Security Architect
Toronto, ON, Canada
Full Time
Technology
Experienced
Security Architect
Permanent Full-Time
Job Band: G
The Security Architect will play a critical role working with internal and external stakeholders to advance the maturity of the OntarioMD Security program. The Security Architect will work with internal stakeholders to help define and implement the organization's information security architecture, ensuring the confidentiality, integrity, and availability of digital assets. Externally, the Security Architect will coordinate with partner organizations to define and monitor security expectations for community-based healthcare providers, their exchange of healthcare information, and verify external security audits to ensure they meet defined standards.
Working closely with the Senior Manager, Technology Solutions, your responsibilities will include:- Work collaboratively with health system stakeholders including the Ministry of Health, Ontario Health, EMR vendors, health system delivery partners and clinicians to provide IT security. expertise throughout the product or service development lifecycle, advancing the security maturity of Electronic Medical Record (EMR) solutions.
- Develop, implement and maintain a comprehensive security program, based on NIST CSF, for OntarioMD developed products and services, through the entire SDLC, including review and selection of security tooling.
- Develop and operate a security architecture framework for both new and current provincial EMR/EHR interoperability initiatives to provide best practice enhancements and standards.
- Analyze solutions artefacts and develop security architectures to support the design, development, delivery, and ongoing enhancement of new and current OntarioMD products and services, including application development and data warehousing.
- Analyze new and emerging threats and legislative changes to assess resulting impact to OntarioMD Product and Services, EMR Solutions, and external partners, developing updated recommendations to mitigate risks.
- Review third party security submissions, such as TRA, Pen Tests, VA Scans, and PIAs for completeness and accuracy. Working with stakeholders to recommend and confirm remediations as necessary.
- Design and conduct internal security audits on new and existing systems to identify and mitigate security risks.
- Act as a subject matter expert in the support of internal OntarioMD support, development, and validation teams and provide leadership in cyber security incident response activities.
- Leverage industry standard and recognized provincial security control frameworks to advance minimum privacy and security practices and specifications.
- Develop and provide presentations and documentation to various internal and external audiences as required and report regularly on progress and status.
- Develops policies, procedures, and standards to meet the various IT security compliance requirements and addresses questions from internal and external audits.
- Lead and facilitate cross-stakeholder EMR technology workshops.
- University degree in Computer Science or Engineering or equivalent experience.
- Minimum ten (10) years of experience in Information Technology (IT) disciplines, preferably in security.
- Minimum five (5) years experience with IT Security principles, practices, technologies, and procedures with a focus on security architecture.
- Experience with health sector privacy and security principles, including PHIPA, preferred.
- Industry recognized IT Security certification (e.g., CISSP, CISA, SSCP etc.), in good standing, required.
- Understanding of security control and risk assessment methodologies and frameworks such as: HTRA, SOC2, NIST CSF, ISO-27001/2, SOC2, HiTRUST, OWASP, and MITRE ATT&CK/D3FEND frameworks.
- Knowledge of various systems and security technologies including Operating systems, Networks, Secure Communications, Identity Management, and Cloud Solutions.
- Experience collecting, analyzing, and reviewing security audits, events, and threat intelligence.
- Experience with community based Primary Care EMR solutions and office technologies an asset.
- Demonstrated experience building and maintaining productive working relationships with internal/external stakeholders in complex, multi-stakeholder health care environments.
- Excellent written and oral presentation skills; able to present to internal and external executives including technical and non-technical audiences.
Benefits we think you'll like:
- Fantastic opportunity to grow within the team and throughout the organization.
- Professional development and continuous in-house learning opportunities.
- Fun, friendly, and dynamic work environment with a passion for digital health.
- Competitive salary and bonus program.
- Exceptional group benefits package paid by the organization.
Interested candidates are invited to apply online through our careers page. Applications will be considered until January 27, 2025 at 3 pm.
For further information, visit our website at www.ontariomd.ca. We regret that only those selected for an interview will be contacted. OntarioMD is strongly committed to diversity within its community and welcomes applications from racialized persons/persons of colour, women, Indigenous People of North America, persons with disabilities, LGBTQ2S+ persons, and others who may contribute to the further diversification of ideas. In accordance with the AODA Act, accommodation will be provided throughout the recruitment process to applicants with disabilities.
We continue to encourage staff to follow the Public Health recommendations and stay up to date with their vaccinations.
All recruiting activities including interview and new hire onboarding will be conducted remotely. While we are doing our best to ensure reasonable response times, please expect potential delays.
OntarioMD does not solicit personal information such as banking information or passport information over social media sites for employment purposes.
Apply for this position
Required*