Director, Cybersecurity

Institute for Clinical Evaluative Sciences - Toronto, ON (30+ days ago)

Apply Now

Data. Discovery. Better Health.

We’ve got the data. Only the ICES holds all of Ontario’s 18 billion health related records – comprised of nearly a trillion data points!

We’ve made improvements to health. As a world-leading research institute, our trusted evidence changes policy and practice…and patient lives.

We need you for the discovery part.

Your skills, knowledge and curiosity can change the future of health care.

Come discover your value.

Role Group: Privacy and Legal Office

ICES is seeking a director, cybersecurity to join our cybersecurity team. Reporting to the chief privacy and legal officer the director, cybersecurity has primary oversight and responsibility for the design, implementation and continuous monitoring of a cybersecurity framework and program that addresses the needs of ICES.

The director, cybersecurity works closely with key stakeholders, including director data quality and information management, the manager, facilities and administration, and director, information technology to develop and implement a comprehensive cybersecurity program. The director, cybersecurity also presents quarterly to the Finance and Audit Risk Committee of the Board of Directors and from time to time, may be invited to present to the ICES Board of Directors.

Responsibilities of the position include, but may not be limited to:
Define and implement a cybersecurity framework across ICES
Continuously assess and evaluate the maturity level of the cybersecurity program at ICES and develop criteria for measuring success and reporting as required
Develop a strategy for enabling security operations
Define and implement key performance indicators for the Cybersecurity department based on the services and security controls implemented
Develop a tracking system for all assessments conducted by the cybersecurity program to register security risks for projects
Drive and oversee the mitigation of gaps identified either as part of the IPC Triennial Review, cyber insurance and any other risk management outcomes
Oversee the Incident Breach Response Plan and the development of any playbooks
Oversee security assessments on both the internal and external facing systems
Participate in procurements, request for proposal developments, response assessment and onboarding and management of successful proponents as required
Develop, implement, review and amend cyber security policies, procedures and practices
Ensure compliance with ICES’ cybersecurity policies, procedures and practices
Develop education, awareness and training campaigns to ensure agents are aware of cyber threats, cybersecurity policies, procedures and practices and appropriately informed of their responsibilities
Direct, deliver or ensure the delivery of an initial security orientation and ongoing information security training
Oversee the tracking, investigating and remediation of data incidents and suspected incidents in accordance with ICES policy
Oversee security audits in accordance with ICES policy
Work collaboratively with members of the IT, Facilities, Procurement, Privacy and Legal office, internal clients and representatives of institutions that host ICES sites to identify and implement cybersecurity requirements
Oversee the development of cybersecurity configurations and standards for cybersecurity systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
Oversee and ensure baseline cybersecurity configurations for operating systems, applications, networking and telecommunications equipment
Oversee the vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommend remedial action
Report to the chief privacy and legal officer concerning residual risk, vulnerabilities and other cyber security exposures, including misuse of information assets and noncompliance
Co-ordinate services of third-party information security experts and vendors, as required
Work with the Privacy and Legal office to ensure cybersecurity compliance, regulatory, legal and other compliance as required, including ICES’ obligations as a prescribed entity
Stay current with new threats and cybersecurity alerts and recommend proactive and remedial actions
Other duties as may be assigned within the scope of this position.
Knowledge, Skills and Abilities Required
Bachelor's degree in information systems or related field required
Recognized information security certification
Minimum ten years relevant, progressive information security experience
Substantial information security audit experience
Demonstrated broad and up-to-date understanding of the latest information security threats, trends and technologies
Proficiency in the use of various tools and techniques, including risk assessment, business impact analysis, control and vulnerability assessments, used to identify business needs and determine control requirements
Knowledge of and experience in developing and documenting information security architecture and plans, including strategic, tactical and project plans
Detailed knowledge of networking and client/server computing such as: routing, switching, firewall, VPN, extranet and DMZ security
Excellent technical knowledge of mainstream operating systems (for example, Microsoft Windows and UNIX) and a wide range of security technologies, such as network security appliances (e.g., Juniper, Cisco, FortiGate), identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools
Ability to work with key stakeholders in a collaborative environment
Demonstrated ability to understand business issues and develop and implement business-appropriate solutions
Excellent written and verbal communication skills, including demonstrated ability to communicate with senior management.

This position is a full-time opportunity located at ICES Central in Toronto.

ICES offers a competitive compensation package with full benefits, and participation in a defined benefit pension plan with HOOPP (Healthcare of Ontario Pension Plan).

Interested candidates should submit their resume, and cover letter detailing how their knowledge, skills and abilities match the scope of this position to the attention of:
Human Resources Department
Please quote job# PRC-19-03

This position will be posted until filled.

We thank all applicants for their interest in working at ICES. Due to the volume of applications received, only applicants being considered for the position will be contacted for further discussions.

ICES is committed to providing accessible employment practices, in compliance with the Accessibility for Ontarians with Disabilities Act, 2005. Requests for accommodation can be made at any stage of the recruitment process, and applicants are asked to make their needs known.

Apply by Email: resumes@ices.on.ca