Bayshore HealthCare is one of the Canada’s leading providers of home and community health care services and is a privately owned company. Bayshore HealthCare is proud to showcase its achievement as a Platinum member of Canada’s Best Managed Companies Program every year since 2006. Bayshore Healthcare is also recognized as Canada’s Best Employers in Forbes 2023 list.

The Senior Information Security Analyst, under the direction of the Manager, Information Security & Compliance assists with the planning and implementing of security measures to protect Bayshore’s information computing systems and data that supports the company’s Security program and objectives. The role’s main activities include system monitoring, technical review of company initiatives and enhancements, risk analysis, policy review and development, implementation of various security roadmap projects and activities, awareness training programs, cloud-security, security assessments and remediation activities.

DUTIES AND RESPONSIBILITIES:

• Educate, communicate, participate and lead projects, ensuring security policies, standards and procedures of technology and configuration are applied to new system implementations and
  that other IT and security risks are adequately mitigated.
• Performs threat risk and/or privacy risk assessments on projects and other IT initiatives and propose solutions to mitigate risk.
• Participate in the SDLC process on projects in order to design and implement the required Information Security measures for new and upgraded systems.
• Collaborates with application development teams to ensure security requirements are satisfied within Bayshore’s application.
• Identify, coordinate and lead the execution of adhoc application assessments and penetration testing.
• Drive the remediation of issues identified through internal and external security testing (penetration testing, annual corporate testing).
• Supports and drives the secure implementation, delivery and operation of new and existing business applications, platforms and services projects of IT and across Business functions.
• Understand, deploy and document solutions to comply with Bayshore’s security directives.
• Reviews and approves security configuration and installation of firewall, VPN, routers, IDS scanning technologies, and servers.
• Provides security consulting and expertise on threat mitigation, prevention, and counter measures
• Acts as a Subject Matter Expert in one or more of the other security domains ( Data Protection, Application Security, Endpoint Security, Network & Infrastructure Security, Threat & Fraud
  Management, SIEM/Auditing/Analytics, Identity and Access Management).
• Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private
  networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as
  well as hardware and software; adhering to industry standards.
• Leads the Information Security Awareness Program.
• Working knowledge in Identity Access Management, Privileged Account Management and Key Management solutions.
• Manage day-to-day security operations, ensuring the identification and remediation of information security risks, threats and vulnerabilities.
• Monitor and respond to security alerts generated from Security Incident Event Management (SIEM), Traps (Anti-virus), Firewall, IDS/IPS, VPN, etc. and escalate to the appropriate team for
  resolution.
• Manage the vulnerability management program by reviewing vulnerability scans, interpreting results, coordinating remediation efforts, reporting status and metrics to demonstrate
  improvement.
• Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
• Secure business applications and computing environments in Azure and AWS cloud infrastructures.
• Completes other security related tasks as requested.
• Backup to the Information Security Officer.
• Monitors industry security updates, technologies and best practices to improve security across the infrastructure and application development domains.

REPORTING RELATIONSHIPS

• The Senior Information Security Analyst reports directly to the Manager, Information Security & Compliance.

Work Location : Bayshore Healthcare, National Office, Mississauga ON

Hybrid – At least 2 days onsite weekly

Job Qualification

Education:

• College or University level education or equivalent level of experience in the industry.
• Completion of a Security related certification is mandatory (CISSP, CISA, GIAC, etc.)
• Cloud Certificate is required.

Experience:

• Minimum 5 years’ experience in a technical security consultant or analyst role.
• Demonstrates expert knowledge of network security control environments and architecture, including, system administration, intrusion detection, network architecture, enterprise threat
  management, perimeter controls.
• Knowledge of network security controls, appliances, including next generation perimeter security controls and web application firewalls.
• Systems administration experience, in Networks and Windows is considered a strong asset;
• Strong Knowledge of traditional and cloud Architecture, experience of AWS, Azure or other public and private cloud technologies is required.

Other Skills and Abilities

• Ability to work independently with minimal supervision.
• Strong verbal and written communication skills are essentials.
• Ability to work effectively and collaboratively with internal staff, external partners and stakeholders.
• Demonstrates solid analysis skills.
• Displays high ethics and trust values.

STANDARDS OF PERFORMANCE:

• The Senior Information Security Analyst must demonstrate ongoing competency in completing all duties
  and responsibilities of this job description, in response to changes by the regulating body, as well as
  agreed upon specific goals and objectives