Manager, Information Security

Position Summary
Interior Health is looking for an experienced Manager, Information Security to join our team on a full time permanent basis.

This position offers a flexible work location within the Interior Health region.

What we offer:
-Employee & Family Assistance Program
-Employer paid training/education opportunities
-Employer paid vacation
-Medical Services Plan
-Employer paid insurance premiums
-Extended health & dental coverage
-Municipal Pension Plan
-Work-life balance

Salary Range:
Salary range for the position is $$106,026 to $152,413. Interior Health establishes salaries within the minimum and maximum of the salary range based on consideration of the qualifications, experience of the applicant, and an internal equity review of the salaries of other employees.

About the job:
In accordance with the established vision and values of the organization, the Manager, Information Security is responsible for providing leadership and management of an enterprise information security program ensuring the ongoing protection of Interior Health (IH) information assets. This includes collaboration and consultation as an expert in assessing and defining information security practices and risk mitigation strategies related to information systems and data access services, as well as managing all operational activities associated with information security.

Operating within a complex, dynamic environment with multiple sites across a large geographical area, the Manager provides direction, guidance, and leadership to senior leaders, Managers, staff, physicians, technical teams, contractors, external partners, and service providers in support of ensuring appropriate administrative, technical, and physical controls are applied in protecting IH’s information assets. The Manager is responsible for ensuring compliance with federal, provincial, and other applicable industry security standards, government policies, and related conformance standards.

As a member of the Digital Health management and leadership team, the Manager, Information Security develops goals, objectives, strategies, and approaches to ensure alignment with the business needs of IH and the Digital Health Department. This includes evaluating emerging security technologies in an effort to find appropriate solutions which provide better security, sustainability, and bring greater value to the organization.

Typical duties and responsibilities:

Administrative
• Develops and manages annual operational and capital budgets. Responsibilities include: monitoring budget performance, conducting variance analyses, identifying cost saving measures, planning, and adjusting operations and/or staffing to meet projections and annual targets; approving expenditures; and preparing summaries for fiscal reporting. Liaises with representatives of Finance in addition to the Director on budget matters.
• Sets individual, measurable goals and objectives, incorporating IH’s vision and values, goals, and corporate plan through methods such as maintaining and updating professional knowledge, developing plans for professional development, and reviewing progress with the Director to ensure that goals are achieved within established timelines.
• Establishes and maintains tracking and measurement systems such as Security Threat and Risk Assessments (STRA), information security risk registries for information security incidents and risks; reports areas of risk to senior management; makes recommendations; and evaluates the effectiveness of education, training, and awareness programs.

Personnel
• Provides leadership and manages technology professionals who have organization-wide responsibilities and accountability across multi-sites and multi-disciplinary teams, by allocating scarce resources to achieve the goals, objectives, and strategic and tactical plans.
• Coordinates and manages staffing levels, daily assignments, recruitment, hiring, ongoing development, performance management, and performance evaluation, including disciplinary action up to and including termination.

Technical
• Develops, implements, and maintains a comprehensive information security program encompassing staff education and awareness, incident reporting and investigations, compliance monitoring, and the resolution of information security violations.
• Develops, implements, and maintains information security policies, standards, procedures, educational material, and guidelines; ensuring policy and process align to legislated requirements and applicable regulatory standards that affect information security.
• Assesses effectiveness of related policies, guidelines, and procedures in practice while recommending improvement opportunities.
• Reviews and approves information security risk assessments, develops risk mitigation strategies where required, and escalates to senior management/leadership when appropriate.
• Monitors external media, recognized cyber-security governance bodies, and other related information sources for potential information security threats and develops risk mitigation strategies.
• Approves changes to existing procedures for managing data and systems access controls.
• Supports and advises HR and IH management for litigation requirements related to violations of information security or policy.
• Formulates plans and collaborates with various partners to ensure the integration of information security is inserted into the design, business practices, and supporting information infrastructures within IH.
• Functions as a liaison between Digital Health, internal, and external parties in order to resolve complex and/or sensitive issues.
• Represents IH on various provincial Health Sector and related committees in support of information security.
• Develops and fosters strong relationships with colleagues in other organizations and associations ensuring information security standards and best practices are adhered to.
• Serves as an information security consultant to IH.
• In alignment with IH’s Occupational Health & Safety Program, maintain a healthy and safe work environment through complying with and implementing applicable Occupational Health and Safety Regulation, responding to requests from WSBC, identifying hazards and communicating risks, ensuring compliance with employee training, conducting effective incident investigations and implementing required corrective actions.
• Performs other related duties and projects as assigned.

Qualfications
Honouring Interior Health’s commitment to Truth and Reconciliation and the Declaration on the Rights of Indigenous Peoples Act (DRIPA), and Pursuant to Section 42 of the BC Human Rights Code, preferential consideration and/or hiring will be given to qualified applicants who self-identify as Indigenous (First Nations, Métis, or Inuit).

Education, Training, and Experience
• A Bachelor’s degree in Health Information Science, Computing Science, or a related discipline.
• Seven to ten years of information management and technology experience in a complex business environment (preferably healthcare), including responsibility for IMIT operations at an enterprise level.
• Or an equivalent combination of education, training, and experience. (e.g., comprehensive experience of information security principles, standards, and/or related information security certifications).

Skills and Abilities
• Detailed understanding of the function, process, and integration of information technology in a healthcare environment, with excellent analytical and problem-solving abilities.
• Demonstrated interpersonal and relationship-building skills, with the ability to provide leadership to a diverse team and interact comfortably with a variety of disciplines at all levels of the organization and to clearly present a message to a variety of audiences.
• Demonstrated ability to develop, implement and deliver education and training programs/initiatives.
• Demonstrated ability to develop and implement projects, programs, plans, and change management theory.
• Comprehensive knowledge of applicable information security standards, practices, regulations and a solid understanding of issues related to health information protection.
• Demonstrated strong facilitation and negotiation skills.
• Ability to develop and implement strategic plans, policies, procedures, and standards.
• Ability to exercise tact, good judgement, and confidentiality.
• Physical ability to perform the duties of the position.