- Develop relationships with IT teams within the Faculty of Medicine, building a solid understanding of the individual units within the faculty, and applying knowledge of their environment and priorities to cybersecurity solutions and compliance towards Information Security Standards.
- Responsible for providing Cybersecurity services within Faculty of Medicine, translating client needs and the UBC cybersecurity requirements into system requirements and implementation options which suitably meet business requirements.
- Focused on Systems Administration and Analysis of Administrative, Academic and Research Systems for compliance with University policies and Information Security Standards, while primarily focused on Linux and Windows servers, and other non-server systems will be part of the remit.
- Proactively identifies vulnerabilities and provides reports and remedial action recommendations to departmental System Administrators and work closely with them to improve overall information security posture.
- Leads the planning, communication, and completion of complex technical repairs, upgrades, maintenance, reconfiguration and rebuilds – in collaboration with IT teams to ensure that UBC Systems are in compliance with University policies and Information Security Standards.
- Provides technical expertise in the analysis of complex security events and develops a mitigation strategy that describes the issue, risk, solution and maintenance to prevent future problems or failures.
- Leads the planning and implementation of small-to-medium sized projects, as assigned.
- In consultation with Senior Information Security Manager, maintains an information systems risk register and recommends security controls to be designed and implemented through collaboration with IT teams.
- Collaborate with IT Teams and cybersecurity champions across the faculty to maintain and mature the information security and compliance program in alignment with internal audit requirements and security risk assessments based on industry frameworks.
- Responsible for the development, sustainment, and communication of technical documentation, including operational procedures and guides, architectural diagrams, data flow diagrams and knowledge base articles. May also participate in facilitation of workshops or other training events.
- Leads the integration of newly developed or procured solutions with existing cybersecurity infrastructure and solutions through standard interfaces and protocols.
- Support internal software development teams to ensure that development lifecycle aligns with industry best secure practices.
- May develop, deploy, and support custom internal-facing tools and applications to meet specific cybersecurity needs.
- Analyzes functional and business requirements, system features, integration requirements, security requirements, and scalability and performance requirements, preparing recommendations for senior staff.
- Provides input and researches new or enhanced cybersecurity solutions to meet current and future information system protection requirements.
- Correlates events using information gathered from various sources to gain situational awareness and determine the effectiveness of an observed attack.
- Collaborates with peers/team members to identify, analyze, recommend and implement changes that will improve the security and privacy of existing information systems.
- Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity techniques and tools.
- Investigates and remains current with industry technology trends in the Web Application Security field such as: web application firewalls, web application vulnerability scanners, web application development, web applications middleware, etc.
Company
Location
Vancouver - Canada
Job type
Full-Time
Python Job Details
Staff - Non Union
Organizational Status
Work Performed
Consequence of Error/Judgement
Supervision Received
Works under the general direction of the Senior Information Security Manager within the Faculty of Medicine Digital Solutions team. May receive direction from senior technical staff as assigned. The Information Security Analyst II must be able to work independently as well as contribute actively and collaborate openly as a team member.
Supervision Given
Acts as a mentor to other less experienced members of the team and may oversee day to day work on a project basis of other Information Security, Systems Administrators or IT professionals.
Minimum Qualifications
Undergraduate degree in a relevant discipline. In-depth knowledge of applications and the business requirements supporting them. Minimum of five years of related experience, or the equivalent combination of education and experience.
Preferred Qualifications
Job Category
M&P - AAPS
Job Profile
AAPS Salaried - Information Systems and Technology, Level D
Job Title
Information Security Analyst
Department
Information Security | Dean's Office | Faculty of Medicine
Compensation Range
7,278.33 - $11,372.33 CAD Monthly
Posting End Date
June 15, 2022
Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above.
Job End Date
Job Summary
The Information Security Analyst II provides technical expertise to support the delivery of cybersecurity services and controls within the Faculty of Medicine, ensuring the ongoing management of information security based on client needs, University policies, information security standards and compliance requirements. This position monitors and responds to threats and vulnerabilities within the Faculty of Medicine by implementing proactive measures and making recommendations to improve the organizational information security posture.
The success of this position is greatly dependent on the individual’s ability to create and maintain relationships with Faculty of Medicine IT Teams and Leadership, and the broader UBC Cybersecurity team, to ensure that risk areas within the faculty are understood and managed based on client needs and information security requirements.
A fixed schedule is set for this role but flexibility is required as some work must be performed outside of regular business operating hours. This position may be required to participate in an on-call rotation schedule.
Organizational Status
Our Vision: To Transform Health for Everyone.
Ranked among the world’s top medical schools with the fifth-largest MD enrollment in North America, the UBC Faculty of Medicine is a leader in both the science and the practice of medicine. Across British Columbia, more than 11,000 faculty and staff are training the next generation of doctors and health care professionals, making remarkable discoveries, and helping to create the pathways to better health for our communities at home and around the world.
