Senior Information Security Architect

Pour obtenir une traduction en français de l’offre d’emploi suivante, veuillez envoyer un courriel à careers@ontariohealth.ca. Les demandes seront traitées dans un délai de trois jours ouvrables et la période de dépôt des demandes sera prolongée de trois jours.

To obtain a French translation of the following job posting, please email careers@ontariohealth.ca. Requests will be addressed within three business days, and the application window will be extended by three business days.

At Ontario Health, we are committed to developing a strong organizational culture that connects and inspires all team members across the province. Our vision is that together, we will be a leader in health and wellness for all. Our mission is to connect the health system to drive improved and equitable health outcomes, experiences and value. How we work together is reflected through our five values: integrity, inspiration, tenacity, humility and care.   

What Ontario Health offers:   

Achieving your career goals is a priority to us. Benefits of working at Ontario Health may include the following based on employment type:   

• Fully paid medical, dental and vision coverage from your first day  

• a health care spending or wellness spending account  

• a premium defined benefit pension plan  

• three personal days and two float days annually  

• three weeks’ vacation to start (for individual contributors), increasing to four weeks after two years 

• career development opportunities  

• a collaborative values-based team culture  

• a wellness program 

• a hybrid working model  

• participation in Communities of Inclusion   

Want to make a difference in your career?  Consider this opportunity.   

The Senior Information Security Architect will contribute to the development, execution and maturing of Ontario Health’s enterprise and cloud information security program. A strong collaborative working relationship with the leadership team across Digital Excellence in Health (DxH) as well across Ontario Health is essential.

The Senior Information Security Architect will support the Digital Excellence in Health (DxH) digital and transformation strategy, roadmap and change management, working closely with stakeholders and teams, to successfully IT solutions to deliver the business outcomes across a complex stakeholder landscape. The Senior Architect will support the design of DxH’s business and operating models to deliver on its strategic vision and building transformation capabilities to enable transition.

Here is what you will be doing:

• Develop and maintain security reference architectures, network diagrams and other guidelines to support the policies and standards, enabling the delivery of target state enterprise-level Information Security capabilities, and reducing the risk of siloed and redundant solutions.
• Develop security requirements and advise on technologies to be used in cloud environments during an entire project lifecycle.
• Ensure optimal placement and adequacy of the technology to achieve an ideal cloud security architecture, with respect to the cloud service model being used.
• Analyze proposed solution architectures, technology, design, and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes.
• Acts as a subject matter expert and may take on more complex work in developing plans and deliverables and interacting with key internal partners.
• Coordinate teams of internal and external subject matter experts to reach feasible security solutions for complex problems and issues across the health care sector. Play a leading role in the implementation and realization of those solutions.
• Identify, analyze, and recommend options for risk management at appropriate levels within the enterprise and the health care sector.
• Manage multiple security related projects simultaneously, and present status updates to upper management.
• Leverage existing best practices in addition to proposing, developing, and integrating best practices as they relate to business, policy, information, security, application and technical infrastructure architecture
• Identify and escalate issues and work with projects to ensure application management and quality standards are adhered to
• Keep current on business strategy decisions and its implications on the future state of Ontario Health.
• Operate as a Vanguard Enterprise Security Architect by staying abreast of trends in the technology and provincial healthcare landscape.
• Drive and influence strategic and tactical decisions related to security architecture, in order to maximize overall outcomes by balancing the conflicting goals of cost, security and time to production.
• Participate in the development and review of emerging and existing security architecture standards, patterns and technologies.
• Contribute to the definition and execution of the security architecture review process, balancing security architecture review rigor with project needs and timelines
• Maintain awareness of industry practices related to IT Security architecture and drive adoption of new practices and technology relevant to Ontario Health.
• Maintains and evolves relationships with external organizations and communities of practice with respect to specific subject areas within the Health System.
• Collaborates with, guides and mentors junior and peer security architects by elevating their breadth and scope of knowledge of security architecture, the Healthcare domain, security architecture patterns and best practices, and supporting the practice of security architecture and the development of security architecture models and documentation.
• Understands and translates tactical and operational business requirements into effective architectures and designs.
• Contributes to the development of architecture processes, procedures, templates, etc. and providing assistance to others.
• Reduces current and future costs across product/portfolio initiatives by identifying misalignments, duplication of efforts, and other opportunities for improvement in the architecture: escalates, proposes and drives to delivery, practical, efficient and reusable solutions.
• Consults on, advises and influences product/portfolio project planning by identifying architecturally significant cross-project and system dependencies to ensure target delivery dates are realistic and meet product/portfolio expectations.
• Reduces duplication of effort, cost overruns and impacts on timeline by identifying, championing and influencing strategic and tactical business and IT opportunities within a product/portfolio.
• Builds sustainable, trusted relationships with stakeholders, partners, colleagues and superiors.
• Provides thought leadership across program areas.
• Contributes to roadmaps. Provides alternative solutions and options for business and technical challenges. Identifies dependencies in project/product deliverables and provides guidance for planning and delivery.
• Occasionally engages outside of OH with integration partners (e.g., hospitals).

