Manager, Information Security

Salary range

The salary range for this position is CAD $59.56 - $85.62 / hour

Come work with us!

Why Fraser Health?

Fraser Health is responsible for the delivery of hospital and community-based health services to over 1.9 million people in 20 diverse communities from Burnaby to Fraser Canyon on the traditional territories of the Coast Salish and Nlaka'pamux Nations.

Our team of 43,000 staff, medical staff and volunteers is dedicated to serving our patients, families and communities to deliver on our vision : Better health, best in health care.

Effective October 26, 2021, all new hires to Fraser Health will need to have full COVID 19 vaccination (have received a full series of a World Health Organization "WHO" approved vaccine against infection by SARS-COV-2, or a combination of approved WHO vaccines).

Please note this applies to all postings, and individual medical exemptions must be approved by the Provincial Health Officer.

The Manager, Information Security provides leadership in the development, implementation and uptake of health information systems, clinical and corporate information systems within Fraser Health (FH).

The Manager, Information Security works with internal partners to lead the development, implementation, and continuous improvement of our information security program, ensuring the ongoing protection of FH technology infrastructure and information assets and supporting our digital transformation.

Fraser Health in in the process of maturing its security posture and is searching for an individual who can continue to build and operate a holistic information security practice.

This opportunity goes beyond the technical details of secure implementations and concentrates on how Fraser Health can be strategic in maturing its information security practices, including interacting with the organization to grow our security culture.

We need someone with vision, but also pragmatic, approachable and solution-oriented.

Build on your education and career experience as you :

• Provide oversight on security architecture methodologies and best practices.
• Develop and maintain security architecture models
• Provide mentoring, advice and guidance to other security architects, projects and clinical & business stakeholders on where security can address their needs.

To join our team, we will look for you to have :

• Bachelor's degree in Computer Science, Software Engineering or a related study or equivalent combination of education, training and experience.
• At least seven (7) years of related experience in a large complex organization including at least three (3) years' experience in a leadership position.
• Hands on experience creating or leading an architecture practice, this role is more than just developing solutions, it's developing an organizational capability to support an increasing demand for modern solutions and technologies is preferred.
• Experience with working in a multi-disciplinary environment involving multiple stakeholders and competing priorities.
• Certifications such as CISM, CISA, CISSP, CCSP are preferred but not mandatory.
• Current BC Drivers' License and access to a vehicle for business related purposes.

An equivalent combination of education, training and experience will be considered.

We currently have one full time permanent positions, based at our Central City Offices in Surrey, BC.

If this sounds like the ideal role for you, here are more reasons why you should apply :

• A career with FH will offer you a chance to be a member of a dedicated team in a dynamic and exciting health care environment.
• We offer a competitive compensation and benefit package, including comprehensive health benefits coverage.

Take ownership for your own performance and seek to model integrity, resilience and confidence! If you are passionate about building an engaging environment that supports and challenges others to achieve their goals then this is an outstanding opportunity for you!

Detailed Overview

Supporting the Vision, Values, Purpose and Commitments of Fraser Health including service delivery that is centered around patients / clients / residents and families :

The Manager, Information Security provides leadership in the development, implementation and uptake of health information systems, clinical and corporate information systems within Fraser Health (FH).

Works with FH Digital Technology Services (DTS) to lead the development, implementation, and continuous improvement of an information security program ensuring the ongoing protection of FH technology infrastructure and information assets.

The Manager regularly deals with critical and highly sensitive situations. As a member of the DTS leadership team, the Manager is part of a coordinated effort to move forward the health, clinical and corporate DTS vision for FH and to work collaboratively with other team members in promoting new technologies and best practice for service delivery and system operations.

KEY AREAS OF INVOLVEMENT INCLUDE :

1. Provides leadership in the design and development of health and corporate information systems and applications, maintaining a FH wide view of systems and service to support the adoption and ongoing secure operation of clinical and corporate information systems.