The Faculty — comprised of approximately 2,200 administrative support, technical/research and management and professional staff, as well approximately 650 full-time academic and 8,500 clinical faculty members — is composed of 19 academic basic science and/or clinical departments, three schools, and 23 research centres and institutes. Together with its University and Health Authority partners, the Faculty delivers innovative programs and conducts research in the areas of health and life sciences. Faculty, staff and trainees are located at university campuses, clinical academic campuses in hospital settings and other regionally based centres across the province.
Reports to the Senior Information Security Manager within the Faculty of Medicine Digital Solutions team. Works independently, collaborates and interacts directly with management, staff and technology professionals from various units within Faculty of Medicine, the Cybersecurity team, Information Technology, Privacy and Information Security Management, and other UBC Teams to coordinate information security services and implement security measures.
Work Performed
Consequence of Error/Judgement
Cybersecurity plays a key role in enabling the University to achieve its goal of becoming one of the world's leading universities. The services supported by Cybersecurity require reliable application systems in order to provide critical functions that support all students, faculty and staff. These systems must be available on a 7x24 basis.
Decisions and actions taken by the Information Security Analyst II will have a direct impact on how efficiently and effectively the systems will perform and function. Errors in judgment, poor development, or failure to act decisively could have a detrimental effect on these systems. Unreliable systems or failure to meet contractual obligations for performance and availability will damage the reputation of UBC. This could adversely impact the University community, including the large majority of students, faculty and staff, and could cost hundreds of thousands of dollars in lost productivity, funding and revenue.
Supervision Received
Works under the general direction of the Senior Information Security Manager within the Faculty of Medicine Digital Solutions team. May receive direction from senior technical staff as assigned. The Information Security Analyst II must be able to work independently as well as contribute actively and collaborate openly as a team member.
Supervision Given
Acts as a mentor to other less experienced members of the team and may oversee day to day work on a project basis of other Information Security, Systems Administrators or IT professionals.
Minimum Qualifications
Undergraduate degree in a relevant discipline. In-depth knowledge of applications and the business requirements supporting them. Minimum of five years of related experience, or the equivalent combination of education and experience.
Preferred Qualifications
Significant experience with complex enterprise IT systems administration and project support with the design and implementation of medium to large scale application systems.
Experience managing and supporting Microsoft Active Directory, Windows Server, MS-SQL, MySQL, Unix/Linux, and using backup and recovery tools in a virtual environment.
Experience supporting, securing, and remediating information systems is required.
Knowledge of computer networking concepts, security methodologies and protocols (e.g., TCP/IP, DNS, LDAP, TLS) and network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML).
Experience and a working knowledge of SDLC methodologies, systems automation and deployment tools such as Puppet or Ansible, scripting languages such as Python, common version control tools, unified communications systems and standard office productivity tools.
Knowledge of firewall management, web application security standards (e.g., OWASP ASVS), web application authentication, protocols, data transmission methods, and how to mitigate web application vulnerabilities.
Collaboration - Takes initiative to actively participate in team interactions. Without waiting to be asked, constructively expresses own point of view or concerns, even when it may be unpopular. Ensures that the limited time available for collaboration adds significant customer value and business results.
Communication for Results - Converses with, and writes to, peers in ways that support transactional and administrative activities. Seeks and shares information and opinions. Explains the immediate context of the situation, asks questions with follow-ups, and solicits advice prior to taking action.
Problem Solving - Investigates defined issues with uncertain cause. Solicits input in gathering data that help identify and differentiate the symptoms and root causes of defined problems. Suggests alternative approaches that meet the needs of the organization, the situation, and those involved. Resolves problems and escalates issues with suggestions for further investigation and options for consideration as required.
Accountability - Checks assumptions about mutual expectations and clarifies standards of overall performance. Checks the scope of responsibilities of self and others. Monitors day-to-day performance and takes corrective action when needed to ensure desired performance is achieved.
Business Process Knowledge - Defines routine, integrated processes. Documents processes using basic formal process charting techniques. Applies process definitions and flows to work performed. Identifies process bottlenecks and contributes suggestions for process improvement.
Information Systems Knowledge - Possesses a basic understanding of the strategy, structures, processes, and procedures of the enterprise in its relationship with the business and its activities. Troubleshoots in response to requests for technical support. Identifies problems and needs. Escalates problems to appropriate technical experts.
Initiative - Seeks out new challenges that require risk taking. Determines the resources, team support, and technical needs necessary to enable success and procures them. Keeps responding to the challenge in spite of obstacles and setbacks.
More Developer Job Boards
Fullstack Developer Jobs Golang Jobs JavaScript Jobs Python Jobs React Jobs Rust Jobs Java Jobs