Governance Risk and Compliance Security Analyst

Responsibilities

• Risk Assessments: Conduct risk assessments to identify vulnerabilities internally and within vendor or third-party suppliers. Identify, evaluate and monitor information security risks and controls based on established risk criteria and recommend mitigation and remediation guidelines.
• Policy Management: Create, maintain, communicate, and enforce information security policies.
• Audit and Compliance: Prepare for and facilitate examinations for regulations such as PHIPA and NIST CSF. Work closely with control owners and internal and external auditors to ensure timely completion of requests.
• Security Training and Awareness: Develop and maintain workforce training and awareness programs related to information security to grow and develop the security culture within SHN.
• Reporting and Metrics: Collect, analyze and develop reports & KPIs regarding the maturation of the information security program at SHN for senior leadership and the broader health sector in Ontario.

Requirements

• Education: Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field. Broad knowledge of defense in depth security concepts and best practices with familiarity of cybersecurity frameworks such as NIST, CIS, ISO27001.
• Experience: Minimum of 3 years of experience in governance, risk management, and compliance within a healthcare setting with experie

Benefits

Additional Information

Job Number: JR106133 Job Title: Governance Risk and Compliance Security Analyst Job Category: Professional Hospital Location: Centenary Site Job Type: Permanent, Full time Number of Positions: 1 Minimum - Maximum Hourly Rate: $46.876 - $54.342 Hours: Days Across our three hospitals and eight satellite sites, Scarborough Health Network (SHN) is shaping the future of care. Our many programs and services are designed around the needs of one of Canada's most vibrant and diverse communities. We are home to North America's largest nephrology program, as well as the designated cardiac care and spine centre for Scarborough and surrounding communities to the east. We are proud to be a community-affiliated teaching site for the University of Toronto and partner with a number of other universities and colleges, helping to train the next generation of health care professionals. SHN is the recipient of the 2021 Excellence in Diversity and Inclusion Award, from the Canadian College of Health Leaders, for our leading edge work on Communities of Inclusion, Inclusion Calendar, Health Equity Certificate Program and much more. We are also proud to be named Canada's Most Admired Corporate Cultures for 2023 - 2025 and Greater Toronto's Top Employers for 2026. Learn more at shn.ca Job Description: Position Overview: Scarborough Health Network is in the midst of an exciting transformational journey. The Governance, Risk and Compliance (GRC) Analyst is responsible for supporting the information security direction of the organization and elevating the overall security posture to meet the changing needs of the diverse community in alignment with SHN's strategic plan. This role will be of interest to individuals with strengths in communication, quantitative and qualitative data collection and analysis, stakeholder engagement and strategic development. The position requires both an understanding of legacy systems in a healthcare organization, as well as new technologies and requirements. This position will have a primary focus on three major areas: (1) Information Security Governance & Compliance (2) Information Security Risk Management and (3) Security Awareness & Training. As part of SHN's Information Security team, the ideal candidate will support Scarborough Health Network's strategic plan where the Information Security program will be a Centre of Excellence, committed to providing high quality comprehensive security requirements and obligations mandated by standards and regulations such as NIST CSF, PHIPA and ISO27001. The ideal candidate will not only contribute to SHN's Information security team's mission to not only secure SHN, but also to contribute to the security of the wider provincial healthcare ecosystem. The candidate might share knowledge through public presentations and industry events, and share insights with the wider community or represent SHN in sector-specific governance bodies.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at shn? Share your experience