The Provincial Health Services Authority (PHSA) plans, manages and evaluates selected specialty and province-wide health care services across BC, working with the five geographic health authorities to deliver province-wide solutions that improve the health of British Columbians. They are hiring a Security Analyst, Enterprise Architecture and Security.
The Technical Security Analyst reports to the Manager, Information Security, and provides technical security leadership and expertise as well as supports the privacy and security auditing capability for clinical applications within Information Management Information Technology Services (IMITS) that provides services in the Lower Mainland to Provincial Health Services Authority (PHSA), Vancouver Coastal Health (VCH) and Providence Health Care (PHC). In addition to demonstrating general security-related knowledge, the Security Analyst is a proven expert in at least one core technical competency (such as boundary controls, antivirus, intrusion detection/prevention, monitoring/reporting) and consults on projects that require those skills. Responsibilities include conducting system audits and reviews to determine and investigate system breaches, analyzing networks, systems and applications using a variety of Risk Management and Security Audit methodologies, and developing comprehensive reports detailing findings. Analyzes findings and produces recommendations to correct unmitigated risks. Works with management staff across the three health organizations to design and implement secure system solutions and works closely with Privacy team to investigate cases of internal and/or external network access attempts and breaches.
- Provides technical leadership in the design, development, implementation and operations of core information technology and security technologies. Provides technical configuration support for audit and logging solutions. Maintains and configures central audit and logging solutions, including the facilitation of onboarding new log sources.
- Provides focused, information-security-related advice and expertise to various IMITS projects and acts as a resource for information security issues for stakeholders both internal and external to IMITS (VCH, PHC, and PHSA). Acts as the subject matter expert for the privacy and security logging requirements.
- Develops and documents technical standards, processes, procedures, baselines and guidelines for information security to ensure the integrity and privacy of clinical and business information.
- Conducts risk assessments, security assessments and technical audits, and assists in application security assessments using a variety of approved methodologies, standards and best practices. Produces related reports and recommendations.
- Leads access attempt and breach investigations through audit report generation; identifies potential inappropriate accesses; assists stakeholders in conducting privacy and security investigations, threat investigations and incident response; and recommends follow-up disciplinary action as necessary.
A level of education, training, and experience equivalent to a Bachelor’s degree in Computer Science/Engineering, and five to seven (5-7) years’ of recent related experience in an information technology role that included information security, incident response and security threat analysis, preferably in a public sector and/or health care environment. Certification in a cyber-security discipline (CISSP, CEH, SCF, CISA, SANS) is desirable. Active CISSP or SANS GIAC certification is preferred.
Ideally experience in security incident response/privacy investigations, in addition to having proficient technical skills in scripting, automation and security threat investigation and prevention techniques.
Uses broad knowledge of a wide range of information security technologies and processes such as firewall, Intrusion Detection/Prevention systems, Security Information Management solutions, managed antivirus solutions, security incident response and threat intelligence to provide technical information security leadership. Applies strong knowledge of information security concepts and security technologies. Uses exceptional written communication skills and analytical abilities to conduct assessments, document and analyze finding and prepare related recommendations. Proactively interacts with stakeholders at all levels to creatively achieve results in a dynamic environment. Ability to translate business and technical requirements. Uses strong oral communication skills to present technical information to a variety of audiences.
Please apply through the Careers at PHSA website.