22 Apr 2013

Job: eHealth Saskatchewan CSO

eHealth Saskatchewan is looking for a Chief Security Officer (CSO) to join their team. The Chief Security Officer is responsible for developing, implementing and managing the overall strategic information security program, policies and procedures (ISO Standards). They will ensure both the technical and physical safeguards and controls are in place to protect the organization, the employees and the integrity of personal health information and systems, ensuring consistency across the sector and with industry best practices. Your Responsibilities Include (but not limited to): ? Establishing standards and policies and conducting or overseeing the conduct of associated security audits and security breach investigations that affect staff, vendors, visitors, contractors, consultants, other government agencies and third party access. ? Participates with the Enterprise Architect team to ensure awareness and that overall governance commitments are being met in framework design. ? Serves as the enterprise?wide focal point for, and cultivates relationships with, clients, stakeholders, vendors and health sector security offices to foster collaboration in addressing security?related challenges. (e.g. chairs Health Sector Security Officer Forum). ? Builds the business case, including multi?year budget requirements. ? Establishes and maintains a Privacy and Security Incident Management System (working closely with the CPO). ? Conducts investigations on security incidents and breaches, identifies causes, ensures resolutions to remediate vulnerabilities and outlines potential policy repercussions. Conducts and manages risk assessments using an Application Verification Toolkit (AVERT) ? Create and maintain a Security Dashboard and provide ongoing reports through the Security Dashboard (of all findings, incidents, breaches, risk levels and suspensions). ? Ensures legal advice is obtained from the agency solicitor on security matters where required. ? Establishes training materials, workshop content, and delivers security training throughout the organization Qualifications ? Minimum 5?7 years of experience in IT Security, IT Audit or related area ? Bachelors degree in Information Security, Computer Science, Information Management Systems, Business/Accounting or related field ? Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, IDS/IPS (intrusion detection system/intrusion prevention system) ? Familiarity with Information Security industry standards/best practices and relevant regulations (e.g., PCI DSS, HIPAA, GLBA, FISMA, NIST, ISO, CobiT, ISF) ? Analytical and detail oriented ? Strong written and oral communication skills If you are interested and would like more details, please send your resume to: recruitment@eHealthsask.ca]]>