Promoting security awareness and development.

Are you a self-motivated and tech-savvy individual who is up-to-date on the latest information system security threats and risk mitigation strategies in the modern workplace? Does an innovative, dynamic and collaborative organization committed to providing outstanding results excite you? If this sounds like you, this may be your next perfect opportunity!

The College of Registered Nurses of British Columbia (CRNBC) is seeking an Information Systems Security Analyst (ISS Analyst) to join our Information & Finance team. This is a regular, full-time position.

Who we are​​

CRNBC is the regulatory body for close to 40,000 registered nurses, nurse practitioners and licensed graduate nurses in British Columbia. Our purpose is to protect the public by effectively regulating registered nurses and nurse practitioners.

At CRNBC, we believe in integrity, excellence, and accountability. As a member of the team, you can expect to be treated in a respectful and professional manner. While your workload will be busy, the College supports staff in achieving a healthy work-life balance.

What you will be doing​​

The ISS Analyst assesses risk, and recommends, designs, implements, and administers security controls. The position ensures security considerations are integrated into all new systems, features and changes, as well as information exchanges with third-parties, or any other location that CRNBC data resides. The ISS Analyst also ensures that ongoing vulnerability assessments are conducted to ensure that existing systems continue to be updated to respond to new threats. This role acts as the first contact for security related concerns and provides helpdesk and administration support, particularly as it relates to information security tasks. The role also provides support to other colleges that are part of an IT consortium administered by CRNBC.

Responsibilities include:​​

  • In consultation with the Chief Officer, IF and the Information Management Team Lead, as well as security consultants, maintains an information system security risk register and recommends, designs and implements security controls;
  • Ensures security requirements are integrated into all system planning, development and maintenance processes;
  • Provides input on information security related policies and assists with training staff on information security related matters;
  • Administers information security systems and controls; which may include activities such as:
    • Updating and patching Windows infrastructure components, Windows desktop applications, and plug-ins;
    • Performing regular vulnerability scans on virtual Windows servers using Nessus or similar tool;
    • Implementing virtual network segmentation, including analyzing network traffic and determining firewall rulesets to provide to hosting providers;
    • Monitoring for vulnerability alerts, patches and updates from vendors for all system components, including code libraries;
    • Configuring all system components to use secure settings through methods such as Windows Group Policy;
    • Configuring operating system and application-level access permissions, such as Active Directory security groups;
    • Setting up processes to monitor security logs and generate alerts from various system components;
    • Investigating security alerts and incidents, including assisting users reporting suspected incidents, and taking actions to contain detected threat activity and minimize damage;
  • Advises on emerging information security threats and vulnerabilities, as well as evolving industry standards and best practices.
  • Documents security processes and systems at a technical level;
  • Provides direct end-user support (including general non-security IT support) when required;
  • Fosters and maintains an organizational culture that promotes mutual respect, teamwork and service excellence.

Your education and skills:

  • Bachelor’s degree in Computer Science or equivalent combination of education and experience.
  • Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP) or similar certification.
  • 3-5 years’ experience in security management and risk identification and mitigation.
  • Working knowledge of industry security standards such as ISO/IEC 27002.
  • Demonstrated system administration knowledge for Microsoft infrastructure components (operating system, Dynamics CRM, SharePoint, SQL Server, IIS) and applications, as well as for Citrix or other virtual desktop environments.
  • Understanding and identifying current threats and trends in information security.
  • Technical understanding of firewalls, network protocols, and encryption protocols.
  • Technical experience using network scanning and monitoring tools such as Nessus.
  • Strong troubleshooting and problem solving skills.
  • Demonstrated organizational skills and attention to detail.
  • Ability to plan, prioritize and manage workload within a time sensitive environment.
  • Excellent oral, written and interpersonal communication skills. Ability to work collaboratively with team and other stakeholders. 
  • Ability to work outside of regular work hours, on occasion, to ensure the smooth functioning of CRNBC related systems.

Note: this position is an individual contributor and has no direct reports.

Compensation and​​​ benefits

The successful candidate will enjoy a generous compensation and benefits package.

How to apply​​​

Please forward your resume and cover letter, indicating where you learned of this opportunity, to The closing date for applications is January 29, 2018.

To learn more about our organization, please visit Thank you for your interest in the College of Registered Nurses of British Columbia.

While we appreciate all responses, only shortlisted applicants will be contacted.

[Original posting is at CRNBC's website.]

This entry was posted in Industry, tagged Security and posted on January 19, 2018