to providing outstanding results excite you? If this sounds like you, this may be your next perfect opportunity!
The College of Registered Nurses of British Columbia (CRNBC) is seeking an Information Systems Security Analyst to join our Information & Finance team. This is a regular, full-time employee position.
Who we are
CRNBC is the regulatory body for close to 40,000 registered nurses, nurse practitioners and licensed graduate nurses in British Columbia. Our purpose is to protect the public by effectively regulating registered nurses and nurse practitioners.
At CRNBC, we believe in integrity, excellence, and accountability. As a member of the team, you can expect to be treated in a respectful and professional manner. While your workload will be busy, the College supports staff in achieving a healthy work-life balance.
What you will be doing
The Information Systems Security Analyst assesses risk, and recommends, designs, implements, and administers security controls. The position ensures security considerations are integrated into all new systems, features and changes, as well as information exchanges with third-parties, or any other location CRNBC data resides. The Information Systems Security Analyst also ensures that ongoing vulnerability assessments are conducted to ensure that existing systems continue to be updated to respond to new threats. This role acts as the first contact for security related concerns and provides helpdesk and administration support, particularly as it relates to information security tasks. The role also provides support to other colleges that are part of an IT consortium administered by CRNBC.
- In consultation with the Chief Officer, IF and the Information Management Team Lead, as well as security consultants, maintains an information system security risk register and recommends, designs and implements security controls;
- Ensures security considerations are integrated into all system planning, development and maintenance processes;
- Provides input on information security related policies and supports training staff on information security related matters;
- Administers information security systems and controls; which may include activities such as:
- Managing virtual network segmentation, including analyzing network traffic and determining firewall rulesets to provide to hosting providers;
- Performing regular vulnerability scans on virtual Windows servers using Nessus or similar tool;
- Monitoring for vulnerability alerts, patches and updates from vendors for all system components, including code libraries;
- Configuring all system components to use secure settings through methods such as Windows Group Policy;
- Updating and patching Windows infrastructure components, Windows desktop applications, and plug-ins;
- Configuring operating system and application-level access permissions, such as Active Directory security groups;
- Set-up processes to monitor security logs and generate alerts from various system components;
- Investigating security alerts and incidents, including assisting users reporting suspected incidents, and taking actions to contain detected threat activity and minimize damage;
- Advises on emerging information security threats and vulnerabilities, as well as evolving industry standards and best practices;
- Documents security processes and systems at a technical level;
- Provides end-user support (including general non-security IT support) when required;
- Fosters and maintains an organizational culture that promotes mutual respect, teamwork and service excellence.
Your education and skills:
- Bachelor’s degree in Computer Science or equivalent combination of education and experience.
- Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or similar certification.
- 3-5 years’ experience in security management and risk identification and mitigation.
- Working knowledge of industry security standards such as ISO27001/ISO27002, and NIST.
- Demonstrated system administration knowledge for Microsoft infrastructure components (operating system, Dynamics CRM, SharePoint, SQL Server, IIS) and applications, as well as for Citrix or other virtual desktop environments.
- Understanding and identification of current threats and trends in information security.
- Technical understanding of firewalls, network protocols, and encryption protocols.
- Knowledge of network scanning and monitoring tools such as Nessus.
- Windows security certifications.
- Strong troubleshooting and problem solving skills.
- Demonstrated organizational skills and attention to detail.
- Ability to plan, prioritize and manage workload within a time sensitive environment.
- Excellent oral, written and interpersonal communication skills. Ability to work collaboratively with team and other stakeholders.
- Ability to work outside of regular work hours, on occasion, to ensure the smooth functioning of CRNBC related systems.
Compensation and benefits
The successful candidate will enjoy a generous compensation and benefits package.
How to apply
Please forward your resume and cover letter, indicating where you learned of this opportunity, to email@example.com. The closing date for applications is November 8, 2017.
To learn more about our organization, please visit www.crnbc.ca. Thank you for your interest in the College of Registered Nurses of British Columbia.
While we appreciate all responses, only shortlisted applicants will be contacted.
[Original posting is at CRNBC's website.]