2. Plans, manages, and leads the FH information security program with responsibility for the delivery and continuous improvement of the following services in accordance with legislated and other regulatory requirements including :

o Security Threat Risk Assessments

o Information Security Risk Governance and Lifecycle Management (in alignment with FH Enterprise Risk Management Framework)

o Security Policy and Policy Framework development

o Information Security Training and Awareness program

o Management of third-party security risks (Contract reviews, contract schedule development etc.)

o Audit, Compliance Management and Monitoring

o Cloud Security Requirements and Monitoring

3. Develops, maintains and oversees standard operating procedures for intake, prioritization, management and completion of Security Threat Risk Assessments (STRAs).

4. Develops and maintains the processes necessary to facilitate care provider, employee, and citizen access to electronic health and corporate information systems, applications and tools.

5. Works collaboratively as a member of the DTS leadership team as part of a coordinated effort to move forward FH's health and clinical / corporate information management agenda, promotes and adopts best practice models for service delivery, system operations and information security.

6. Identifies innovative approaches for information management and ensures that standards related to the security of personal health, employee or corporate information are implemented and maintained.

7. Accountable for project priorities and ensures that projects are executed in accordance with FH project management standards and that necessary project resources are in place to ensure successful implementation, in collaboration with assigned business areas.

8. Ensures the ongoing management / maintenance of negotiated vendor contracts. Leads Request for Proposals (RFPs) and vendor selection, negotiates contract with vendors, ensures payment schedule is distributed, and vendor is upholding contract provisions.

9. Manages assigned staff by selecting employees, directing, supervising, and evaluating staff to ensure effective performance of duties, promoting, disciplining and initiating employee terminations.

10. Ensures the implementation of correct human resource standards and procedures, including performance evaluation, education, and orientation as well as compliance with applicable acts, regulations and collective agreements.

11. Manages department operational and capital budgets under the direction of the Director, by performing activities such as approving and tracking expenditures, identifying budget discrepancies, allocating funds across the areas of responsibility, and providing input into budget development.

12. Prepares or provides statistical information on workload measurement, department activity, quality assurance and clinical use on a scheduled or requested basis.

13. Participates on assigned internal and external committees, represents FH as a decision maker on external opportunities to achieve desired outcomes.

14. Develops and maintains collaborative and strong working relationships with key stakeholders internal and external to the organization, including Ministry of Health and Regional Health Authorities.

15. Monitors and is accountable for program or service compliance with legal requirements, accreditation standards, Provincial and Federal Legislation and other applicable regulatory requirements.

16. Performs other related duties as assigned.

QUALIFICATIONS :

A level of education, training and experience equivalent to a Bachelor's Degree in Information Security or related field.

Seven (7) to ten (10) years' experience in progressively more responsible information security leadership / management roles, including five (5) years' experience in a health services systems environment with a specific focus in Cybersecurity.

Active CISSP, CCSP, CISM or similar security certification.

COMPETENCIES :

Demonstrates the leadership practices of the Fraser Health Leadership Framework of Clear, Caring and Courageous and creates the conditions for people to succeed.

Professional / Technical Capabilities

• Comprehensive knowledge of security technologies such as Cloud Security, Risk Assessment, Security Incident and Event Management (SIEM) and Vulnerability Scanners.
• Comprehensive knowledge of information security principles and standards including ISO 27001 / 27002, NIST Cybersecurity Framework, ISO 27017 and NIST SP 800-53.
• Current knowledge of legislated requirements and external regulatory requirements that impact FH information security.
• Ability to communicate technical concepts and information security risks effectively to all audiences including technical, non-technical and executive.
• Strong presentation, facilitation, coaching, conflict management, planning, project management, and interpersonal skills.
• Ability to work independently and effectively under time pressure to meet deadlines, balance work priorities and resolve issues.
• Ability to develop and implement strategic and project plans, policies, procedures and standards.
• Demonstrated ability to be effective in an environment subject to continuous change

Detailed Overview

Supporting the Vision, Values, Purpose and Commitments of Fraser Health including service delivery that is centered around patients / clients / residents and families :

The Manager, Information Security provides leadership in the development, implementation and uptake of health information systems, clinical and corporate information systems within Fraser Health (FH).

Works with FH Leadership, Health Informatics and Information Technology (HIIT) to lead the development, implementation, and continuous improvement of an information security program ensuring the ongoing protection of FH technology infrastructure and information assets.

The Manager regularly deals with critical and highly sensitive situations. As a member of the HIIT leadership team, the Manager is part of a coordinated effort to move forward the health, clinical and corporate HIIT vision for FH and to work collaboratively with other team members in promoting new technologies and best practice for service delivery and system operations.