Here is what you will need to be successful:

Education and Experience:

• Bachelor’s or Master’s degree, or equivalent working experience in Information Technology is required.
• Certifications in any of the following cyber security and cloud security architecture are an asset (e.g., CISSP-ISSAP, CCSP, GDSA, CompTIA Security+...)
• 5 - 7 years of experience in IT security principles, practices, technologies, and programs with a solid knowledge of IT architecture, design and development.
• Understanding of typical security threats, vulnerabilities and safeguards relevant to application development, test and QA environments, and IT (data center) operations.
• Knowledge of technology life cycle
• Knowledge of industry standard development, database, and infrastructure platforms
• Knowledge of a wide variety of information systems and security technologies including Operating Systems security, LAN and WAN, Internet protocols and applications, secure communications, firewalls, IDS/IPS/XDR, PKI, identity and access management, identification and authentication techniques, role-based access control, malware defense, etc.
• Strong Knowledge an understanding of information security frameworks such as ISO 27001/2 and NIST.
• Understanding of Ontario Health business, goals, and mandate and how it applies to the provincial health care system.
• Knowledge of Ontario Health, and the broader Ontario health care sector IT systems to ensure product dependencies are identified and managed.
• Knowledge of Architectural disciplines such as Business, Application, Information, Infrastructure, Privacy and/or Security.
• Certification in service management, control, and architecture frameworks such as ITIL, PMBOK, COBIT, SABSA, Zachman, TOGAF, Rational, and/or Agile is an asset.
• Knowledge of Legislative boundaries and privacy regulations unique to Ontario and Canada.
• Knowledge of complex geographical, multi-lingual and multi-equity considerations specific to Ontario.
• Knowledge of Patient safety considerations.
• Knowledge of Public Sector procurement legislation, policies, and practices.

Knowledge and Skills

• Problem solving and analytical skills to create strategies to mitigate various types of business, privacy, security, and financial risks; identify gaps and opportunities within domains, sectors and/or solutions, and drive improvement and efficiency.
• Strong communication skills to facilitate, negotiate, and communicate, both orally and in writing, in support of internal and external partner engagement at the local, provincial level delivering presentation material, designing documents and/or training material for both technical and non-technical audiences and to drive to consensus between internal stakeholders with conflicting goals and priorities.
• Ability to understand disparate health IT systems’ place in the Health System, compare and contrast solutions and patterns to recommend/propose efficient and effective architectures and solutions.
• Ability to work at a high level of autonomy in setting objectives based on minimal direction from management.
• Ability to collaborate with internal peers and local programs to ensure alignment of architecture practices, patterns, and solutions.
• Ability to stay current on business strategy and assess new trends with respect to Ontario Health’s business needs, and identify opportunities, impacts and transformations required to realize their value and assess their implications on the future state of specific products or portfolios.
• Ability to stay abreast of provincial, national and international business, technology, architecture and solution design trends.
• Ability to work with internal and external (regional, provincial, national, international) stakeholders to understand business needs across OH and trends in IT across the broader health system as they relate to specific products or portfolios.
• Business focused and technically savvy with the ability to communicate to internal and external executives, business domain stakeholders and technical staff alike to build consensus and resolve both business and technical conflicts.
• Ability to understand and translate strategic, tactical, and operational business requirements into effective architectures and designs.
• Ability to interpret and apply IT privacy and security standards, principles and regulations applicable to the health care sector (such as FIPPA, PHIPA) in development of architecture solutions. 
• Ability to interpret and apply health information management principles to digital health care systems, and to leverage health care interoperability standards such as HL7 V2, or FHIR in development of architecture solutions. 
• Ability to work on, prioritize and deliver multiple projects/initiatives according to agreed-upon timelines amidst constantly changing priorities. 
• Ability to define requirements for, execute, and participate in public sector fair procurement processes.
• Ability to make decisions where results have a major impact across the organization.
• Emotional intelligence is required within product/project teams.

#LI-hybrid

#LI- AP1

#OH-IND-DIG 

Location: Ontario (currently hybrid; subject to change)

Employment Type:

Contract Length:

Salary Band:

External Application Deadline Date:

All applicants must be a resident of Ontario to be considered for roles at Ontario Health.  

Ontario Health encourages applications from candidates who are First Nations, Métis, Inuit, and urban Indigenous; Francophone; members of Black and racialized groups; 2SLGBTQIA+ communities; trans and nonbinary individuals; and people living with disabilities.

Ontario Health is an accessible employer, and we offer accommodation in all aspects of employment, including the recruitment process. If you require a disability related accommodation in order to participate in the recruitment process, please email careers@ontariohealth.ca and a member of the team will connect with you within 48 hours.