Hospital  >  Careers  >  Employment Opportunities

Job postings: Non Union

Security Analyst - Information Services - Regular Full Time (210946)

Toronto, ON, CA Posted: 5/6/2022 9:01:18 AM

We currently have a Regular Full-time opportunity for a Security Analyst in the Information Services department at our Bayview campus.

Hours of Work:

Weekdays: Days; 8hrs; as per schedule

On Call Required; Statutory Holidays Required

Summary of Duties

Reporting to the Manager, Information Security, the Information Security Analyst is responsible for information technology risk assessments, vulnerability management, general information security program activities in support of our Information Security Program accountabilities.

Summary of Duties:

  • Undertake security threat and risk assessments in accordance with industry recognized standards, including the identification of administrative, procedural and technical control remediation items as required;
  • Review of TRAs or SOC reports which may be provided by 3rd parties in support of shared systems and services reviews;
  • Collaborate with and support other departments to identify security risks within their respective operational areas, make recommendations for appropriate security control remediation items and support the development of security process control improvements within those portfolios suitable for risk mitigation;
  • Monitor, review and respond on security events received from SOC and track through to resolution. Escalate issues that cannot be resolved within acceptable time frames;
  • Monitor for emerging threats, assess risks and recommend relevant controls and mitigation strategies;
  • Coordinate and perform both network and web application vulnerability assessments;
  • Review emerging security technologies and provide recommendation to enhance security of the infrastructure;
  • Work with the respective team to implement server and network device hardening;
  • Support security related projects;
  • Review IT security controls and processes for the new application and services to ensure proper technical security controls on systems and applications, and processes;
  • Work with external consultants as appropriate for independent security audits, incident response and risk remediation;
  • Manage security awareness training program and report key findings and recommendations;
  • Develop, manage and update, as required, information security policies and procedures;
  • Perform other related duties as assigned.


  • University Degree in Business Administration, Science or Engineering or equivalent;
  • Minimum 5 years of experience in an Information Security role;
  • Minimum 5 years of experience with administration of various security products such as Palo Alto, Cisco ASA and Juniper firewalls, VPN, McAfee DLP and endpoint protection, Microsoft SCCM, WSUS, Qualys and Tenable network and web application scanner, CIS benchmark;
  • Possess good understanding of vulnerability scan remediation, and management;
  • Strong understanding of IT Security concepts and best practices;
  • Superior written and oral communications, interpersonal and customer-service skills;
  • Demonstrated knowledge of and/or familiarity with standards and frameworks such as ITIL, COBIT, ISO/IEC 31000 series, ISO/IEC 27000 series, PCI, COSO, SOC 2;
  • Demonstrated experience in undertaking supervised security threat and risk assessments, preferably within a healthcare context, using an industry recognized framework equivalent to the Harmonized Threat and Risk Assessment (HTRA) methodology;
  • Certification in one or more IT governance or control standards such as ISC2 (e.g. CISSP), SANS, ISACA (e.g. CISM, CISA), PMI (e.g. PMBOK) or equivalent preferred;
  • Strong analytical, problem-solving and negotiation skills;
  • Excellent computer skills utilizing office productivity tools including email, word processing, database and spreadsheet applications;

Qualified candidates are invited to submit their cover letter and resume (in one document) quoting 210946 to:

Human Resources
Sunnybrook Health Sciences Centre

To apply, please click "Apply for Position" at the bottom of this page.

Sunnybrook Health Sciences Centre is committed to providing accessible employment practices that are in compliance with the Accessibility for Ontarians with Disabilities Act (AODA). If you require accommodation for disability during any stage of the recruitment process, please indicate this in your cover letter.

Sunnybrook Health Sciences Centre is strongly committed to inclusion and diversity within its community and welcomes all applicants including but not limited to: visible minorities, all religions and ethnicities, persons with disabilities, LGBTQ persons, and all others who may contribute to the further diversification of ideas.

Please be advised that in order to be eligible for employment at Sunnybrook, all new hires must have received the full series of a COVID-19 vaccine or combination of COVID-19 vaccines approved by Health Canada (e.g., two doses of a two-dose vaccine series, or one dose of a single-dose vaccine series); AND have received the final dose of the COVID-19 vaccine at least 14 days ago. Medical exemptions or any other kind of requested exemption based upon the Hospital’s obligations pursuant to the Ontario Human Rights Code will be considered on a case-by-case basis.