Responsibilities

• Provides leadership in the design and development of health and corporate information systems and applications, maintaining a FH wide view of systems and service to support the adoption and ongoing secure operation of clinical and corporate information systems.
• Plans, manages, and leads the FH information security program with responsibility for the delivery and continuous improvement of the following services in accordance with legislated and other regulatory requirements including :
• Security Threat Risk Assessments
• Information Security Risk Governance and Lifecycle Management (in alignment with FH Enterprise Risk Management Framework)
• Security Policy and Policy Framework development
• Information Security Training and Awareness program
• Management of third party security risks (Contract reviews, contract schedule development etc.)
• Audit, Compliance Management and Monitoring
• Cloud Security Requirements and Monitoring
• Develops, maintains and oversees standard operating procedures for intake, prioritization, management and completion of Security Threat Risk Assessments (STRAs).
• Develops and maintains the processes necessary to facilitate care provider, employee, and citizen access to electronic health and corporate information systems, applications and tools.
• Works collaboratively as a member of the HIIT leadership team as part of a coordinated effort to move forward FH's health and clinical / corporate information management agenda, promotes and adopts best practice models for service delivery, system operations and information security.
• Identifies innovative approaches for information management and ensures that standards related to the security of personal health, employee or corporate information are implemented and maintained.
• Accountable for project priorities and ensures that projects are executed in accordance with FH project management standards and that necessary project resources are in place to ensure successful implementation, in collaboration with assigned business areas.
• Ensures the ongoing management / maintenance of negotiated vendor contracts. Leads Request For Proposals (RFPs) and vendor selection, negotiates contract with vendors, ensures payment schedule is distributed, and vendor is upholding contract provisions.
• Manages assigned staff by selecting employees, directing, supervising, and evaluating staff to ensure effective performance of duties, promoting, disciplining and initiating employee terminations.
• Ensures the implementation of correct human resource standards and procedures, including performance evaluation, education, and orientation as well as compliance with applicable acts, regulations and collective agreements.
• Manages department operational and capital budgets under the direction of the Director, by performing activities such as approving and tracking expenditures, identifying budget discrepancies, allocating funds across the areas of responsibility, and providing input into budget development.
• Prepares or provides statistical information on workload measurement, department activity, quality assurance and clinical use on a scheduled or requested basis.
• Participates on assigned internal and external committees, represents FH as a decision maker on external opportunities to achieve desired outcomes.
• Develops and maintains collaborative and strong working relationships with key stakeholders internal and external to the organization, including Ministry of Health and Regional Health Authorities.
• Monitors and is accountable for program or service compliance with legal requirements, accreditation standards, Provincial and Federal Legislation and other applicable regulatory requirements.
• Performs other related duties as assigned.

Qualifications

Education and Experience

A level of education, training and experience equivalent to a Bachelor's Degree in Information Security or related field.

Seven (7) to ten (10) years' experience in progressively more responsible information security leadership / management roles, including five (5) years' experience in a health services systems environment with a specific focus in Cybersecurity.

Active CISSP, CCSP, CISM or similar security certification.

Competencies

Demonstrates the leadership practices of the Fraser Health Leadership Framework of Clear, Caring and Courageous and creates the conditions for people to succeed.

Professional / Technical Capabilities

• Comprehensive knowledge of security technologies such as Cloud Security, Risk Assessment, Security Incident and Event Management (SIEM) and Vulnerability Scanners.
• Comprehensive knowledge of information security principles and standards including ISO 27001 / 27002, NIST Cybersecurity Framework, ISO 27017 and NIST SP 800-53.
• Current knowledge of legislated requirements and external regulatory requirements that impact FH information security.
• Ability to communicate technical concepts and information security risks effectively to all audiences including technical, non-technical and executive.
• Strong presentation, facilitation, coaching, conflict management, planning, project management, and interpersonal skills.
• Ability to work independently and effectively under time pressure to meet deadlines, balance work priorities and resolve issues.
• Ability to develop and implement strategic and project plans, policies, procedures and standards.
• Demonstrated ability to be effective in an environment subject to continuous change.
25 days ago