Job Number: JR102835 Job Title: Governance Risk and Compliance Security Analyst Job Category: Professional Hospital Location: Centenary Site Job Type: Permanent, Full time Number of Positions: 1 Hours: Days Across our three hospitals and eight satellite sites, Scarborough Health Network (SHN) is shaping the future of care. Our many programs and services are designed around the needs of one of Canada’s most vibrant and diverse communities. We are home to North America’s largest nephrology program, as well as the designated cardiac care and spine centre for Scarborough and surrounding communities to the east. We are proud to be a community-affiliated teaching site for the University of Toronto and partner with a number of other universities and colleges, helping to train the next generation of health care professionals. SHN is the recipient of the Excellence in Diversity and Inclusion Award, from the Canadian College of Health Leaders, for our work led by the Organizational Development and Diversity Department on our Leading edge Communities of Inclusion, Inclusion Calendar and our innovative Health Equity Certificate programs. We are also proud to be named Canada’s Most Admired Corporate Cultures for 2023! Learn more at shn.ca Job Description: Position Overview: Scarborough Health Network is in the midst of an exciting transformational journey. The Governance, Risk and Compliance (GRC) Analyst is responsible for supporting the information security direction of the organization and elevating the overall security posture to meet the changing needs of the diverse community in alignment with SHN’s strategic plan. This role will be of interest to individuals with strengths in communication, quantitative and qualitative data collection and analysis, stakeholder engagement and strategic development. The position requires both an understanding of legacy systems in a healthcare organization, as well as new technologies and requirements. This position will have a primary focus on three major areas: (1) Information Security Governance & Compliance (2) Information Security Risk Management and (3) Security Awareness & Training. As part of SHN’s Information Security team, the ideal candidate will support Scarborough Health Network’s strategic plan where the Information Security program will be a Centre of Excellence, committed to providing high quality comprehensive security requirements and obligations mandated by standards and regulations such as NIST CSF, PHIPA and ISO27001. The ideal candidate will not only contribute to SHN’s Information security team’s mission to not only secure SHN, but also to contribute to the security of the wider provincial healthcare ecosystem. The candidate might share knowledge through public presentations and industry events, and share insights with the wider community or represent SHN in sector-specific governance bodies. Key Responsibilities: Governance and Compliance: Develop and implement data security risk reporting frameworks aligned with NIST Cybersecurity Framework and Ontario Health guidelines for management teams and governance committees. Design and document technical, administrative, and physical controls to ensure compliance with regulatory obligations. Risk Assessments: Conduct risk assessments to identify vulnerabilities internally and within vendor or third-party suppliers. Identify, evaluate and monitor information security risks and controls based on established risk criteria and recommend mitigation and remediation guidelines. Risk Management: Analyze and improve SHN’s information security risk management practices. Advise senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, and residual risk analysis. Develop templates and documentation materials to help with self-managed risk management actions. Policy Management: Create, maintain, communicate, and enforce information security policies. Audit and Compliance: Prepare for and facilitate examinations for regulations such as PHIPA and NIST CSF. Work closely with control owners and internal and external auditors to ensure timely completion of requests. Security Training and Awareness: Develop and maintain workforce training and awareness programs related to information security to grow and develop the security culture within SHN. Reporting and Metrics: Collect, analyze and develop reports & KPIs regarding the maturation of the information security program at SHN for senior leadership and the broader health sector in Ontario. Requirements: Education: Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field. Broad knowledge of defense in depth security concepts and best practices with familiarity of cybersecurity frameworks such as NIST, CIS, ISO27001. Experience: Minimum of 3 years of experience in governance, risk management, and compliance within a healthcare setting with experience in the development and implementation of governance, risk and compliance strategy and security control framework. Familiarity with information security documentation requirements, certification and accreditation processes and abreast with general reporting requirements for industry security standards (e.g. NIST SP 800-53). Certifications: Relevant certifications such as CISA, CGRC, or CRISC are preferred. Skills: Strong analytical problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management. Expertise in security assessments, threat modelling and risk management frameworks. Key Competencies: Ability to work with minimal supervision. Positive attitude and agile mindset. Strong ability to define problems, collect and analyze data, establish facts and draw valid conclusions. Strong proficiency in both written and verbal English communication essential for effective correspondence with public, suppliers, business partners, and colleagues. Ability to work well under pressure, organized and able respond to fast changing priorities and deadlines. Strong interpersonal relationship building skills with the ability to engage with all levels of the organization. Accommodation and Diversity Statement: Scarborough Health Network (SHN) embraces and celebrates our community’s unique multicultural heritage and diversity. SHN is an equal opportunity employer, dedicated to a culture of inclusiveness and diversity reflecting our diverse patients, staff and community alike. We are committed to fostering an environment of equity and inclusivity where every person can work and receive care safely, openly and honestly. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, nation of origin, genetics, disability, age, veteran status, marital or family status, belief system, or other factors related to one’s personal identity and/or values. We are committed to providing barrier-free and accessible employment practices in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). Should you require accommodation through any stage of the recruitment process, please make them known when contacted and we will work with you to meet your needs. Learn more about our exciting opportunities by following SHNCareers on Instagram, Twitter, and Facebook. At Scarborough Health Network (SHN), our people are our greatest asset. They come from all over the world and bring diverse perspectives to enhance the compassionate and innovative care we provide our patients and their loved ones. We celebrate what makes people unique and believe that a safe, fulfilling and balanced work environment is just the start. We recognize and reward our teams, prioritize access to continuing education and create meaningful opportunities for growth and development. At SHN, you can enhance your career while by opening doors to new experiences and possibilities within our vibrant and inclusive community. Bring your passion to work. Start your journey today. We are proud to be an inclusive, equitable and accessible workplace, where everyone feels valued, respected, supported, and has a rich sense of belonging through our organizational drive to build and sustain an exceptional work environment where healthcare professionals can flourish both personally and professionally. Learn more about us by following SHN Careers on Instagram! SHN is proud to be recertified as one of Canada’s Most Admired Corporate Cultures™ for 2023-2024 by Waterstone Human Capital, one of Canada’s fastest-growing cultural talent management and retained executive search firms specializing in recruiting for fit and cultural assessment. We are a culture that empowers and inspires. This means everyone feels welcomed, respected, supported and valued and able to fully participate in the workplace. We are doing this through by creating awareness, providing education resources, empowering staff-led Communities of Inclusion, and providing growth and career opportunities. We are proud to offer mentorship programs to encourage collaboration and to support international employees, and our EnRoute training and career advancement programs designed to provide hands-on experience to fast-track certifications and placements in different care units. We are always in search of individuals with unique strengths to enhance the world-class care we provide to our patients within a welcoming environment. Experience why we continue to be a Greater Toronto’s Top Employer and an affiliated teaching hospital of the University of Toronto. We are proud to offer our staff comprehensive perks, including: Defined Benefit pension plan through the Healthcare of Ontario Pension Plan Comprehensive insured benefits package including health and dental benefits New Graduate Initiative Enroute Program Critical Care Sponsorship Program Employee Discount and Incentive Programs Employee and Family Assistance Program (EFAP), along with other comprehensive wellness offerings, including our Spiritual Care team of registered psychotherapists for spiritual, religious or emotional care; mental health supports; and on-site wellness rounding Recognition events Leadership Development and Learning Programs Tuition Assistance Program Please allow some time for our recruiters to review your application. We will contact those applicants who are chosen for an interview. We’re always looking for skilled, compassionate and committed individuals to join our dynamic team in providing exceptional quality care. Subscribe to our Career Alert or share your journey with us and see where it might lead you!
