- Salary/Rate $ 120000/ Yearly
Our Client is looking for an IT Security and Compliance Specialist to join their team.
The IT Security and Compliance Specialist is responsible for all aspects of the organization’s IT security and compliance including but not limited to daily operations of the IT security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity and access of electronic protected information and of monitoring program compliance as well as investigation and tracking of incidents.
- Builds a strategic and comprehensive information security program that defines, develops, maintains, and implements policies and processes to minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled, and processed within the organization.
- Ensures information security policies, standards, and procedures are up-to-date.
- Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
- Creates a culture of cyber security both with the IT organization and driving behavioral changes for the business.
- Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
- Manages security incidents and events involving infrastructure, access, and data.
- Ensures that the disaster recovery, business continuity, risk management and access controls needs of the organization are addressed.
- Ensures the organization complies with administrative, technical, and physical safeguards.
- Collaborates with senior management, Legal and Business Development teams to establish governance for security and compliance programs.
- Develops and maintains security and compliance documentation for sharing outside of the organization with existing and prospective customers.
- Works with stakeholders to ensure alignment between security and privacy compliance programs including policies, practices, and investigations.
- Is responsible for initial and periodic information security risk assessment/analysis, mitigation, and remediation. Responsible for development and implementation of security risk management plan.
- Ensures the organization has audit controls to monitor activity on electronic systems that contain or use electronic protected health information.
- Oversee periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file access, updates, edits, and printing.
- Ensures the organization has and maintains appropriate system use and disclosure / confidentiality statement.
- Oversees, develops and/or delivers initial and ongoing security training to the workforce. Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
- Maintains current knowledge of applicable security laws, licensing and certification requirements and accreditation standards.
- Degree in information systems security complimented by CISSP certification
- Knowledge and experience in information security laws, including but not limited to HIPAA, GDPR, NIST, PCI and ISO27001.
- Knowledge of firewall, IDS, DLP and SIEM technologies and how they contribute to an overall security/compliance posture.
- Demonstrated organization, facilitation, written and oral communication, and presentation skills.
- Recommended Security certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related security credentials.
- Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals.
- Demonstrated skills in verbal communication and listening.
- Demonstrated skills in providing excellent service to customers.
- Excellent writing skills.
- A high level of integrity and trust.
- Job Locations Canada
- Address Toronto, Ontario