Governance Risk and Compliance Security Analyst

Job Number: JR102835

Job Title: Governance Risk and Compliance Security Analyst

Job Category: Professional

Hospital Location: Centenary Site

Job Type: Permanent, Full time

Number of Positions: 1

Hours: Days

Across our three hospitals and eight satellite sites, Scarborough Health Network (SHN) is shaping the future of care. Our many programs and services are designed around the needs of one of Canada’s most vibrant and diverse communities. We are home to North America’s largest nephrology program, as well as the designated cardiac care and spine centre for Scarborough and surrounding communities to the east. We are proud to be a community-affiliated teaching site for the University of Toronto and partner with a number of other universities and colleges, helping to train the next generation of health care professionals. SHN is the recipient of the Excellence in Diversity and Inclusion Award, from the Canadian College of Health Leaders, for our work led by the Organizational Development and Diversity Department on our Leading edge Communities of Inclusion, Inclusion Calendar and our innovative Health Equity Certificate programs. We are also proud to be named Canada’s Most Admired Corporate Cultures for 2023! Learn more at shn.ca

Job Description:

Position Overview:
Scarborough Health Network is in the midst of an exciting transformational journey. The Governance, Risk and Compliance (GRC) Analyst is responsible for supporting the information security direction of the organization and elevating the overall security posture to meet the changing needs of the diverse community in alignment with SHN’s strategic plan. This role will be of interest to individuals with strengths in communication, quantitative and qualitative data collection and analysis, stakeholder engagement and strategic development. The position requires both an understanding of legacy systems in a healthcare organization, as well as new technologies and requirements. This position will have a primary focus on three major areas: (1) Information Security Governance & Compliance (2) Information Security Risk Management and (3) Security Awareness & Training.

As part of SHN’s Information Security team, the ideal candidate will support Scarborough Health Network’s strategic plan where the Information Security program will be a Centre of Excellence, committed to providing high quality comprehensive security requirements and obligations mandated by standards and regulations such as NIST CSF, PHIPA and ISO27001. The ideal candidate will not only contribute to SHN’s Information security team’s mission to not only secure SHN, but also to contribute to the security of the wider provincial healthcare ecosystem. The candidate might share knowledge through public presentations and industry events, and share insights with the wider community or represent SHN in sector-specific governance bodies.

Key Responsibilities:

• Governance and Compliance: Develop and implement data security risk reporting frameworks aligned with NIST Cybersecurity Framework and Ontario Health guidelines for management teams and governance committees. Design and document technical, administrative, and physical controls to ensure compliance with regulatory obligations.
• Risk Assessments: Conduct risk assessments to identify vulnerabilities internally and within vendor or third-party suppliers. Identify, evaluate and monitor information security risks and controls based on established risk criteria and recommend mitigation and remediation guidelines.
• Risk Management: Analyze and improve SHN’s information security risk management practices. Advise senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, and residual risk analysis. Develop templates and documentation materials to help with self-managed risk management actions.
• Policy Management: Create, maintain, communicate, and enforce information security policies.
• Audit and Compliance: Prepare for and facilitate examinations for regulations such as PHIPA and NIST CSF. Work closely with control owners and internal and external auditors to ensure timely completion of requests.
• Security Training and Awareness: Develop and maintain workforce training and awareness programs related to information security to grow and develop the security culture within SHN.
• Reporting and Metrics: Collect, analyze and develop reports & KPIs regarding the maturation of the information security program at SHN for senior leadership and the broader health sector in Ontario.

Requirements:

Education: Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field. Broad knowledge of defense in depth security concepts and best practices with familiarity of cybersecurity frameworks such as NIST, CIS, ISO27001.

Experience: Minimum of 3 years of experience in governance, risk management, and compliance within a healthcare setting with experience in the development and implementation of governance, risk and compliance strategy and security control framework. Familiarity with information security documentation requirements, certification and accreditation processes and abreast with general reporting requirements for industry security standards (e.g. NIST SP 800-53).

Certifications: Relevant certifications such as CISA, CGRC, or CRISC are preferred.

Skills: Strong analytical problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management. Expertise in security assessments, threat modelling and risk management frameworks.

Key Competencies:

• Ability to work with minimal supervision.
• Positive attitude and agile mindset.
• Strong ability to define problems, collect and analyze data, establish facts and draw valid conclusions.
• Strong proficiency in both written and verbal English communication essential for effective correspondence with public, suppliers, business partners, and colleagues.
• Ability to work well under pressure, organized and able respond to fast changing priorities and deadlines.
• Strong interpersonal relationship building skills with the ability to engage with all levels of the organization.

Accommodation and Diversity Statement:
Scarborough Health Network (SHN) embraces and celebrates our community’s unique multicultural heritage and diversity. SHN is an equal opportunity employer, dedicated to a culture of inclusiveness and diversity reflecting our diverse patients, staff and community alike. 
We are committed to fostering an environment of equity and inclusivity where every person can work and receive care safely, openly and honestly. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, nation of origin, genetics, disability, age, veteran status, marital or family status, belief system, or other factors related to one’s personal identity and/or values. 
We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs.

Learn more about our exciting opportunities by following SHNCareers on Instagram, Twitter, and Facebook.