Cyber Security Systems Administrator

• Certifications in Cyber Security (e.g., CISSP or CISA), or working towards, is preferred.

• Cyber Security Defense tools and technologies (such as IDS/IPS, Vulnerability Assessment tools, IDAM, Incident Management tools, endpoint detection and response (EDR), SIEM technologies, threat intelligence exchange (TXX), Email Security Platforms, Privileged Access Management (PAM)).
• Security Defense Strategies, Cyber Risk Management, 3rd Party Risk Assessment, Vulnerability Management, Threat and Risk Assessment (TRA), TXX and Incident Response, IR.
• Cloud Security

• Knowledge of prevalent industry standards (ISO 27001/27002, NIST 2.0, CIS, OWASP, MITRE, cloud security - AWS and Azure)
• Ability to run Red Teaming sessions, Tabletop Exercises, Vulnerability Scans and Phishing Campaigns.
• Ability to implement cyber security KPIs and evaluate existing cyber security performance.
• Ability in designing, preparing and maintaining security training materials, proven ability to deliver security training sessions to various stakeholders at different scales.
• Knowledge of Cyber Security Awareness Platform to support security governance.
• Strong understanding of Security Architectural and Design concepts for cyber security products and services.
• Broad knowledge of TRA methodologies and familiarity with related security frameworks and test methodologies.
• Broad Understanding of typical security threats, vulnerabilities, and safeguards relevant to application development, and IT operations.
• Strong Knowledge and experience on a wide variety of information systems and security technologies including Operating Systems security, Cloud Security, SIEM, SOAR, EDR, Email Security, Firewalls, Container Security, Secure SDLC, etc.
• Familiar with LAN and WAN, Internet protocols and applications, secure communications, firewalls, IDS/IPS, PKI, identity management, identification and authentication techniques, role-based access control, malware defenses.
• Knowledge on how to construct and evaluate threat models, based on architecture/design of RVH systems and comprehensive understanding of current threats and corresponding defenses.
• Understanding of laws, regulations, policies, and ethics as they relate to cyber security and privacy. e.g., PHIPA.

• Provides expertise and support on how to build and deploy secure solutions or placing compensating controls for business and technical challenges.
• Maintain the currency of the RVH security program by reviewing and/or updating security standards, tools and configurations.
• Deploy, configure, manage and monitor cyber security technologies and devices.
• Perform regular security assessments, audits to identify vulnerabilities and implement remediation measures.
• Update Risk Registers and facilitates in performing cyber security risk assessments and developing specific cyber security countermeasures and risk mitigation strategies.
• Work with vendors to evaluate compliance with regulations and organizational directives.
• Performs reviews of agreements, statement of work, Request for Proposals (RFP), service agreements/clauses and other security documents, in various security governance structures.
• Identifies cyber security dependencies in project/product deliverables and provides guidance for planning and delivery.
• Collaborates with internal peers, LDG members to ensure alignment of security practices, controls, patterns, and solutions to mitigate identified risks and gaps.
• Stays current on security landscape and threat vectors and assess new security trends with respect to RVH's business needs and identify opportunities to improve the security posture of RVH services.
• Stays abreast of Ontario Health, provincial, federal, and international security attack tools, Tactics, Techniques, and Procedures (TTPs), and secure operating trends.
• Stays abreast of any changes to industry best practices or legislative regulations and assesses the resulting impact on the organization.
• Provides security assessment/threat modelling/risk expertise for other subject matter experts within other technical domains.
• Sets cyber security requirements, in a consultative and collaborative fashion.
• Influences and guides peers and stakeholders (e.g., developers, IT Operations and Service Desk, System Admins) related to execution of security requirements, vision, best practices, and principles.
• Collaborates and mentor's junior and peer security specialists.
• Coaches Digital Health operations and architects about the latest security threats and landscape as well as introducing tools and techniques as needed controls for securing RVH digital assets, data, and operation.
• Provides support to the Manager in understanding leading and emerging cyber security concepts.
• Analyzes proposed solution architectures, technology, design and Digital Health development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes.
• Manages multiple security related projects simultaneously and presents status updates to reporting Manager.
• Works with all other Regional Digital Health teams to establish appropriate security processes, controls and ensure compliance with security policies.
• Collaborates with members within RVH, and with the provincial and federal level cyber security counterparts to support RVH and the healthcare sector from cyber threats.
• Operates and monitors various state of the art tools to detect, prevent and mitigate cyber security threats or risks to RVH.
• Actively participates and contributes to the LDG working groups and supports designated initiatives.
• Collaborates with LDG members, offering cyber security expertise and support.

Royal Victoria Regional Health Centre