Manager, Information Security

Detailed Overview

Supporting the Vision, Values, Purpose and Commitments of Fraser Health including service delivery that is centered around patients / clients / residents and families : The Manager, Information Security provides leadership in the development, implementation and uptake of health information systems, clinical and corporate information systems within Fraser Health (FH).

Works with FH Leadership, Health Informatics and Information Technology (HIIT) to lead the development, implementation, and continuous improvement of an information security program ensuring the ongoing protection of FH technology infrastructure and information assets.

The Manager regularly deals with critical and highly sensitive situations. As a member of the HIIT leadership team, the Manager is part of a coordinated effort to move forward the health, clinical and corporate HIIT vision for FH and to work collaboratively with other team members in promoting new technologies and best practice for service delivery and system operations.

Responsibilities Provides leadership in the design and development of health and corporate information systems and applications, maintaining a FH wide view of systems and service to support the adoption and ongoing secure operation of clinical and corporate information systems.

Plans, manages, and leads the FH information security program with responsibility for the delivery and continuous improvement of the following services in accordance with legislated and other regulatory requirements including : Security Threat Risk Assessments Information Security Risk Governance and Lifecycle Management (in alignment with FH Enterprise Risk Management Framework) Security Policy and Policy Framework development Information Security Training and Awareness program Management of third party security risks (Contract reviews, contract schedule development etc.

Audit, Compliance Management and Monitoring Cloud Security Requirements and Monitoring Develops, maintains and oversees standard operating procedures for intake, prioritization, management and completion of Security Threat Risk Assessments (STRAs).

Develops and maintains the processes necessary to facilitate care provider, employee, and citizen access to electronic health and corporate information systems, applications and tools.

Works collaboratively as a member of the HIIT leadership team as part of a coordinated effort to move forward FH's health and clinical / corporate information management agenda, promotes and adopts best practice models for service delivery, system operations and information security.

Identifies innovative approaches for information management and ensures that standards related to the security of personal health, employee or corporate information are implemented and maintained.

Accountable for project priorities and ensures that projects are executed in accordance with FH project management standards and that necessary project resources are in place to ensure successful implementation, in collaboration with assigned business areas.

Ensures the ongoing management / maintenance of negotiated vendor contracts. Leads Request For Proposals (RFPs) and vendor selection, negotiates contract with vendors, ensures payment schedule is distributed, and vendor is upholding contract provisions.

Manages assigned staff by selecting employees, directing, supervising, and evaluating staff to ensure effective performance of duties, promoting, disciplining and initiating employee terminations.

Ensures the implementation of correct human resource standards and procedures, including performance evaluation, education, and orientation as well as compliance with applicable acts, regulations and collective agreements.

Manages department operational and capital budgets under the direction of the Director, by performing activities such as approving and tracking expenditures, identifying budget discrepancies, allocating funds across the areas of responsibility, and providing input into budget development.

Prepares or provides statistical information on workload measurement, department activity, quality assurance and clinical use on a scheduled or requested basis.

Participates on assigned internal and external committees, represents FH as a decision maker on external opportunities to achieve desired outcomes.

Develops and maintains collaborative and strong working relationships with key stakeholders internal and external to the organization, including Ministry of Health and Regional Health Authorities.

Monitors and is accountable for program or service compliance with legal requirements, accreditation standards, Provincial and Federal Legislation and other applicable regulatory requirements.

Performs other related duties as assigned. Qualifications Education and Experience A level of education, training and experience equivalent to a Bachelor's Degree in Information Security or related field.

Seven to ten years' experience in progressively more responsible information security leadership / management roles, including five years' experience in a health services systems environment with a specific focus in Cybersecurity.

Active CISSP, CCSP, CISM or similar security certification. Competencies Demonstrates the leadership practices of the Fraser Health Leadership Framework of Clear, Caring and Courageous and creates the conditions for people to succeed.

Professional / Technical Capabilities Comprehensive knowledge of security technologies such as Cloud Security, Risk Assessment, Security Incident and Event Management (SIEM) and Vulnerability Scanners.

Comprehensive knowledge of information security principles and standards including ISO / , NIST Cybersecurity Framework, ISO and NIST SP -53.

Current knowledge of legislated requirements and external regulatory requirements that impact FH information security. Ability to communicate technical concepts and information security risks effectively to all audiences including technical, non-technical and executive.

Strong presentation, facilitation, coaching, conflict management, planning, project management, and interpersonal skills.

Ability to work independently and effectively under time pressure to meet deadlines, balance work priorities and resolve issues.

Ability to develop and implement strategic and project plans, policies, procedures and standards. Demonstrated ability to be effective in an environment subject to continuous change.