Senior Information Security Architect
The Hospital for Sick Children
As part of the Information Security team, this role is responsible for design, implementation, and ongoing management, of IT security technology in support of the Enterprise IT Security Strategy. This role will also be responsible for reviewing current security controls and identifying areas of weaknesses and providing recommendation to enhance the overall security posture of the organization.
The role will also coordinate with internal project teams and external security vendors to ensure that security deliverables are met in alignment with information security policies, processes and standards. In response to today's transformative era, the Security Architect will work autonomously on high-profile, complex technology initiatives with significant impact to the organization. While providing technical leadership, the role will provide consulting and direction to multiple clinical and research teams, while remaining focused on growing our Security Architecture practice.
Here's What You'll Get To Do
- Responsible for the implementation and management of a highly complex security infrastructure in support of the Enterprise security strategy
- Responsible for the design, build and implementation and maintenance of security blueprints/architectural patterns
- Collaborate with project teams and other technology functions to ensure security requirements are incorporated their technical design and implementation of their solutions
- Contribute to the overall global enterprise cloud architecture and leads the security vision and strategy around cloud-based applications which include Infrastructure, Platform and Software as a Service (IaaS/PaaS/SaaS).
- Collaborate with Vendors and Partners to ensure the delivery of services and support in compliance with SLAs, and to address operational challenges
- Providing assistance for Security Incident Response activities, including the prioritization, escalation, remediation and monitoring of Security Incidents and their resolutions
- Management of security posture, risks, incidents, investigations, and delivery of Information Security Services, including providing reports, analysis, and recommendations to the Director and other members of IMT Senior Management
- Technical management of ongoing compliance activities, including PHIPA, Privacy, PCI, and Security Governance
- Technical expertise and guidance to the different implementation teams (HIS, Cloud, Infrastructure, Medical Engineering, related to security controls and IT architecture to ensure the appropriateness of security and access upon launch
Here's What You'll Need
- 10-15 years of IT experience, with a focus on Information Security for on-prem and cloud environments
- University or College Degree in Computer Science, Information Systems, Engineering, or related field
- Experience implementing and managing security technology (firewall, IDS/IPS, endpoint security, secure mail gateway, NAC, network analytics, advanced threat detection, etc.)
- Experience managing relationships with third-party service providers and technology vendors, with an emphasis on service delivery, and SLA accountability
- Experience with tools for performing Vulnerability assessments and penetration tests, including the remediation of identified issues
- Understanding of common security frameworks (ISO, NIST, PCI, CIS, etc.), and the implementation and assessment of security controls required under those frameworks
- Experience with Incident Response, specifically in relation to Security Incidents, including the identification, prioritization, remediation, and monitoring of Security Incidents
- Experience supervising and directing the efforts of other team members
- Experience coordinating activities among cross-function groups with responsibility for operational IT systems, including Network, Server, Application, and Help-Desk teams
- CISSP, CISM, CCSP or other related IT Security certifications
- Knowledge of Cloud architecture patterns such as Azure, GCP and AWS
- Healthcare Industry experience in and IT or Security role
- Understanding of Privacy regulations and requirements specific to PHI
Here's What You'll Love:
- This position is eligible for employee benefits coverage; including but not limited to, health and dental benefits. The benefits offered will be discussed at the time of position offer.
- A focus on employee wellness with our new Staff Health and Well-being Strategy. Self-care helps us support others.
- A hospital that welcomes and focuses on Equity, Diversity, and Inclusion.
- The opportunity to make an impact. Regardless of your role or professional interest, you will be making a difference at SickKids and contributing to our vision of Healthier Children. A Better World.
Employment Type: Permanent, Full-time, 1.0 FTE