Postes à Barrie, Canada

Job Summary & Requirements

Reporting to the Regional Manager, Cyber Security, the Cyber Security Systems Administrator plays a key role in managing cyber security tools, projects or vendor services in the Protection, Detection, Response & Recovery domains. The Cyber Security Systems Administrator supports day-to-day security operations and contributes to the development, execution and maturing of RVH's Cyber Security program. This role is also responsible for supporting the Central Region North Local Delivery Group (LDG) related initiatives and goals. As part of this role, the Cyber Security Systems Administrator develops, implements, and matures the required tools, technology and processes to implement key activities and deliver on program plans. The Cyber Security Systems Administrator is focused on cyber security projects/ programs/operational areas that are large and broad in scope, have more complex mandates/objectives, and/or related to more than one focused area of expertise.

Education :

• Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
• Certifications in Cyber Security (e.g., CISSP or CISA), or working towards, is preferred.
  
  

Experience :

• Minimum 2 years of working experience in:
• Cyber Security Defense tools and technologies (such as IDS/IPS, Vulnerability Assessment tools, IDAM, Incident Management tools, endpoint detection and response (EDR), SIEM technologies, threat intelligence exchange (TXX), Email Security Platforms, Privileged Access Management (PAM)).
• Security Defense Strategies, Cyber Risk Management, 3 rd Party Risk Assessment, Vulnerability Management, Threat and Risk Assessment (TRA), TXX and Incident Response, IR.
• Cloud Security
  
  

Competencies :

• Knowledge of cyber security governance Policies, Standards, Procedures
• Knowledge of prevalent industry standards (ISO 27001/27002, NIST 2.0, CIS, OWASP, MITRE, cloud security - AWS and Azure)
• Ability to run Red Teaming sessions, Tabletop Exercises, Vulnerability Scans and Phishing Campaigns.
• Ability to implement cyber security KPIs and evaluate existing cyber security performance.
• Ability in designing, preparing and maintaining security training materials, proven ability to deliver security training sessions to various stakeholders at different scales.
• Knowledge of Cyber Security Awareness Platform to support security governance .
• Strong understanding of Security Architectural and Design concepts for cyber security products and services.
• Broad knowledge of TRA methodologies and familiarity with related security frameworks and test methodologies.
• Broad Understanding of typical security threats, vulnerabilities, and safeguards relevant to application development, and IT operations.
• Strong Knowledge and experience on a wide variety of information systems and security technologies including Operating Systems security, Cloud Security, SIEM, SOAR, EDR, Email Security, Firewalls, Container Security, Secure SDLC, etc.
• Familiar with LAN and WAN, Internet protocols and applications, secure communications, firewalls, IDS/IPS, PKI, identity management, identification and authentication techniques, role-based access control, malware defenses.
• Knowledge on how to construct and evaluate threat models, based on architecture/design of RVH systems and comprehensive understanding of current threats and corresponding defenses.
• Understanding of laws, regulations, policies, and ethics as they relate to cyber security and privacy. e.g., PHIPA.
  
  

Responsibilities:

• Provides expertise and support on how to build and deploy secure solutions or placing compensating controls for business and technical challenges.
• Maintain the currency of the RVH security program by reviewing and/or updating security standards, tools and configurations.
• Deploy, configure, manage and monitor cyber security technologies and devices.
• Perform regular security assessments, audits to identify vulnerabilities and implement remediation measures.
• Update Risk Registers and facilitates in performing cyber security risk assessments and developing specific cyber security countermeasures and risk mitigation strategies.
• Work with vendors to evaluate compliance with regulations and organizational directives.
• Performs reviews of agreements, statement of work, Request for Proposals (RFP), service agreements/clauses and other security documents, in various security governance structures.
• Identifies cyber security dependencies in project/product deliverables and provides guidance for planning and delivery.
• Collaborates with internal peers, LDG members to ensure alignment of security practices, controls, patterns, and solutions to mitigate identified risks and gaps.
• Stays current on security landscape and threat vectors and assess new security trends with respect to RVH’s business needs and identify opportunities to improve the security posture of RVH services.
• Stays abreast of Ontario Health, provincial, federal, and international security attack tools, Tactics, Techniques, and Procedures (TTPs), and secure operating trends.
• Stays abreast of any changes to industry best practices or legislative regulations and assesses the resulting impact on the organization.
• Provides security assessment/threat modelling/risk expertise for other subject matter experts within other technical domains.
• Sets cyber security requirements, in a consultative and collaborative fashion.
• Influences and guides peers and stakeholders (e.g., developers, IT Operations and Service Desk, System Admins) related to execution of security requirements, vision, best practices, and principles.
• Collaborates and mentor’s junior and peer security specialists.
• Coaches Digital Health operations and architects about the latest security threats and landscape as well as introducing tools and techniques as needed controls for securing RVH digital assets, data, and operation.
• Provides support to the Manager in understanding leading and emerging cyber security concepts.
• Analyzes proposed solution architectures, technology, design and Digital Health development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes.
• Manages multiple security related projects simultaneously and presents status updates to reporting Manager.
• Works with all other Regional Digital Health teams to establish appropriate security processes, controls and ensure compliance with security policies.
• Collaborates with members within RVH, and with the provincial and federal level cyber security counterparts to support RVH and the healthcare sector from cyber threats.
• Operates and monitors various state of the art tools to detect, prevent and mitigate cyber security threats or risks to RVH.
• Actively participates and contributes to the LDG working groups and supports designated initiatives.
• Collaborates with LDG members, offering cyber security expertise and support.