Cyber Security Advisor/Architect (Healthcare)

Category: Cyber Security
Main location: Canada, Nova Scotia, Halifax
Position ID: J0524-1038
Employment Type: Full Time

Position Description:

CGI is looking for a seasoned Cyber Security Advisor or Architect with experience advising clients in the healthcare sector.
*This role can be situated anywhere in Atlantic Canada within proximity to a CGI office. The successful Candidate must currently reside in Canada and be eligible for security clearance*
CGI is expanding its Health and Life Sciences Team in the Atlantic Region. We are looking for a Cyber Security Advisor to join us on engaging, and professionally rewarding opportunities with both our internal and external delivery engagements. Become part of our team and share your expertise to support the evolution of service solutions and emerging technologies!
The ideal candidate will have a strong technical and business understanding of cyber security, with experience advising clients in the healthcare sector as well as experience in IT Consulting sales/business development and have an extensive network in the sector. The successful candidate will have a strong delivery background in the Healthcare Sector and experience working with Nova Scotia Health and/or other Atlantic Provincial Health Authorities and Departments of Health. You would be responsible for the successful delivery of project on time, on budget, and to customer satisfaction, therefore enabling new or extended business relationships. Your focus and priority is on client satisfaction, which you achieve through strategic, well organized and communicative project management as well as through strong team leadership and support to the CGI members (employees) on your delivery team(s).

Your future duties and responsibilities:

The Security Advisor will be responsible for:
Cyber Leadership -
• Serve as the Cyber Security Lead on key projects in the healthcare and life sciences sectors (and possibly other sectors)
• Develop a comprehensive understanding information systems.
• Advise clients acquiring technology tools (software, hardware and/or services) by evaluating business needs, assessing available alternatives, and recommending the preferred approach.
• Creating or updating documentation based on identified cyber security risks and controls and disseminating it.
• Provide policy guidance to Cybersecurity clients' management, staff, and end users.
• Lead and participate in multi-disciplined Health and Government teams with accountability for scope, communications, and control procedures. Translate the business impacts of cyber security requirements to a range of stakeholders in multiple digital service areas and help with the understanding of the cyber security risk.
• Ensure that stakeholder security requirements to protect the business processes are adequately addressed in all aspects of enterprise cyber security architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. while partnering with stakeholders across the enterprise to deliver security work program objectives.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Develop or participates in the development of standards for providing, requesting, and/or obtaining support from external and internal stakeholders to synchronize Cybersecurity services.
• Act as an internal consultant to provide expert advice, coaching and mentoring on up-to-date cyber security and risk management methodologies and tools to the program team, business partners, and the vendors.
• Create cyber security documentation, define cyber security key performance indicators, and report on them.
• Lead organizational outreach and promotion of Cybersecurity awareness campaigns, including partnering with public sector and industry partners.
• Build, strengthen, and sustain key relationships with stakeholders across the enterprise including Information Technology, Enterprise Risk & Resiliency, and regional leadership.
• Define and documents efficient and transparent security architecture guidelines regarding proper use and deployment of business applications, data and technology.
• Work closely with the Enterprise Architecture Team, Cybersecurity teams, system owners, contracting authority and provide security design and architecture recommendations.
• Develop and maintain security solution architectures and designs, including but not limited to products and services, e.g. Network and Endpoint Protection, Identity and Access Management, Cloud Security, ICS security, Incident Response and Recovery, Public Key Infrastructure (PKI).
• Keep up-to-date on changes in security threats, technology and security architecture.
• Conduct Cybersecurity threat risk assessments and recommends appropriate controls and countermeasures in alignment with organizational standards and policies.
• Partner with business and Information Technology (IT) stakeholders to plan for future needs.
• Propose and implement innovative solutions to complex and non-routine security challenges.
• Perform other duties as assigned, in accordance with Branch and Department objectives.
Cyber Innovation -
• Continuously conduct research and assess creative methods for improving the I&T risk profile. This position requires the ability to manage, continually motivate and coach staff to ensure they are properly trained, client-focused, professional, and knowledgeable regarding the implementation of l&T risk management. They must understand client priorities and balance business needs against l&T risk management priorities when assigning work program staff.
• "Think outside the box" as well as have the confidence and conviction to introduce new innovative concepts and solutions founded on sound reason and judgement, experience, and expertise. You must apply innovative methods to achieve corporate buy-in, cooperation, alignment and support for new ways of working and doing business.

Required qualifications to be successful in this role:

Education:
• Completion of a University Degree or equivalent education, training, and experience in a relevant discipline such as Computer Science, Computer Engineering, or Information Security.
Qualifications:
• 5 – 10 years of professional experience in a Cybersecurity advisory role.
• 5+ years of experience in cyber security in health sector with a focus on technical security architecture.
• Minimum 3 years' experience in cyber security architecture.
• Experience as a Cyber Security Lead on major projects.
• Working knowledge and experience of cyber security framework and industry standards, such as NIST CSF, NIST 800- 53, CIS, ISF, SoGP and ISO27000 and Payment Card Industry regulations (PCI DSS).
• Knowledge of and experience in the IT industry – standards creation in Network/Telecom, Security, Server/SAN backup, Database/Middleware or Applications/Reporting
• Advanced knowledge and technical security expertise around IT networks and infrastructure, applications, servers, end points, loT/OT, cloud infrastructure and services etc.
• Experience working within and across remote teams, inter- and intra-organizationally.
• Practical experience in security engineering or consulting to anticipate and address complex security problems.
• Working knowledge of developing and maintaining security architecture principles, strategy and practices, roadmaps, and technical applications to engineer reliable solutions and measures for the business.
• Working knowledge of applying and incorporating information technologies into proposed solutions, translating operational requirements into protection needs (i.e., security control objectives), designing countermeasures to identified security risks, and designing multi-level security/cross domain solutions.
• A deep understanding of how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Ability to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Proficiency in executing and managing a variety of tasks, problems and programs.
• Ability to work in a fast paced, dynamic and flexible hybrid office environment.
• Ability to assess enterprise risk with proper recommendation in remediation.
• Ability to speak, write and communicate effectively in English; (French an asset)
• Ability to persuade, convince, influence behavior.
• Ability to lead and work in a multi-team environment and drive completion of deliverables.
• Information seeking – ability to acquire, analyze, document and communicate information relevant to the achievement of valued goals.
• Strategic business thinking - ability to apply technical knowledge and experience to making management decisions for maximizing business objectives.
• Team leadership – ability to take a role of strategic advisor, guide and mentor of the team.
Certifications:
• ISC2 Certified Information Systems Security Professional required.
• Hold additional relevant certifications such as CISA, CISM, TOGAF, SABSA, ITIL, ISO27001 /2 or equivalent designation(s) is considered an asset.

#LI-NB5

Use of the term ‘architect’ in this job posting refers to the technical sense related to Information Technology (IT) and does not imply that the individual practices architecture or possesses the requisite license as prescribed by the applicable provincial or territorial architect regulator. We are seeking individuals with expertise in IT architect-related functions, but licensure from an architect regulator is not a prerequisite for this position. Architecture is a regulated profession in Canada which is restricted in terms of use of titles and designation.

Skills:

  • Project Management
  • Cyb.Sec.Eng. (Sensor /Device)
  • English
  • Security Architecture
  • French
  • Security Audit

What you can expect from us:

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Come join our team—one of the largest IT and business consulting services firms in the world.