Security Analyst

Permanent Full-Time

Job Band: F

The Security Analyst will collaborate with both internal teams and external partners to assess and strengthen the security posture of OntarioMD's technology initiatives and partner-driven solutions. This role involves conducting comprehensive reviews of OntarioMD systems to ensure that security controls and best practices are effectively incorporated throughout the design, development, and deployment lifecycle.

Additionally, the analyst will support the vendor management process by evaluating security audit submissions. This includes ensuring that external Electronic Medical Record (EMR) vendors consistently meet privacy and security standards, both independently and in their integration with provincial Electronic Health Record (EHR) systems and services.
Under the direction of the Senior Manager, Technology Solutions this role will:

• Work collaboratively with health system stakeholders including the Ministry of Health, Ontario Health, EMR vendors, health system delivery partners and clinicians to provide IT security expertise throughout the product or service development lifecycle, advancing the security maturity of Electronic Medical Record (EMR) solutions.
• Review third party security submissions, such as TRA, PIAs, Pen Tests, VA Scans, and SOC2 reports, for completeness and accuracy. Working with stakeholders to recommend and confirm remediations as necessary.
• Analyze proposed solution artefacts in the design, development, delivery, and ongoing enhancement of new and current OntarioMD products and services, including application development and data warehousing, and provide best practice enhancements and recommendations.
• Analyze new and emerging threats and legislative changes, in conjunction with OntarioMD Legal, to assess resulting impact to OntarioMD Product and Services, EMR Solutions, and external partners.
• Work with internal stakeholders to review and update security policies and procedures to align with best practices.
• Act as a subject matter expert in the support of internal OntarioMD for escalations from various internal stakeholders.
• Leverage industry standard and recognized provincial security control frameworks to advance minimum privacy and security practices and specifications.
• Lead and facilitate cross-stakeholder EMR technology workshops.
• Develop and provide presentations and documentation to various internal and external audiences as required and report regularly on progress and status.
• Provide leadership in cyber security incident response if necessary.

Requirements that are important to us:

• University degree in Computer Science or Engineering or equivalent experience
• Minimum five (5) years of experience in Information Technology (IT) disciplines, preferably in security
• Minimum three (3) years of experience with IT Security principles, practices, technologies, and procedures
• Experience with health sector privacy and security principles, including PHIPA, preferred
• Industry recognized IT Security certification (e.g., CISSP, CISA, SSCP etc), in good standing
• Understanding of security control and risk assessment methodologies and frameworks such as: HTRA, NIST, ISO-27001/2, SOC2, HiTRUST, and MITRE
• Knowledge of various systems and security technologies including Operating systems, Networks, Secure Communications, Identity Management, and Cloud Solutions
• Experience collecting, analyzing, and reviewing security artefacts, events, and threat intelligence
• Experience with community based Primary Care EMR solutions and office technologies an asset
• Demonstrated experience building and maintaining productive working relationships with internal/external stakeholders in complex, multi-stakeholder health care environments
• Excellent written and oral presentation skills; able to present to internal and external executives

Benefits we think you'll like:

• Fantastic opportunity to grow within the team and throughout the organization.
• Professional development and continuous in-house learning opportunities.
• Fun, friendly, and dynamic work environment with a passion for digital health.
• Competitive salary and bonus program.
• Exceptional group benefits package paid by the organization.

How to Apply:
Interested candidates are invited to apply online through our careers page. Applications will be considered until June 27, 2025, at 3 pm.
For further information, visit our website at www.ontariomd.ca. We regret that only those selected for an interview will be contacted. OntarioMD is strongly committed to diversity within its community and welcomes applications from racialized persons/persons of colour, women, Indigenous People of North America, persons with disabilities, LGBTQ2S+ persons, and others who may contribute to the further diversification of ideas. In accordance with the AODA Act, accommodation will be provided throughout the recruitment process to applicants with disabilities.
We continue to encourage staff to follow the Public Health recommendations and stay up to date with their vaccinations.
All recruiting activities including interview and new hire onboarding will be conducted remotely. While we are doing our best to ensure reasonable response times, please expect potential delays.
OntarioMD does not solicit personal information such as banking information or passport information over social media sites for employment purposes.

Powered by JazzHR

ZHGs5DyUX0